The federal government needs to be prepared to "engage in offensive measures, if required," a deputy general counsel said.
The Senate Armed Services’ cyber subcommittee wants the Defense Department to be ready for offensive cyber operations and to recruit supporting talent.
The federal government needs to be prepared to "engage in offensive measures, if required," SASC Deputy General Counsel Samantha Clark said on a panel Tuesday at the Executive Women’s Forum Cybersecurity Women on Capitol Hill Day. The subcommittee, chaired by Sen. Mike Rounds, R-S.D., has been exploring which legal authorities would allow DOD to do that, she said.
Another challenge the subcommittee is working through are ways to recruit much-needed personnel. The group is trying to identify the appropriate ratio of contractors and permanent personnel while also absorbing commercial talent through public-private partnerships and finding ways to let professionals flow seamlessly move in and out of the government.
Lawmakers have also discussed ways in which the National Guard staff members might be deployed to states—for example, if the New York Stock Exchange was targeted in a cyberattack—in addition to their federal duties.
Another discussion has centered on tapping “those hotspots in California, New York, Austin," whose concentration of tech talent might be more drawn to the civilian missions, she said. One approach might be to ask young techies, "how would you like to spend your weekend doing some really cool secret … government stuff?"
Defense laboratories have used public-private partnerships to send DOD personnel to the private sector for brief stints, tasking them with collecting "best practices" and bringing them back to the Pentagon. That strategy is often used for acquisition staff, but the department could use it more broadly for cybersecurity.
"We have to have a cyber plan, we have to have a strategy in place," Clark said. "We can't wait for a catastrophic event."