April 05, 2022
Watch Senator King’s questioning here, and download broadcast quality video here
WASHINGTON, D.C. – As Russia continues their deadly, unprovoked attack on Ukraine, Senator Angus King (I-Maine), Co-Chair of the Cyberspace Solarium Commission, is pushing top cyberofficials for clarity on Russia’s cyber activities in the conflict and for additional information on America’s preparedness to respond to any attempted cyberattacks against the United States. In a hearing of the Senate Armed Services Committee, Senator King began by asking General Paul Nakasone – Director of the National Security Agency and Commander of United States Cyber Command – why there have not been more successful cyberattacks against Ukraine during this conflict. Senator King’s questioning comes shortly after he and Congressman Mike Gallagher (R-Wisc.) sent a letter to President Joe Biden, urging his administration to keep a key Pentagon cyberdeterrent in place.
“General Nakasone, if you can answer this in an open session, why no Russian serious cyber-attack in Ukraine? We all thought that was going to be the first thing they did, and it didn’t happen. And I know there were some attacks, but nothing of the scale we were expecting,” said Senator King, Co-Chair of the Cyberspace Solarium Commission. “Do we have an answer to that?”
“Senator, I think I’d begin by saying we’re not out of Ukraine yet and so obviously our position right now is one of vigilance in terms of anything that might still be done,” replied General Nakasone. “In terms of what the Russians decided to do, I would anticipate that this was based upon a serious of assumptions that they may have made coupled with the defensive capabilities that we were able to work with a number of partners within Ukraine, and then thirdly, a realization that a lot of times these are very, very difficult attacks to be able to conduct.”
“I think their assumption was the war would last two weeks, so they didn’t really have to do that,” concurred Senator King. “That seems to be one of their greatest mistakes.”
+++
Continuing his questioning, King urged General Nakasone to assess if our country is adequately prepared to deal with a foreign cyberattack that comes through domestic infrastructure, and if U.S. inter-agency coordination would hamper responses to any potential attacks. Senator King’s additional line of questioning focused on the ability to attribute a cyberattack to its source, as bad actors can frequently utilize networks in foreign countries to complicate the ability to root out its cause.
“It makes me nervous when I hear the first part of the answer being coordination. I like it when somebody is in charge and responsible, but I understand that the coordination is important,” said Senator King. “One of the, I don’t know if I would call it a gap, but you mentioned, for example, outside of our borders that’s where NSA responsibility, CIA’s responsibility is. We’re no longer in a world of borders, and what concerns me is a cyberattack that originates in a foreign country but goes through a server in New Jersey or in California, and therefore, it’s a great question as to where that cyberattack is coming from. Do we have adequate authorities and lines of authority and definitions to deal with a foreign cyberattack that comes through U.S. infrastructure?”
“So, I think that we’re making much better progress in being able to address some of those authority gaps. You’ve identified one of the areas that were certainly relevant in the solar wind’s most recent supply chain attack when our adversaries had positioned themselves within the United States, and we found that there was a blind spot there. So, again, the breached notification that has been done, the discussion in terms of upping the standards for both national security systems and government systems that the administration have done, I think have all contributed to this,” said General Nakasone. “But you point out a key piece, Senator, which is this is much more difficult than one person being in charge. There is not one agency, one department, or even one entity that has all the information, and so that’s why this coordination is so important."
+++
As Co-Chair of the Cyberspace Solarium Commission (CSC), and a member of the Senate’s Armed Services and Intelligence Committees, Senator King is recognized as one of Congress’s leading experts on cyberdefense and is a strong advocates for a forward-thinking cyberstrategy that emphasizes layered cyberdeterrence. Since it officially launched in April 2019, dozens of CSC recommendations have been enacted into law, including the creation of a National Cyber Director. As Russia has continued their unprovoked attack on Ukraine, Senator King has forcefully condemned Russia’s actions, worked to provide Ukraine with urgent lethal and humanitarian aid, and called for maximum economic pressure on Vladimir Putin and his oligarchs. Last month, King joined a bipartisan Congressional delegation to Poland and Germany where he met with NATO leaders, Ukrainian refugees, and U.S. servicemembers for a first-hand look at the humanitarian crisis and America’s efforts to support Ukrainians.