WASHINGTON, D.C. — In a hearing of the Senate Armed Services Committee (SASC), U.S. Senator Angus King, Co-Chair of the Cyberspace Solarium Commission, pressed top Defense officials on the most pressing challenges for America’s cyber defense capabilities. In a conversation with Dr. Michael Sulmeyer, the nominee to serve as the Assistant Secretary of Defense for Cyber Policy, King asked about the U.S. government’s ability to identify the sources of cyber attack — where a hack can originate in a foreign country but then be directed through servers in a third country before impacting America’s infrastructure. Senator King also raised questions about what efforts are being made to further expand the government’s cyber workforce amid shortage concerns.  

Senator King began his line of questioning by asking Dr. Sulmeyer about tracing cyberattacks and whether or not a centralized cyber office would help the U.S. government become more efficient.

“Mr. Sulmeyer, a couple of quick questions for you. One is attribution if we are talking about a cyberattack, it is becoming harder and to determine where it comes from. Does the U.S. government have sufficient resources in a coherent structure to do attribution of cyber attacks in a timely and reasonably certain way,” asked Senator King. 

“Senator, the tools and the experience necessary to attribute adversary cyber activity have to keep evolving with their behavior. I believe that historically we have been able to attribute and understand with varying levels of confidence at different times who is doing what,” replied Dr. Sulmeyer. “The difference is when the government is willing and when it makes sense to say so publicly versus when to be private about it, but I commit to working with the committee and of course my leadership on that transparency.”

“My question is ‘Who is we?’ Is there a central office somewhere in the federal government of attribution or is some of it in the FBI, some of it in the CIA? I am just concerned that this is such an important question that institutionally and structurally, we don't have a central area to do this essential function,” questioned Senator King.

“It is a good point, Senator, that there’s a lot of different organizations, a lot of cooks in the cyber kitchen, so because different kinds of malware have different technical specifications, you want the best experts to be able to come look at any given piece of code,” responded Dr. Sulmeyer. “I would want to just make sure that community of interest is clear about who they are and that they have the tools they need to work fast and then share that.”

“I hope that this is something you will look at with your interagency colleagues. Whenever I hear the term around here "all of government" I think "none of government" because nobody is responsible, so think about that,” said Senator King.

Later in the hearing, Senator King asked about recruitment and retention efforts to bolster the cyber workforce.

“Second question for you is the workforce are you able to recruit and retain the people that you need? My sense is there is a giant shortfall of cyber-trained people across the country. Does that also affect what you are going to be doing,” asked Senator King.

“Senator, for cyber operations that is those higher-end active defense and offense type work, we find that at least in the army, in my experience, thus far, it has been one of the most competitive fields, for example, coming out of West Point, it is one of the hardest to get into. The interest in doing it is there, and coming into the service is there. I think the bigger challenge that I would commit to if confirmed is the retention side in making sure we stay as competitive as we cannot matching, but as competitive as we can with industry and being flexible where possible to keep folks who want to stay and serve on the mission,” concluded Dr. Sulmeyer.

As Co-Chair of the Cyberspace Solarium Commission (CSC), Senator King is recognized as one of Congress’ leading experts on cybersecurity and as a strong advocates for a forward-thinking cyber strategy that emphasizes layered cyber deterrence. Since it officially launched in April 2019, dozens of CSC recommendations have been enacted into law, including the creation of a National Cyber Director. Together with former Solarium Co-Chair Representative Mike Gallagher (R-WI), King previously urged the Biden Administration to better protect the public health sector from cyber threats and called for stronger, collaborative efforts to address the growing threat. Earlier this year, he introduced bipartisan legislation to protect U.S. health care systems from hackers and other bad actors after a string of cyberattacks on Maine health care systems.

Recently, in an Armed Services Committee hearing, King pressed the Director of National Intelligence on the importance of integrating cyber deterrence into the U.S.’ National Security Strategy, as well as the need to prioritize cybersecurity ahead of the upcoming 2024 election. Earlier this year, Senator King cosponsored bipartisan legislation to expand the cybersecurity workforce and train veterans for in-demand jobs.

###