In a contentious nomination hearing, Colin Kahl called for a whole-of-government approach to technology.
In between heated questions from Republican senators about tweets and arguments over the 2015 Iran nuclear deal, President Joe Biden’s pick for undersecretary of Defense for policy called for a layered approach to tackle growing threats in the cyber realm.
Colin Kahl, who previously served as deputy assistant secretary of defense for the Middle East and national security adviser to Biden during the Obama administration, testified before the Senate Armed Services Committee Thursday regarding his nomination for the Pentagon’s top policy position.
Throughout the hearing, Republican senators including Sen. Tom Cotton, R-Ark., who presented some of Kahl’s tweets on poster boards, attempted to paint Kahl as prohibitively partisan. Sen. Tim Kaine, D-Va., also said the continuous questions from senators on the Joint Comprehensive Plan of Action, which Kahl supports, is “a proxy for a sharp difference of opinion in this committee, in Congress about the wisdom of the JCPOA.”
But peppered within these two high-profile lines of debate were questions about technology and cybersecurity in the wake of the SolarWinds incident, which Kahl called a reminder of the “vulnerability” that exists across the U.S. government. In his testimony, Kahl voiced support for the defend forward position articulated in the Defense Department’s 2018 cyber strategy as well as the work of the Cyberspace Solarium Commission.
Kahl also said because the pandemic has forced so much activity online, he fears the potential attack surface has grown “substantially” over the last year, calling it an issue of foremost importance for the entire government necessitating a government-wide technological policy to keep the U.S. on the cutting edge.
“We need a mix of deterrence by punishment—that is the ability to retaliate in cyberspace and other domains against those who attack us,” Kahl said. He later added this can include actions in cyberspace but also activities like sanctions and diplomatic isolation. “We have to be able to defend our networks. Almost as important we have to be able to quickly rebuild our networks so that that resilience itself is a deterrent against actors who think they can gain by taking those networks down, and we have to work with allies and like-minded states on norms and rules of the road around cyberspace so that malign actors pay real costs internationally, multilaterally when they engage in harmful activities.”
In response to a question from Sen. Mark Kelly, D-Ariz., Kahl said the U.S. must also prioritize investments in other emerging technologies that will “determine the strategic competition for the rest of the century.” Kahl again emphasized the necessity of a whole-of-government approach.
“We are in the process of the digitization of everything, right, we are literally seeing zeros and ones turned into living beings and beings turned into zeros and ones through things like synthetic biology,” Kahl said. “Quantum computing is going to revolutionize a whole array of issues with implications for national security, hypersonics, directed energy … so I think as we craft our national defense strategy, and then form a budget around that, we have to be prioritizing investments in these areas because we know that China is.”
The nomination hearing came after a week of substantive hearings before SASC and other Congressional committees highlighted concerns that the U.S. lacks clear red lines in the cyber realm designating what kind of actions require what kind of response. The Cybersecurity and Infrastructure Security Agency on Wednesday also published an emergency directive ordering all federal agencies to track and capture data related to all on-premises Microsoft Exchange Servers and investigate whether they’ve been compromised or immediately disconnect such instances from their networks after Microsoft flagged vulnerabilities it believes are being exploited by a state-sponsored group originating in China.
The Biden administration on Wednesday also provided more details showing where cyber fits into the administration’s national security viewpoints. The White House released Biden’s Interim National Security Strategic Guidance. The 24- page document includes “cyber and digital threats” among the “profound dangers” faced by the U.S.
“As we bolster our scientific and technological base, we will make cybersecurity a top priority, strengthening our capability, readiness, and resilience in cyberspace,” the document reads. “We will elevate cybersecurity as an imperative across the government. We will work together to manage and share risk, and we will encourage collaboration between the private sector and the government at all levels in order to build a safe and secure online environment for all Americans.”