Apr 14 2021
Washington—During a public hearing of the Senate Intelligence Committee today focused on worldwide threats, Senator Dianne Feinstein (D-Calif.) questioned intelligence community leaders about cyber security threats to the nation.
General Paul Nakasone, director of the National Security Agency, acknowledged that America’s chief rivals, including China, Russia, Iran and North Korea, are becoming more advanced in their cyber attacks. He said the United States must improve both the security of our critical infrastructure as well as cooperation between the private sector and government agencies.
“To bluntly answer your question, our adversaries continue to get better at what they’re doing,” General Nakasone said. “I would also tell you, though, that we are also working very, very holistically across our government to improve two things: our ability to have resilience in that infrastructure and our ability to respond.”
FBI Director Christopher Wray agreed with the need for better public-private cooperation.
“We need in every instance those companies to be stepping forward promptly, reaching out to government, so that we can prevent the threat from metastasizing across the rest of the industry,” Director Wray said.
Video is available on YouTube here, and high-resolution video is available for download here. A full transcript of the back-and-forth among Senator Feinstein, NSA Director Nakasone and FBI Director Wray follows:
Senator Dianne Feinstein: “You note, in your statement for the record, that China, Russia, Iran and North Korea have the ability right now to conduct cyber attacks on critical infrastructure and cause temporary disruptions.
“Additionally, in 2019 you provided examples including China’s ability to disrupt natural gas pipelines for a day to weeks, and Russia’s ability to disrupt our electrical distribution networks for hours. So here’s the question: Is this problem getting better or worse? Are our adversaries more capable of threatening our critical infrastructure today than they were two years ago?”
NSA Director Paul Nakasone: “Senator, thank you very much. In terms of our critical infrastructure, our 17 sectors of critical infrastructure, to bluntly answer your question, our adversaries continue to get better at what they’re doing. I would also tell you, though, that we are also working very, very holistically across our government to improve two things: our ability to have resilience in that infrastructure and our ability to respond. And we have made progress there.
“But there is, as we’ve seen over the past two intrusions, the scope, scale and sophistication of our adversaries today that makes us take notice. And we as a nation must take notice of what our adversaries are doing. And so cyber security for us is national security and we continue to work at it every single day.”
Senator Feinstein: “What would you tell the chief executive officers and chief [information] security officers at our critical infrastructure companies. What actions should they take? What type of investments do they need to make now?”
General Nakasone: “Senator, I think the first thing is the threat is real. And I don’t think I have to say that very often because the chief executive officers and the CISOs know that today. But I think the second piece is that there is no one industry and one sector of our government that’s going to be able to provide us the defenses necessary for our nation.
“This is a team sport. And so this has to be done public and private. This has to be done between the intelligence community, obviously DHS, DOD, FBI and Justice. This is really the key piece of our way forward, which is teamwork. And I would say that we’ve learned that from our elections as well, and I would offer, Director Wray, your thoughts on that.
FBI Director Christopher Wray: “I think you’ve put your finger, senator, on the key element of the challenge. The private sector is central to this. Ninety percent of the country’s critical infrastructure is in the hands of the private sector. And it’s important to think of cyber security not as a single event but as a campaign. These are no longer a question of if an institution is going to be compromised but when.
“So the more important question if I were talking – and I often am talking – to CEOs and CISOs is to focus their cyber security, more than they have in the past, inwardly. The key is how fast you detect the compromise and how fast you remediate it. And then secondly, the importance of reaching out and coordinating with government – public-private partnership – is at a premium.
“Because we often use in the threat context the expression “left of boom” – you know we all want to get left of boom – well in the cyber arena, one company’s right of boom is left of everybody else in the same industry’s boom. And so we need that first company – and someday you’re going to be the first company if you’re a CEO, someday you’re going to be the second or third or fourth company – we need in every instance those companies to be stepping forward promptly, reaching out to government, so that we can prevent the threat from metastasizing across the rest of the industry.”
Senator Feinstein: “Let me ask this follow-up: What investments does the IC need to make? What steps do you need to take in order to change this sort of status quo?”
Director Wray: “Well I think we’re working more and more closely than ever across the IC on the issue, and so that level of partnership and integration is going well and continues to improve and is important. But I think the bigger piece is more and more public-private engagement between the IC and the private sector. And I know that there has been discussion about different ways to incentivize the private sector to come forward more quickly and promptly and fulsomely and I think those are key to our future on this issue.”