ICYMI: Homeland Republicans Underscore the Importance of Strong Public-Private Sector Partnerships to Deter Cyber Threats

WASHINGTON, D.C. -- This week, the Subcommittee on Cybersecurity and Infrastructure Protection, led by Chairman Andy Ogles (R-TN), convened a hearing to examine how the federal government and private sector can more effectively partner to build up a proactive, coordinated, and forward-leaning cyber posture. Homeland Republicans and witnesses agreed that as foreign adversaries increasingly weaponize cyber capabilities, the United States must take decisive measures to safeguard its critical infrastructure through both defensive and offensive action.

Witnesses included Joe Lin, co-founder and chief executive officer at Twenty Technologies; Emily Harding, vice president of defense and security department at the Center for Strategic and International Studies; Frank Cilluffo, director at the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University; and Drew Bagley, chief privacy officer at CrowdStrike.

In his opening testimony, CrowdStrike's Drew Bagley made multiple recommendations to better address cyber threats, including leveraging emerging technologies, improving defense coordination, and ensuring the Cybersecurity and Infrastructure Security Agency (CISA) can succeed in its core mission:

"I recommend the following: First, public and private organizations must take reasonable actions to defend themselves with a focus on threat hunting and identity security. Second, the cybersecurity community should radically increase the operational tempo of malicious infrastructure disruptions and take downs. Given its stakeholder engagement functions, CISA should be central to coordinating public and private actors to this end. Third, federal law enforcement, along with Title 10 and Title 50 entities should work to increase deterrence. Finally, we must defend AI systems and leverage AI to defend enterprises."

Subcommittee Chairman Ogles asked the panel what policies Congress should prioritize in order to empower the private sector to play a more direct role in deterring cyber adversaries, to which Mr. Lin testified:

"The ability to use law enforcement authorities in combination in concert with Title 18, Title 10, and Title 50 is absolutely critical. But number two. I think what needs to shift here is a mindset, not just around doing episodic one-off operations of disruption, which are important and critical and can be successful, have been proven to be successful… But what does it take to match the speed and scale of our adversaries, to match the scope of what it is that they're conducting against us?"

Subcommittee Chairman Ogles then asked about the difference in deterring intelligence operations and disruptive operations in cyberspace, to which Ms. Harding testified:

"Ideally, yes, you'd be able to establish deterrence in an intelligent sense, and you'd be able to say, 'okay, if you penetrate our networks, then you will feel consequences for that.' It also is sort of a normal spy versus spy tit-for-tat. A very clear distinction, however, is between the Salt Typhoon kind of activity and the Volt Typhoon kind of activity. There is zero intelligence value in penetrating water networks, power networks--especially around military bases. That is there for one reason and one reason only: to disrupt the United States military in the case that we had to deploy suddenly."

House Committee on Homeland Security Chairman Andrew Garbarino (R-NY) asked about the evolving role of CISA and what policies are needed to strengthen America's cybersecurity strategy, to which witnesses testified:

Mr. Lin: "We have to start thinking about cyber as a core element of multi-domain operations. So, when HSI is conducting investigations, they should have the ability, the authority, the resources needed to be able to leverage cyber capabilities as part of their work. When Coast Guard is conducting missions, given their unique authorities--as my panelists have said--they should be able to leverage. They should have the capabilities and the toolsets needed to be able to leverage cyber, offensive cyber, as part of their core responsibilities."

Mr. Cilluffo: "I think there are some authorities and some protections that are needed. Firstly, WIMWIG [the Widespread Information Management for the Welfare of Infrastructure and Government Act], you've got to get that over the goal line. That is essential. You can't trust--the government is going to lose all confidence in the private sector if we can't even get the basics. Imagine kicking us back a decade. That's what we're looking at here. That's unacceptable. So thank you for your leadership there. But I think just as importantly, you do need to also look to what that combined operation could look like from a collaboration standpoint, not industry on its own--in conjunction with government."

Rep. Vince Fong (R-CA) asked about how Congress can help build up the future cyber workforce and remove barriers that hinder information sharing, to which witnesses testified:

Mr. Lin: "What you alluded to is spot on, which is that these days, private sector companies, especially those in the cybersecurity domain, have extraordinary global sensor networks that rival those of even other signals intelligence agencies. And so, it makes enormous sense for there to be very robust information sharing bidirectionally. And it has to be bidirectionally. We have to make it possible, easy, and we have to encourage private sector companies to share what their sensors are seeing, as holistically as possible with our intelligence agencies, and vice versa."

Mr. Cilluffo: "I think the Committee itself should be applauded for the PILLAR Act and PIVOTT. I mean these are essential to be able to move forward, but I think to your point earlier, it's not just the traditional route--learning in a classroom--you need to give students opportunities to be in applied environments where they're actually engaged… I think looking to ways where we can build co-ops, we can build new opportunities with both industry and government that will be absolutely essential for success."

"We've got to move beyond information sharing to operational collaboration. Until we get to that stage, we're always going to be marching into the future backwards. That is always, by definition, reactive. We need to get to the point where it's combined, you're in the same foxhole, and you're fighting the same fight, and you build the trust, which is everything."

Subcommittee on Transportation and Maritime Security Chairman Carlos Gimenez (R-FL) asked about how adversarial nations work with malicious cyber actors to profit from cyber warfare, to which Ms. Harding testified:

"In the sense of China, we are seeing more sort of popping up of criminal networks that seem to be government people who are moonlighting on the side at night doing criminal activity. But China's pretty locked down. They like to control their people and what they're doing. So, it's sort of a tight ship that they run. Russia, on the other hand, is a very different story… There's kind of a deal that happens between a lot of Russian criminal networks and the Russian state, where the Russian state says, you're going to operate outside of Russia, you're going to make life hard for our adversaries. We're going to ignore the criminal activity that you're doing and allow you to operate… There's probably some interesting work to be done following the money there."

###