Hackers continue to target the U.S. government, private industry and financial sector because there is no clear policy that defines an uncrossable “red line,” Rep. Will Hurd, R-Texas, told FedScoop.
Hurd’s IT Subcommittee, within the House Committee on Oversight and Government Reform, hopes to answer the question of what constitutes a “digital act of war” in a hearing scheduled for July 13.
The subcommittee chairman plans to include officials from the National Security Agency, the National Security Council, the FBI, the CIA, the departments of Defense, Energy and Justice, the White House, and the private sector in those negotiations, which will also discuss cyberattack attribution capabilities and how the government should best respond to specific attacks, he told FedScoop.
Hurd described that the U.S. has five options in reacting to cyberattacks: do nothing, pursue diplomatic solutions, employ economic sanctions, launch a physical military defense or respond digitally.
But first, the U.S. must define a threshold — a red line, as Hurd puts it — by which to gauge the severity and intent of a cyberattack, he said.
He analogized it to the North Koreans launching a missile at San Francisco. ‘[T]hey know and we know how we would respond. It’s really about knowing and then showing where those red lines are,” Hurd said in an interview.
A former cybersecurity executive and CIA operative, Hurd said that while numerous U.S. agencies and organizations have posed this question before — and some have even designed a framework to determine appropriate responses — there is no “standard across government” acting as a uniform deterrent.
He hopes the House’s effort can include enough influential figures and opinions to move the needle.
“Of course, I think that it will be incredibly difficult to get everyone on message.’ Hurd told FedScoop. ‘This won’t be solved in one hearing or through a single conversation. It will be a process.’
This is, after all, a huge concept for one room full of experts to wrap its arms around. For instance, Hurd wonders if the Chinese stealing more than 20 million personal records from the Office of Personnel Management should be considered a digital act of war. These types of cases, he explained, are more difficult to categorize and will be up for debate.
“Right now, we’re really working to get the smartest people we can in a room together to talk about it,” Hurd said.
The IT Subcommittee is uniquely positioned to “bridge conversations” on improving digital security occurring across the House and other branches of government, said Hurd.
And he expects that his Senate colleagues will “support and shine a light” on the upcoming hearing, though it remains unclear whether the upper chamber will address the question in a similar fashion.
Early in the stages of planning, Hurd hasn’t yet decided if his subcommittee will name a working group — formally listing all parties involved — to explore the issue.