Lawmaker SolarWinds Concerns Spill Over in Week of Defense Hearings

Throughout a series of Hill hearings covering various defense topics—the future of budgets, security threats and emerging technologies—anxiety over cyberspace in the wake of the SolarWinds incident has permeated proceedings, leading lawmakers to ask witnesses what the government can do to secure what has become a locus of national security activity. 

As the 117th Congress gets rolling on legislative activity, experts told lawmakers to focus on “what we really care about”: technological security. Last week, Todd Harrison, the director for defense budget analysis at the Center for Strategic and International Studies, testified before the House Appropriations defense subcommittee that even in a circumstance where top-line Defense Department budgets might decrease, investments in cybersecurity and attack capabilities should be prioritized. 

“I think it's also important that these are areas that need to be addressed in a strategically focused roles and missions review,” Harrison said, adding that cyber and space are not traditional operating domains. “I don't think we have clear allocation of roles and responsibilities in these areas to ensure we don't have gaps or redundancies across the services.”

Another witness, the Brookings Institution’s Thomas Wright advised the Senate Armed Services Committee Tuesday to reconsider how it thinks of burden-sharing with regard to the North Atlantic Treaty Organization. NATO could help the U.S. counter China on a critical frontier: 5G. 

Former President Donald Trump was well-known as a NATO critic, often advocating for allied nations to go beyond the requirement to spend 2% of gross domestic product on defense. While Wright said burden sharing is important, he suggested it would be more effective to push NATO allies to focus on the technology. 

“If they, for instance, are willing to not go with Huawei on 5G technology, make really costly investments to strip that out, maybe, of their 4G networks and to invest in sort of democratic solutions to that sort of technology problem, I think we should give them credit for that,” Wright said. “We should count that as part of that sort of long-term effort for them to be more competitive.”

Wright also said NATO could help in major cyber incidents like SolarWinds. A NATO-wide SolarWinds response would be appropriate, he said. Wright has co-authored a forthcoming book about the pandemic and the world order with Colin Kahl, President Joe Biden’s nominee for undersecretary of defense for policy. Kahl will face the Senate Armed Services Committee for a nomination hearing later this week. 

At the same hearing, former National Security Advisor H.R. McMaster emphasized government integration as the key to improving U.S. cyber deterrence. McMaster commended both Gen. Paul Nakasone, who leads U.S. Cyber Command and the National Security Agency in a dual-hatted role, and the Cybersecurity and Infrastructure Security Agency—specifically, former director Chris Krebs—as critical leaders in this effort. 

“I think that sometimes, you know, the government gets it right and they put the right person in the right job,” McMaster said. “And I think that's Gen. Paul Nakasone right now.”

But if the cyber landscape has evolved to become a main environment for warfare necessitating priority investment across government, U.S. actions to respond haven’t worked so far—at least according to Sen. Richard Blumenthal, D-Conn., who has pushed the subject, including in the Tuesday hearing. 

“We have sanctioned our adversaries, we've indicted their hackers, and engaged in cyber operations to stop their attacks,” Blumenthal said. “But clearly, none of it has worked to deter those kinds of attacks.”