Intelligence Chair Warner: Cyber Reporting Bill May Get Public-Private Venture
Prompt private-sector reporting about cyber incidents is critical to allowing the U.S. to stay ahead of attacks like SolarWinds, FBI Director Christopher Wray told the Senate Intelligence Committee Wednesday in response to a legislative proposal from Chairman Mark Warner, D-Va., and Sens. Susan Collins, R-Maine, and John Cornyn, R-Texas (see 2103040066).
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Legislators might have a “partial response” coupled with “appropriate liability protections” and some level of mid-incident reporting, said Warner. Victims could report to an entity that includes both public and private representatives, he said. Cornyn asked witnesses if requiring victims to notify the government in a confidential setting is a “good idea” that would help officials do their jobs.
One company notifying the government promptly means the U.S. can get ahead of an attack and prevent exposure to the next victims, said Wray. Public-private partnerships are a cyber issue that needs to be solved, he said. Public-private information sharing is a key component to understanding intrusions, said NSA Director Paul Nakasone. The NSA isn’t seeking new authority to address vulnerabilities like those seen with SolarWinds, he told Sen. Richard Burr, R-N.C. But with adversaries increasing the scope and sophistication of their attacks, there are blind spots, he said.
There’s concern the government’s response is to just throw more money at the companies that sold the U.S. insecure products in the first place, said Sen. Ron Wyden, D-Ore. He also raised concerns about a suggestion from officials that the SolarWinds response was impeded by the need to obtain search warrants to surveil the “domestic internet.” He noted the government has the authority to virtually scan all data entering and exiting government networks, but officials didn’t detect SolarWinds. Before seeking new power, officials first should work together to shore up government networks, said Wyden.
Many believe the U.S. has been “asleep at the switch” on 5G, with China and Huawei rising in power, said Warner. Sen. Ben Sasse, R-Neb., called the long-term technology race with China the single biggest national security threat. Burr said there has never been an issue that deserves the response of the entire intelligence community like 5G. Warner asked how the intelligence community can better monitor China.
China is increasingly catching up and testing U.S. leadership, not just with 5G tech but across sectors, said National Intelligence Director Avril Haines. Like Wray, she recommended strengthening partnerships with the private sector, suggesting legislation. About 90% of critical infrastructure is in the hands of the private sector, noted Wray. Tech competition is at the core of the U.S. relationship with China, said CIA Director William Burns. He noted that about one-third of officers are focused on cyber and technology.
Social media has become the key for domestic extremists and foreign malign influencers to amplify their messages, Wray told Sen. Michael Bennet, D-Colo. Internet users have a responsibility to become better attuned and discern what’s misinformation, he said. Bennet initially suggested users should be more vigilant.