WASHINGTON – At a House hearing on cybersecurity Thursday, Republicans criticized the White House’s response to cyber threats, saying that federal officials have failed to specify the consequences any attackers would suffer if they launched a cyberattack against the United States.
Several experts testified about the threat these types of attacks pose to U.S. national security during the hearing hosted by the House’s Foreign Affairs Subcommittee on Europe, Eurasia, and Emerging Threats.
The subcommittee’s chairman, Rep. Dana Rohrabacher (R-Calif.), said the U.S. could no longer depend on technology to prevent future cyberattacks.
“We cannot just rely on technology to defend against these types of attacks, we must use diplomacy to deter them by telling Beijing and others, in clear terms, that we will not allow their hacking without retaliation,” he said.
Reps. Tom Marino (R-Pa.) and Jeff Duncan (R-S.C.) made similar comments.
“If the NATO members get together and implement severe sanctions, do you really think that China and Russia will listen to us? I was in China and Russia not too long ago and brought up the issue with them and they didn’t like it. Actually, China acted like it wasn’t happening and Russia simply said ‘so what?’” said Marino.
Marino asked Christopher Painter, coordinator for cyber issues at the Department of State and the only government official testifying, if he could provide some examples of what the Obama administration is doing to make the issue of cyber threats a top priority.
Painter said that the administration conducted last year a National Level Exercise, the first one to focus on cyber threats, to explore how it would act in the aftermath of a catastrophic cyberattack on its infrastructure. In addition, Painter said that the U.S. is actively working with its close allies to increase collaboration on the issue.
“The U.S. government has challenged and persuaded other states to focus on cybersecurity as a critical policy issue. My office was the first of its kind in a foreign affairs agency, and since its creation, many countries have created similar positions and offices in their own foreign ministries as they recognize cyber as a new foreign policy imperative,” Painter said.
Painter said the U.S. has raised their concern to Chinese officials, most recently by President Obama during a call with the Chinese president last week. Painter added that even though the country has some talks with China on the issue, it is not yet a sustained dialogue.
“I’m sure that a sustained dialogue is going to really deter these fellows along with the proclamations of great concern. I asked a specific question about specific actions, and all I got was a list of words. I’m sure that words coming out of the mouths of [American officials] are terribly frightening to the Chinese,” Rohrabacher retorted sarcastically.
Richard Bejtlich, chief security officer at Mandiant Corporation, a computer security firm, said that the details they have analyzed during hundreds of investigations convinced them that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them.
Mandiant has tracked dozens of computer hacking groups around the world for nearly a decade. In particular, the security organization has followed the most prolific of these groups (named Advanced Persistent Threat 1, or APT 1), saying that the group has stolen hundreds of terabytes of data from at least 141 organizations.
“Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors. We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support,” Bejtlich said.