The importance of cybersecurity and the need for sound cybersecurity policies were highlighted at the confirmation hearing for former Republican Senator from Nebraska, Chuck Hagel, to be the next U.S. Secretary of Defense. Senator Hagel said that cybersecurity “represents as big a threat to security in this country as any one specific threat” and encouraged lawmakers to pass cybersecurity legislation. Hagel asserted that “cyber will be an area that we’ll continue to focus on and we must. It’s an area I will put high priority on if I‘m confirmed to be Secretary of Defense.”
In his prepared opening statement on Thursday, Hagel said the U.S. will need to work “hand-in-hand with our partners across the national security and intelligence communities, to confront [terrorism] and other threats, especially the emerging threat of cyber warfare.”
Hagel’s responses to the Senate Armed Services Committee advance policy questions repeatedly addressed cyber. Here’s a look at some of the relevant quotes:
Question 4: In your view, what are the major challenges confronting the next Secretary of Defense?
“In an ever changing world with both state and non-state actors developing non-traditional tools of war, the United States will be challenged by technological advancements that bring the battlefield to both space and cyberspace.”
Question 57: Do you agree that U.S. participation in the NATO Alliance contributes to advancing U.S. security interests?
“The Alliance must also continue to adapt to meet the new threats of the 21st century: cyber attacks, terrorism, proliferation of weapons of mass destruction, and regional conflicts.”
Question 87: Can the military services’ current personnel systems and practices produce and sustain the number of highly qualified cyber operators that CYBERCOM believes are required, especially in light of end strength reductions and declining budgets?
“Recruiting, training, and retaining military and civilian personnel needed for cyber operations will be a challenge.”
Question 88: Do you believe we are deterring and dissuading our adversaries in cyberspace?
“At this time, it appears that the United States has successfully deterred major cyber attacks. I expect that deterring and, if necessary, defeating such attacks will be a continued key challenge.”
Question 89: As the current Commander of the sub-unified CYBERCOM is dual-hatted as the Director of the National Security Agency (NSA), what are your views on the wisdom of having an intelligence officer serve as a unified combatant commander, rather than a line officer with broad training and command experience?
“My sense is that dual-hatting the commander of CYBERCOM and the Director of NSA has worked well to date. However, if confirmed, I will review specifics of the dual-hatted relationship and assess whether it should continue in the future. I recognize that NSA support is critical to CYBERCOM’s mission given the technical capabilities required to operate in cyberspace.
“In addition, I recognize that the CYBERCOM commander requires significant understanding of the intelligence community’s capabilities and processes to execute his or her missions effectively.
“My understanding is that the Department has made significant progress since CYBERCOM’s creation in 2009. This includes issuance of a comprehensive strategy for military operations in cyberspace. In addition, I am told that CYBERCOM is expanding its integration into the Department’s deliberate planning, and that the Chairman, with the approval of the Secretary of Defense, will issue a new set of rules of engagement governing all military operations, including cyber operations, in the near future.”
Question 90: Do you believe that China’s aggressive and massive theft of technology in cyberspace is a threat to national security and economic prosperity?
“I believe that the theft of intellectual property and other sensitive information threatens the United States’ military advantage and economic prosperity. If confirmed, I will work within the Department and with other departments and agencies to address this threat.”
What steps, if any, do you believe are needed to deter China from such activities in the future?
“I am not in a position to recommend specific policies, guidance, or changes to authorities at this time. I understand that the Department is enhancing its cyber defense programs and those of certain defense industrial base networks, as well as improving its ability to identify the origins of intrusion.”
Question 91: What is your understanding of the role of the Department of Defense in defending the Nation from an attack in cyberspace? In what ways is this role distinct from those of the homeland security and law enforcement communities?
“My understanding is that the Department of Homeland Security (DHS) has the lead for domestic cybersecurity. Thus, DHS coordinates national protection, prevention, mitigation, and recovery in significant cyber incidents. The Defense Department provides technical assistance to DHS when requested. The Department’s role is to provide the military forces needed to deter the adversary, and if necessary, act to protect the security of the country. This includes planning against potential threats to our critical infrastructure, gathering foreign threat intelligence, and protecting classified networks.
“I believe that the defense, homeland security, and law enforcement communities should work together, and with our private sector partners to improve network defenses, share information on cyber threats, and ensure swift response to threats when they manifest themselves.”
Do you believe that defending the homeland mission will require both offensive and defensive cyber forces and tools?
“My current view is that defending the homeland from cyber attacks should involve the full range of tools at the disposal of the United States, including diplomacy and law enforcement as well as any authorized military operations.”
This new mission will require substantial resources, including personnel. How do you envision generating these additional resources in the face of reduced budgets and declining end strength?
“The current fiscal situation will force hard choices across a range of priority missions, including cyber.”