SAN FRANCISCO – The United States is losing ground against its adversaries as illustrated by reports of Russian and Chinese hacking of U.S. interests, and breaches against private companies such as Yahoo, said Rep. Michael McCaul (R-TX), chairman of the House Committee on Homeland Security, during a sobering talk at RSA Conference.
“To be brutally honest we are in a fight of our digital lives and we are not winning,” he said.
In a call for cooperation between the private and public sector, McCaul said that the Trump administration has a responsibility to work with Congress, the private sector and foreign allies to defend U.S. networks.
Threats, he said, include nation-state hacking, attacks against privately owned networks and also terrorists who have mastered social media and encryption to recruit and inspire attacks of the likes seen recently in Paris and Brussels.
“Faceless hackers are snatching our financial data and locking down access to our healthcare information. And terrorists our abusing encryption and social media to crowdsource the murder of innocent people,” he said.
He said offensive tools are outpacing those used on the defensive side. “Today, in some cases, the United States government is fighting 21st century threats with 20th century technology in a 19th century bureaucracy.”
Lastly, he warned that the U.S. is in danger of succumbing to same type of intelligence failings that contributed to the September 11 attacks. “There are similar information sharing challenges today compared to pre-9/11. We had all the information we needed to keep terrorists from attacking on that fateful day. But, we did not connect the dots the walls were up and we did not share the information,” he said.
“Gone are the days of Osama bin Laden when extremists used caves and couriers. Now we have a new generation of terrorists who are recruiting over the internet using virtual safe havens to escape detection and force propaganda,” McCaul said.
In addition to a call for increased cooperation, McCaul also called for the creation of a stronger consolidated security agency within the Department of Homeland Security. “We need to build on important laws we have passed over the years. This is an important step to standing up against cyber attackers,” he said.
A vital part of building a robust cyber defense included filling the U.S. cybersecurity labor gap that he said is already causing “major vulnerabilities.” McCaul plans to push the cybersecurity agency within the Department of Homeland Security to increase pay and create new education incentives in order to recruit cyber security professionals needed for U.S. government agencies, but also for U.S. businesses.
“America’s doors must stay open to high skilled workers who will contribute to our society and play an important role in our innovation economy,” he added.
One of the biggest challenges in keeping the U.S. safe was tackling controversial topics such as encryption. “Going dark” is a big challenge when it comes to fighting against terrorists that use end-to-end encryption, he said. “We can’t undermine encryption. It’s a bedrock of security. But at the same time we can’t allow ISIS to use the darkness of the web.”
He said there are no clear answers when it comes to balancing strong encryption and security. To that end, McCaul said he would be calling on top experts from academia, tech, civil liberties groups and law enforcement to create a commission to find solutions that balance digital security with national security. But, he said, the need to work with international partners was also vital.
“America should be engaging with our overseas partners to win the war in cyberspace – our NATO allies. Our nations have different privacy expectations, but we have got to figure out how to respect those differences and quickly because the attackers won’t give us the benefit of time,” he said.
Finally, he said the “digital atomic bomb” created via quantum computing was on the not-to-distant horizon. “The first nation to gain such capabilities will pose a serious threat to the entire world. The United States should lead a coalition of like-minded nations to prepare for the future and make sure we have the right cyber defenses when it comes,” he said.