Every sector of the United States government has likely been hacked at some point, according to the FBI, which has lent to “unprecedented” partnerships with private industry to protect financial interests targeted by “a wide range of cyber adversaries.”
Top cybersecurity officials in the federal government told a Senate panel on Wednesday that high-profile cyberattacks on major retailers such as Target and Home Depot have been a topic of major concern for the US Department of Homeland Security, the Federal Bureau of Investigation and other counterterrorism units.
“The bottom line is, we’re losing a lot of data, money and innovation” to cyber breaches, said Robert Anderson, executive assistant director for the FBI’s Criminal, Cyber, Response and Services branch.
Anderson added that “spies, transnational organized criminals, terrorists and hacktivist groups” are the four general categories of cyber opponents that pose challenges to US government interests.
“We’re engaging in an unprecedented level of collaboration” with industry, international law organizations and other government bodies, Anderson said. Intra-government collaboration to counter terror threats — a prime goal since the attacks of September 11, 2001 — is at its peak, opined other witnesses at Wednesday’s hearing.
Senate Tom Carper (D-Delaware), a chairman on the Senate Committee on Homeland Security and Governmental Affairs, echoed these sentiments, indicating that American domination — whether through Wall Street, the military or patent monopolies — are threatened by cyber enemies.
"We ... hear about actors in cyberspace that want to drain our bank accounts, shut down our financial system and our electric grid, steal our individually identifiable information and our identities, as well as the [research and development] that will enable American businesses and our military to remain pre-eminent in the world," Sen. Carper said.
Suzanne Spaulding, undersecretary of the Department of Homeland Security’s National Protection and Programs Directorate, told the committee that her department’s National Cybersecurity and Communications Integration Center (NCCIC) has addressed 600,000 cyber incidents this fiscal year.
In response, the NCCIC issued more than 10,000 actionable alerts to attack targets in efforts to aid their systems. In 78 instances, the NCCIC sent on-site teams to offer technical assistance, Spaulding said.
While protecting the commercial sector is a top priority, witnesses of the Senate committee’s hearing on threats to US security said the federal government has its hands full countering attacks on its vast agency networks.
The FBI’s Anderson said that any sector of the US government that believes it has not been hacked yet probably has, but did not realize it.
Anderson said that the FBI is committed to dealing out harsh punishments for malicious cyber actors. He referenced the recent indictments of Chinese citizens caught hacking US companies. Anderson’s vow that the FBI seeks punitive forms of retribution was praised by Senate members.
“I’m happy to see the FBI being aggressive on deterrence,” said Sen. Tom Coburn, the top Republican on the panel. “For so long, we thought building a higher wall was [the way to protect], but people are going to climb over any war we have. We need prosecutorial deterrence. I’m thankful of that attitude from FBI both domestically and internationally.”
Witnesses agreed that further data sharing between government and private partners must continually improve to enhance security.
Spaulding echoed other witnesses and panelists — and her boss, DHS head Jeh Johnson — when she said comprehensive cybersecurity reform legislation is needed to improve federal agency network security, to offer law enforcement the tools to fight cybercrime, to create a national data breach reporting mechanism and to outline and promote cybersecurity 'best practices' to protect critical infrastructure.
Meanwhile, witness Nicholas Rasmussen, deputy director of the National Counterterrorism Center, told the panel that "he would argue 'yes'" that former US government contractor Edward Snowden's leaks disclosing massive government spying throughout the world have degraded the federal government's intelligence gathering abilities.
"It's inarguable that the [data] collection environment we are in - and we rely on collection to try to get ahead of terrorist plots - it's inarguable that that collection environment is more challenging today than it was if we had not been dealing with these disclosures," Rasmussen said.
In July, the Senate Intelligence Committee approved the Cybersecurity Information Sharing Act by a vote of 12-3, marking the fourth time in four years that lawmakers in Washington tried to advance an “information sharing” legislation. It has yet to clear the full Congress.
“Cyberattacks present the greatest threat to our national and economic security today, and the magnitude of the threat is growing,” Senator Dianne Feinstein (D-California), a supporter of that bill, said following the committee’s vote. “Every week we hear about the theft of personal information from retailers and trade secrets from innovative businesses, as well as ongoing efforts by foreign nations to hack government networks. This bill is an important step toward curbing these dangerous cyberattacks.”