The U.S. has no national vision or long-term strategic plan for cybersecurity. This is what Sen. Mark Warner (D-VA) told members of the Northern Virginia Technology Council (NVTC) this morning at The George Washington University. As Vice Chair of the Senate Select Committee on Intelligence, Sen. Warner sees the increasing cyber threats against the U.S. – and how delays in the security clearance process increase those risks.
Congress, Industry, and The Brave new world
The intelligence and defense communities have seen cyber threats and hitches in the security clearance process for years. But Congress has been a little slower on the uptake. Sen. Warner himself admitted that the security clearance backlog had caught his attention just in the past year. This backlog – in his opinion – is especially detrimental given the lightning pace of technology. As more devices are connected to the web, the risk to our data grows exponentially. And yet, there are no minimum security regulations for web-connected devices.
Likewise, Russian interference with U.S. politics and social engineering through bots and troll accounts have taken a toll on the nation. Sen. Warner emphasized that Congress must set regulatory guideposts for social media. Introducing identity and content validation or geo-indicators of social media activity could help solve some of those issues. However, he also noted the free-speech and safety concerns of such measures. But these are the conversations that government and industry need to be having.
America has no Cyber Doctrine
Despite the rapid advance of technology and increased cyber attacks, the U.S. and the international community have not laid any ground rules for the cybersphere. Sen. Warner sees this as a major oversight, “Our nation has never had a cyber doctrine – and for near-peer adversaries like Russia and China, they’ve felt like it’s open season on the US.”
He believes Congress should establish a cyber doctrine akin to that of chemical weapons or landmine usage. This would clearly define what kind of cyber activities would invite retaliation. And on this count, he notes the Trump and Obama administrations have failed to draw a line in the sand with cyber peers like Russia and China.
Without established cyber rules of engagement, the U.S. has been reluctant to retaliate for fear of escalating conflict. As seen in the Senate hearings with Mark Zuckerberg, Warner’s colleagues in Congress are intimidated by the technological complexity of cybersecurity. While they’re just now seeing the threat, China and Russia have long understood that they’re in active cyber conflict with the U.S.
How Can the Background investigations process be fixed?
As cyber threats mount, U.S. government and industry must ramp up their efforts and their hiring to stay ahead of the enemy; the current backlog is preventing that. Obviously, the system’s problems are complex and a single failure could cause irreparable damage. Earlier this month, the senator introduced an amendment to the Fiscal Year 2019 defense budget to address America’s cyber weaknesses and problems with the background investigations process. As helpful first steps, the senator singled out:
- Reciprocity between agencies, industry, and contracts
- Ongoing examinations that would eliminate the necessity of painstaking re-investigations
- Virtual background interviews to maximize the number of interviews investigators can accomplish in a limited amount of time
- Penalizing states who do not share their criminal databases with the federal government (thereby slowing down the investigations process).
With regard to switching the background investigation process from Office of Personnel Management (OPM) to DoD, Sen. Warner was somewhat enthusiastic, saying it “probably makes sense.” However, he was quick to repeat Director of National Intelligence Dan Coats’ assessment that “the whole system needs replacing.”