Biden nominees highlight tough cyber security challenges

Senators warn government cyber security operations are in disarray

Military IT professionals in a server room

President Joe Biden's nominations for top defense, intelligence, and homeland security positions committed to reviewing and refining cyber security operations under the new government in hearings yesterday. They testified as senators slammed the government's performance in dealing with the recent SolarWinds attack that affected numerous agencies.

Senators held confirmation hearings for Alejandro Mayorkas, nominee for Secretary of Homeland Security; Avril Haines, who Biden has chosen as his Director of National Intelligence; and Lloyd Austin, who testified for his appointment as Secretary of Defense. Between them, they addressed various issues, including the SolarWinds hack, the need to bolster internal cyber security operations, and the structure of US military cyber space operations.

Mayorkas, who was Deputy Secretary of Homeland Security in the Obama administration before returning to private legal practice during the Trump years, said the US had to do "a much better job" on cyber security. 

The Department of Homeland Defense's Cybersecurity and Infrastructure Security Agency (CISA) would need to shoulder a lot of that work, Mayorkas added. He would explore two programs to see if they could stop future cyber attacks: the Einstein network security program, and the Continuous Diagnostic and Mitigation program.

Haines, former Deputy Director of the CIA under Obama, also called for strong action to shore up cybersecurity defenses in the US.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

"Here at home, we must strengthen our cybersecurity, safeguard our critical infrastructure, and turn the ongoing technological revolution from a threat to an advantage by integrating new technologies to improve the capacity and superiority of our intelligence into the future," Haines said during prepared remarks.

Haines said she was committed to recruiting more people into the intelligence community, following work completed on a Trusted Workforce 2.0 initiative to reform security clearances.

Austin, who has served as head of US Central Command, said he would continue to support an offensive cyber security policy that the US government has already implemented. The Department of Defense formalized this policy, known as “defend forward,” in October 2018 as a way to disrupt enemy engagement in cyber space before they happen.

"Having an offensive capability that we're able to use is really important," he said, highlighting the need for fast action in cyberspace. "Speed matters, so anything we can do to facilitate the work of the operators is goodness." He also said that Russia needed to be held accountable for its role in the SolarWinds hack.

Austin and Haynes separately said they would review the relationship between the National Security Agency (NSA) and US Cyber Command, which have shared leadership since the latter’s creation. The idea of placing the two under different leadership has been a recurring theme among defense and intelligence officials for several years. The Trump administration proposed doing so during its final days.

Senators expressed dissatisfaction with the government's current cyber security capabilities during the hearings. Republican Senator Roy Blunt complained Congress hadn't received a report on the SolarWinds attack. Senate Intelligence Committee Vice Chairman Mark Warner said the government had to rely on a private-sector company to find out about it. "One part of the government doesn't seem to know what the other is doing," Warner said.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

2 Mar 2021
What is cloud-to-cloud backup?
cloud backup

What is cloud-to-cloud backup?

1 Mar 2021
Lawmakers signal changes for big tech in antitrust hearings
Policy & legislation

Lawmakers signal changes for big tech in antitrust hearings

26 Feb 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021

Most Popular

How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021