October 28, 2021
WASHINGTON, D.C. – U.S. Senator Angus King (I-Maine), a member of the Senate Armed Services Committee, today pressed top Pentagon nominees on the importance of securing America’s cybernetworks. During his questioning, Senator King emphasized the need to prioritize cyberattack testing in order to identify and fix any vulnerabilities in Department of Defense networks. In response to Senator King’s questioning, John Sherman – the nominee for Chief Information Officer of the Department of Defense – agreed with the Senator that there is “absolutely” a need to regularly test military networks and infrastructure against cyberattacks. Later in the hearing, Senator King drew attention to the alarming rates of military and veteran suicides, and stressed the need for the Pentagon to address the tragic issue.
“I don't think there's any doubt that if there is a conflict that we're engaged in, cyber will be the first part of it. The first effort of our adversaries will be to try to blind us in terms of our ability to communicate. They're also using cyber to compromise our networks to steal intellectual property,” said Senator King. “You use the word ‘ensure’. I think that may be an optimistic word, but how do we ensure? Do you anticipate pen testing, red teaming, bug bounties, hackers for hire? It seems to me the best way to get toward insurance, or assurance, is testing the network by friendly hackers or those who are enabled to attack the networks and tell us where our vulnerabilities are? Is that is that in your agenda?”
“Yes, sir, absolutely. Not just trust, but verify and re-verify,” responded Mr. Sherman. “Working with, for example, the Defense Digital Service, which does a lot of that bug bounty type activity at DOD. Also working with the director of Operational Testing and Evaluation so we can do that upfront testing as we buy technology such as commercial cloud capabilities to really see where vulnerabilities are – as we've done, for example, on Office 365 being employed across the enterprise, finding vulnerabilities that even the vendor didn't know about.”
“I would hope that you would work with NSA and CYBERCOM – they're the best in the world to test your own networks,” Senator King concluded. “You use ‘trust, but verify’ – that's one of my favorite models. But another is, ‘does it work, and how do you know?’ And so CYBERCOM seems to me and NSA... Paul Nakasone would be a tremendous resource.”
+++
Senator King then brought attention to the tragic rates of military and veteran suicides, and urged the nominees to address alarming rates of military suicide. The push came just days after Senator King and a bipartisan group of colleagues introduced the Save Our Servicemembers (S.O.S.) Act, which would work to improve Department of Defense suicide prevention efforts.
“In the Vietnam War, we lost 58,000 [servicemembers] in the decade. From 2008-2017, we lost over 60,000 [veterans] to suicide,” said Senator King. “The figures Senator Blumenthal mentioned are just shocking: we've lost four times as many military people and veterans to suicide since 9-11, than to operations – that's a stalker of our military personnel. I hope you'll really put some focus on that. If it were a military event killing 30,000 people in over that period of time, we'd have all kinds of resources on it. So I hope you'll pursue that.”
Last week, Senator King joined a bipartisan group of his Senate colleagues to introduce the Save Our Servicemembers (S.O.S.) Act, which would work to improve Department of Defense suicide prevention efforts. The legislation – which comes shortly after an alarming report revealed a 15% increase in military suicides in 2020 – would direct the Pentagon to evaluate the effectiveness of their suicide prevention efforts, improve its data collection, reduce bureaucratic duplication, and strengthen collaboration between its offices.
As a member of the Senate Armed Services Committee, the Senate Select Committee on Intelligence, and co-chair of the Cyberspace Solarium Commission, Senator King is recognized as one of Congress’s leading experts on cyberdefense and a strong advocate for a forward-thinking cyberstrategy that emphasizes layered cyberdeterrence. He has been one of Congress’ leading advocates for increased testing within America’s cyberspace operations – he routinely pushes top regulators to “be brutal in testing” critical infrastructure to identify any vulnerabilities for potential cyberattacks.