The Obama Administration has had a rough time dealing with cyber security issues. On one hand, leakers such as Bradley Manning and Edward Snowden have put classified U.S. information in the public spotlight. One the other, foreign countries have stolen billions of dollars’ worth of technical information, and have likely developed the ability to digitally and physically threaten U.S. national security. On July 23rd, the House Subcommittee on Asia and the Pacific held a hearing titled, “Asia: The Cyber Security Battleground.” Chairman of the Subcommittee, Rep. Steve Chabot (R-OH), noted China’s cyber prowess, North Korean cyber-attacks, and Indian-Pakistan cyber competition. Further, he highlighted the high-level of dependence that the U.S., Japan, South Korea, and private enterprises have on cyber technology.
Witnesses at the hearing included McAfee VP and Chief Technology Officer, Dr. Phyliss Schneck; CSIS Director of Technology and Public Policy Dr. James Lewis; and Mr. Karl Rauscher, the Chief Technology Officer at the EastWest Institute.
Dr. Schneck’s opening remarks included details form the recent cyber-attack on South Korea dubbed “Dark Seoul.” McAfee lead the investigation, named Operation Troy, on these attacks, finding them to be a part of a four year long process, with the latest iteration the seventh variation of the first attack in 2009. It is part of McAfee company policy not to find the perpetrator, but to solely focus on defense. She advocated for a connected cyber defense that would be “similar to the human body.” Every computer in a network, she said, should be a consumer and producer of security information.
Dr. Lewis immediately criticized China’s cyber espionage activities. “While North Korean cyber activities are worrisome, China’s actions have a regional and global destabilizing effect,” he stated. He called on the American legislators to not only further engage with China on cyber issues, but for the U.S. and its Asian allies to work cooperatively on cyber defense. “The most important thing the U.S. can do increase stability is to reach an agreement on norms for responsible state behavior,” he said. “In June 2013, a 15 nation group of experts agreed on rules for cyber security. They agreed that the UN charter applies; international law applies; state responsibility applies; and that national sovereignty is applicable in cyber space.” He concluded with a call to both China and the U.S. to work toward resolving their cyber issues.
Mr. Rauscher stated in his opening remarks that he was focused on real tangible steps to improve cyber security. However, instead of actually presenting these recommendations, he highlighted how many governments and companies used EastWest recommendations and how many those have actually institutionalized the practices. Unlike his colleagues, much of Mr. Rauscher’s statements sounded more like an advertisement for his organization’s work.
Many of the questions presented by the representatives focused on how much influence the U.S. has in developing multilateral cyber initiatives. Dr. Lewis had the most pragmatic response and recognized that treaties were probably out of reach, but agreements to norms are very possible.
The panelists were in agreement that U.S. has the preeminent offensive cyber capabilities in the world. Interestingly, they also stated that the Russians were more sophisticated that the Chinese in this aspect. Dr. Lewis stated, “The reason the Russians are not in the news as much as China is because the Russians are better at it.”
The panelists were confident that future, effective domestic policy measures and multilateral cooperation could create a more stable cyber-security environment, in the near term.