Intelligence leaders outline challenges associated with responding to foreign cyberthreats during Senate hearing

Addressing cybersecurity vulnerabilities should be a priority for the new administration, but the rapidly-changing cyber environment makes it difficult to assess blame for foreign-led cyberthreats and take actions that will deter future attacks, intelligence leaders and senators said today during a committee hearing on the subject.

“Cleary, cyber will be a challenge for the U.S., the intelligence community and our national security for the foreseeable future, and we need to be prepared for that,” Director of National Intelligence James Clapper said during the hearing, which was webcast. “Adversaries are pushing the envelope, as this is a tool that doesn’t cost much and sometimes is hard to attribute.”

Clapper declined to address details of the intelligence report that will be released tomorrow about Russian hacks that many believe influenced the November presidential election. Clapper asserted that no vote tallies were altered, but the report will reveal that “there’s more than one motive” for Russia to launch a “multifaceted campaign” to influence the election.

Sen. John McCain (R-Ariz.), chairman of the Senate Armed Services Committee, said the Russian activity should not be tolerated.

“Every American should be alarmed by Russia’s attacks on our nation,” McCain said during the hearing. “There is no national-security interest more vital to the United States of America than the ability to hold free and fair elections without foreign interference. That is why Congress must set partisanship aside, follow the facts, and work together to devise comprehensive solutions to deter, defend against, and, when necessary, respond to foreign cyberattacks.

“As we do, we must recognize that the recent Russian attacks are one part of a much bigger cyber problem.”

McCain noted several high-profile cyber-related issues in recent years, from China breaching more than 20 million background investigations at the Office of Personnel Management (OPM), Iran’s cyberattack on a dam near New York City, and North Korea’s high-profile cyberattack against Sony Pictures in 2014.

“What seems clear is that our adversaries have reached a common conclusion: that the reward for attacking America in cyberspace outweighs the risk,” McCain said. “For years, cyberattacks on our nation have been met with indecision and inaction. Our nation has had no policy, and thus no strategy, for cyber deterrence.

“This appearance of weakness has been provocative to our adversaries, who have attacked us again and again, with growing severity. Unless we demonstrate that the costs of attacking the United States outweigh the perceived benefits, these cyber threats will only grow.”

Clapper echoed the sentiment in the case of Russia’s actions during the U.S. elections.

“There’s a threshold of behavior that’s unacceptable, and somehow that needs to be conveyed,” he said.

Clapper also offered that Russian activity during the election should be viewed differently than China’s role in breaching the OPM database.

“[The OPM breach] was not an attack, per se,” Clapper said, noting that “people who live in glass houses shouldn’t throw publicly too many rocks,” referencing the U.S. government’s cyber-related activities.

“I think there is a difference between an act of espionage—which we conduct, as well, and other nations do—versus an attack.”