Hacks and breaches pose more of a risk to national security than ever before, but a top Obama adviser says deterrence measures are in place.
If you’re looking for proof that cybersecurity has become a national security issue, no evidence should be more indicative than informal testimony from one of President Barack Obama’s trusted homeland security advisers.
At The Washington Post’s Cybersecurity Summit in Washington, D.C., held Oct. 6, Lisa Monaco, assistant to the president for Homeland Security and Counterterrorism, shared the administration’s concerns and strategies for dealing with the evolving cyberthreat landscape.
Monaco, who has a substantial service record within the Department of Justice and the FBI, said affronts by malicious online actors play an almost daily role in security briefings and are a growing part of the national security conversation.
While some breaches are tied to other nations, criminal enterprises and domestic actors are also considerations in the cybersecurity and national security landscape.
The 2016 theft of Democratic National Committee (DNC) emails, seemingly perpetrated by Russian hackers, and the 2014 hack of Sony Pictures, which was attributed to North Korea, highlighted the some of the more public examples of international cybersecurity threats.
When asked by Post national security reporter Ellen Nakashima whether the United States was moving toward a de facto “framework of deterrence,” Monaco, a former federal prosecutor, said the she opposes the idea that one was not already in place and operational.
“It will come as no surprise to you, I suspect, or to your audience, that I disagree with the critics that we don’t have a strategy or a deterrence policy,” she said. “And it’s this: One, we believe very strongly that there needs to be a set of norms around cyberbehavior. And what you’ve seen is the president working very hard and very carefully over the last several years to build a set of norms and to build international support for a set of norms.”
These norms, Monaco went on to explain, center on the malicious use of technology for critical infrastructure attacks, espionage and the suppression of dissenters. Through unified international support, she said violators of the commonly accepted standards could face sanctions and equivalent action.
“And so, when countries violate those norms, there is an isolation of that country," she said. "There is an agreement that you can impose sanctions, maybe there is a consideration that there is an act of aggression if those norms are violated. There is a framework there."
The homeland security adviser also discussed the nature of the United States’ election systems amid the recent speculation of a perceived threat to the integrity of the larger system, saying that the “diffused” and “diversified” system would require an extensive effort to hack.
Because states and counties deploy their own election systems, some of which still rely on paper ballots, she argued that the threat from an internal or external force would have to be considerable to make any significant change in the elections results.
While she confirmed continued “probing” in the general elections environment, she said there was no evidence of any successful manipulations.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.