The director of National Intelligence described a “race for technological superiority” in the cyber wars while intelligence leaders expressed concern about ensuring “less sophisticated” small companies are up to speed on current cyber threats.
“Cyber is clearly the most challenging threat factor this country faces,” Senate Intelligence Committee Chairman Richard Burr (R-N.C.) said at a Tuesday hearing spanning a range of worldwide threats. “It’s also one of the most concerning, given how many aspects of our daily lives in the United States can be disrupted by a well-planned, well-executed cyber attack.”
Vice Chairman Mark Warner (D-Va.) noted that “in addition to this ongoing threat from Russia,” he’s “concerned that China has developed an all-of-society — not just all-of-government, but all-of-society — approach to gain access to our sensitive technologies and intellectual property.”
In paying a “great deal” of attention to China’s ascending tech sector, Warner said he’s particularly worried about “the close relationship between the Chinese government and Chinese technology firms, particularly in the area of commercialization of our surveillance technology and efforts to shape telecommunication equipment markets.”
“I want to ensure that the IC is tracking the direction that China’s tech giants are heading, and especially the extent to which they are beholden to the Chinese government,” he said. “…Most Americans have not heard of all of these companies. But, as they enter Western economic markets, we want to ensure that they play by the rules. We need to make sure that this is not a new way for China to gain access to sensitive technology.”
Director of National Intelligence Dan Coats warned that America’s adversaries, “as well as the other malign actors, are using cyber and other instruments of power to shape societies and markets, international rules and institutions, and international hotspots to their advantage.”
“We have entered a period that can best be described as a race for technological superiority against our adversaries, who seek to sow division in the United States and weaken U.S. leadership,” Coats said, warning that the country “is under attack by entities that are using cyber to penetrate virtually every major action that takes place in the United States — from U.S. businesses, to the federal government, to state and local governments, the United States is threatened by cyber attacks every day.”
The director singled out Russia, China, Iran and North Korea as posing the greatest cyber threats, but added that “other nation-states, terrorist organizations, transnational criminal organizations and ever more technically capable groups and individuals use cyber operations to achieve strategic and malign objectives.”
“Some of these actors, including Russia, are likely to pursue even more aggressive cyber attacks with the intent of degrading our democratic values and weakening our alliances. Persistent and disruptive cyber operations will continue against the United States and our European allies, using elections as opportunities to undermine democracy, sow discord and undermine our values,” Coats continued. “Chinese cyber espionage and cyber attack capabilities will continue to support China’s national security and economic priorities. Iran will try to penetrate U.S. and allied networks for espionage and lay the groundwork for future cyber attacks. And North Korea will continue to use cyber operations to raise funds, launch attacks and gather intelligence against the United States.”
Burr asked whether the intelligence community is “doing enough to warn the private sector of the threat that’s out there.”
“I think we are informing them as we become aware of it,” replied National Security Agency Director Adm. Mike Rogers. “But one of my concerns is we’re only going to see one slice of this picture. I’m also interested in — from the private sector’s perspective, tell us what you are seeing. If we can bring these two together, we’ll have such a broader perspective and much more in-depth knowledge of what’s happening.”
Burr asked if the NSA chief is “concerned at how this is going to become an increasingly challenging landscape” as “new tech firms emerge every day.”
Rogers said he is worried, and wonders, “How bad does this have to get before we realize we have to do some things fundamentally differently?”
“And, I would argue, if you look at the Internet of Things, you look at the security levels within those components — folks, this is going to — orders of magnitude,” Rogers added. “If we think the problem is a challenge now, we just wait, it’s going to get much, much worse — exponentially, from a security perspective.”
FBI Director Christopher Wray said the Bureau has “tried very hard to be more out and about in the private sector, in terms of providing what are almost like defensive briefings, so that some of the U.S. telecommunications companies, among other technology industry members, kind of can recognize the threats that are coming their way.”
“I’ve been pretty gratified by the response that we’ve gotten by most companies, once we’re able to try to educate them,” Wray told the committee. “I think one of the bigger challenges we face is that, because America’s the land of innovation, there’s a lot of very exciting stuff that’s happening in terms of smaller start-up companies. A lot of them are a lot less sophisticated about some of this stuff, and trying to make sure we’re touching those and educating them as well is a continuing challenge.”
“The reality is that the Chinese have turned more and more to more creative avenues, using nontraditional collectors, which I think we in the intelligence community recognize, but I think the private sector is not used to spotting,” the director added. “And so a lot of it is trying to educate them about what to be on the lookout for, and to have it be more of a dialogue.”
The NSA director observed that “many network and system operators do not truly understand their own structures and systems.”
“And so one of the things that I think is part of this is, how do we help those local, federal, state entities truly understand their network structure, what’s its potential vulnerabilities — and harness this information that the intelligence structure and other elements are providing them?” Rogers said. “It’s not necessarily an intel function, but I think it’s part of how do we work our way through this process.”
Sen. Tom Cotton (R-Ark.) emphasized “the threat that telecom companies, specifically Huawei and ZTE, but also Unicom and Telecom, pose to our country,” highlighting legislation he introduced with Sens. John Cornyn (R-Texas) and Marco Rubio (R-Fla.) that would forbid the U.S. government from using Huawei or ZTE, or contracting with companies that use the Chinese firms.
“And I’m glad that some companies like Verizon, AT&T, among others, have taken this threat seriously,” Cotton added. “Could you explain what the risk is that we face from ZTE and Huawei being used in the United States, especially here in this — in this public setting, the risk that companies, state governments, local governments might face if they use Huawei or ZTE products and services?”
Wray said the best way to describe it in an open setting would be to say the IC is “deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks.”
“That provides the capacity to exert pressure or control over our telecommunications infrastructure. It provides the capacity to maliciously modify or steal information,” the FBI director said. “And it provides the capacity to conduct undetected espionage. So, at a 100,000-foot level, at least in this setting, those are the kinds of things that worry us.”
Wray also praised the to-date response of large U.S. telecommunications providers as awareness is raised on the issue.
“But I also recognize that the competitive pressures are building, and so it’s something that I think we had to be very vigilant about and continue, as you all are doing, to raise awareness about,” he added.