Senator says legislation is moving forward to thwart intellectual property theft from China and defend federal networks from cyberattacks.
The FBI’s new strategy to establish costs for entities perpetrating cyberattacks will include supplying intelligence to the Department of Defense and related intelligence agencies to carry out offensive cyber operations, the director of the bureau told members of Congress.
“An important part of fighting back against our foreign adversaries in the cyber realm is offense as well as defense,” FBI Director Christopher Wray said testifying before the Senate Homeland Security and Government Affairs Committee Thursday during an annual hearing on worldwide threats to the homeland. “That’s a big part of this new FBI strategy that I rolled out.”
The strategy, which Wray announced Sep. 16 during the Cybersecurity and Infrastructure Security Agency Summit, is to “impose risk and consequences on cyber adversaries.”
Wray also pointed to a recent escalation of indictments against alleged cyber criminals, including those the FBI has tied to the governments of China, Iran and Russia during investigations where it sometimes partnered with CISA and the Treasury Department.
Wray added the cyber offense component in response to a question from Sen. Mitt Romney, R-Utah. “I think we can agree the best defense is a good offense,” Romney said, asking whether the government is doing enough on that front.
“Sometimes, the way to maximize impact is through law enforcement action that we would take, sometimes it’s through sanctions,” Wray said. “But sometimes it’s through offensive cyber operations, and we are very focused on making sure that intelligence and information that we develop through our investigative work is shared with our partners to enable their operations offensively, so through our national cyber investigative joint task force we’re much more effective in partnering with the relevant [intelligence community] and DOD agencies on that.”
The Defense Science Board, a panel of public and private entities that advises DOD, recently released an executive summary of its recommendations for “the future of U.S. military superiority.” It meshes with Wray’s comments.
“The Department, along with its stakeholders at the whole-of-government level, needs to be more aggressive in the Gray Zone and treat every action as a campaign to deter competitors from behavior counter to U.S. objectives,” the document reads, noting a need to expand cyber capabilities to combat great power competition in areas such as “undermining elections, malicious use of social media, and employing unfair business practices globally.”
Wray was not opposed to more resources being put toward augmenting the FBI’s abilities in the field.
“I think obviously it’s a growing area and we’re getting more sophisticated all the time, and you will never find an FBI director that wouldn’t welcome more tools,” he said. “But I do think we’re moving in the right direction, and I think you’re right to raise the issue.”
Responding to Sen. Rob Portman, R-Ohio, Wray reiterated comments about China presenting the most comprehensive threat to U.S. democracy, innovation and economic security.
He welcomed bipartisan legislation Portman said has “gone to the floor in the sense that it’s part of a proposal by Sen. [Mitch] McConnell” that would make failing to disclose foreign ties in federal grant applications a criminal offense. The Safeguarding American Innovation Act cleared committee July 22.
Portman also hinted at legislation to address what he said was a failure of federal agencies in implementing the Federal Information Security Modernization Act.
“I’m very concerned about FISMA implementation at some of our federal agencies,” he said, directing his comments to Homeland Security’s Kenneth Cuccinelli. “They’re just not doing it. We’re going to get some legislation on that but we’ve got to work together to put the firewalls in place more effectively.”
Testifying before the House Oversight Committee in July, Rep. Mike Gallagher, R-Wisc., who is co-chair of the Cyberspace Solarium Commission, noted a dramatic imbalance between resources devoted to offensive cyber operations, in comparison to those spent on cyber defense.