US Lacks Coordinated Response Capability for Cyber Attacks

Members of the Senate Armed Services Committee, including its chair, Sen. John McCain (R-Ariz.), urged the varies federal departments to streamline operations and improve cyber defenses during a hearing on the topic on Oct. 19, 2017. Screenshot photo.

The federal government has made important strides toward improving cyber defenses, US government officials told the Senate Armed Services Committee Thursday, but the federal government remains unprepared for a significant cyber attack on the nation.

“It is clear we have more work to ensure we are ready for a significant cyber incident,” Kenneth Rapuano, assistant secretary of defense for homeland defense, told the committee. The 133 teams of the Department of Defense’s Cyber Mission Force will be fully operational in September of 2018, but “we must resolve seam and gap issues among various departments, clarify thresholds for DOD assistance, and identify how to best partner with the private sector,” Rapuano said.

“There’s a lot of work that needs to be done,” added Christopher Krebs, acting undersecretary for the national protection and programs directorate at the Department of Homeland Security. When asked if DHS has completed threat assessments for all 50 states leading up to the 2018 midterm elections, Krebs said, “I’ll have to get back to you on that.” Nonetheless, he said DHS has developed “recommended standards” for state election officials as well as “best practices” to guard against cyber attack.

Members of the committee said the problems stem from the lack of a unified national response to the cyber threat. “All of our witnesses answer to the Congress for their part of the cyber mission,” said Sen. John McCain (R-Ariz.), chairman of the committee, “but none of them is accountable for addressing cyber in its entirety.”

That responsibility lies currently with “the White House cyber coordinator,” McCain said. Rob Joyce, who serves in that role on the National Security Council, was invited to speak before the committee Thursday, but “the White House declined to have its cyber coordinator testify,” McCain said, “citing executive privilege.”

The White House’s refusal, while traditional for members of the NSC, rubbed many of the senators the wrong way. “I wish you would consider a subpoena to get the main witness,” Sen. Bill Nelson (D-Fla.) told McCain. “I think that has to be discussed in the committee,” McCain replied.

“The empty chair is outrageous,” added Sen. Claire McCaskill (D-Mo.). To the witnesses who did appear, she gave a stern warning. “If you all don’t begin a more seamless operation with clear lines of accountability and control, we have no shot against this enemy.”