Gillibrand Presses Nominee On Cyber Attack Threats: 'How Will You Approach Dettering A PRC Attack?'

2 months ago

Earlier this month, Sen. Kirsten Gillibrand (D-NY) questioned Department of Defense nominees on cyber espionage and intelligence leaks during a Senate Armed Services Committee hearing.

Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:

https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript

Stay Connected
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com

Transcript

00:00Thank you Mr. Chairman. Ms. Wilkerson, in light of Jack Teixeira's leak of classified intelligence

00:07and his reportedly violent and racist online behavior that went undetected during his

00:12background investigation, what suggestions do you have to reform security clearance investigations

00:16and to prevent such people from having access to classified intelligence?

00:21Good morning Senator. I am certainly aware of the fact that Airman Teixeira did plead

00:29guilty to an unauthorized disclosure and am aware that the Secretary did direct a 45-day

00:37security review. And so certainly if confirmed, I would be focused on continuing to implement

00:44the Secretary's direction to enhance security in depth and that really looks across the whole

00:50of the department and looks to also focus a culture of individual and collective accountability.

01:00Dr. Silmeier, CISA and the NSA and the FBI have put out a joint advisory on the PRC actors known

01:07as Volt Typhoon. They have noted that the choice of targets and patterns of behavior is not

01:13consistent with traditional cyber espionage or intelligence gathering operations. If this is

01:18more akin to preparation of the battle space, how will you approach deterring a PRC attack on U.S.

01:24critical infrastructure? Good morning Senator. I think I would approach this from two standpoints.

01:31First, we have to enable and act. The first step is we have to enable the partners, the actual

01:36owners of those systems who control the security. We have to empower them with better information,

01:42more precise threat information. But then we also have to act. We have to act abroad

01:46to defend forward and disrupt our adversaries by imposing costs in this domain.

01:52How would you empower them? Better information sharing first. Secondly, these publications that

01:59our government agencies do release provide technical specificity about changes that can

02:05be made in configuration to keep them better protected. That doesn't sound reassuring. In fact,

02:11if you are preparing for a battle space where an adversary was going to bomb our subway system,

02:16you would have actionable items that you were going to do, that the Department of Defense can

02:20do, that our intelligence community could do. But just because it's in cyberspace, you basically

02:27declare that domain an undefendable domain where you're going to offer best practices,

02:32where you're going to offer information, where you're going to give vendors more guidance.

02:37It sounds absurd if you put it in that context. Can you please give me a little more reassurance

02:42that if China decides that the battle space is cyber and they shut down our electric grid,

02:46shut down our energy supply, shut down our banking system, zero out bank accounts,

02:52shut down our food supply, shut down our water supply, shut down anything they feel necessary,

02:56such as airfields, such as electric grids that service our bases, I can't imagine that there'd

03:03be no response by the DOD but best practices. I agree, Senator. I can't imagine that either,

03:11and that's why I would focus more from the cyber command side on the act, on the cost

03:16imposition, but I would do that not just in response but in the prevention and disruption

03:20as well before it occurs. So can you discuss prevention and

03:26obstruction before and disruption before? Can you discuss that in this setting?

03:31What I can say in this setting, Senator, is that my focus on building combat power,

03:36which is really about the people, the technology, to be able to impose those costs,

03:42that's the overriding priority I would bring to the job if confirmed. We'd have to be able to

03:49bring the technical talent needed not just to recruit them but keep them on the hardest missions

03:54focused on the targets you're exactly mentioning for long enough periods of time to develop that

03:59mastery and expertise so that if the order is given to impose those costs to prevent and disrupt

04:05ahead of time, we're ready. So this year's NDA, we have a requirement in it asking you to create

04:12a plan to how you're going to protect the DOD's ability to project power from our bases, project

04:18power from all of our supply chain that's necessary for our Department of Defense to function

04:25effectively from a cyber attack. A lot of times when we request a report or a study or a plan,

04:34it is delayed. Do I have your commitment then when the NDA gives you directives to prepare a

04:40plan, prepare a report, you will do so on a timely basis? Yes, Senator. Top priority to be timely

04:47with you and if that means I've got to come up in person and give a personal briefing before the

04:52paperwork clears, I'll do it. Thank you. Thank you, Mr. Chairman. Well, thank you very much.

Gillibrand Presses Nominee On Cyber Attack Threats: 'How Will You Approach Dettering A PRC Attack?'

Category

Transcript

Recommended