Christopher Krebs, the nation’s former top cybersecurity official, and other officials pushed hard Wednesday for taking a strong stance against malicious hackers in the wake of a devastating cyberattack on the federal government.
“As long as the tools are available, vulnerabilities exist, money and secrets are to be had, and the lack of meaningful consequences persist, there will be malicious cyber actors,” Krebs testified to the House Homeland Security Committee during a hearing focused on cybersecurity threats.
Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), pointed in particular to the need to stand up to Russia, especially after the recent breach of IT company SolarWinds and other companies that led to the compromise of much of the federal government.
“The behavior will continue until the leadership has decided that it cannot tolerate further behavior,” Krebs said. “I think there are still options on the table for more destructive attacks, and more brazen attacks, particularly for Russia, I don’t think we’ve hit the upper limit of their pain threshold.”
“Working with our allies, with the UK and elsewhere where there are Russian expats, Russian oligarchs that have a significant amount of money, you start turning the screws on those individuals, and they will go back to the Kremlin and we may see some behaviors change,” he added.
The hearing marked the second time that Krebs has testified on Capitol Hill since being fired by President Trump in November. He was removed from leading CISA after the agency stood up a “rumor control” page to debunk election disinformation and misinformation and described the election as the “most secure in American history.”
In the wake of his departure, the massive Russian hacking incident came to light, and earlier this week officials in Oldsmar, Fla. announced that a hacker had breached their water treatment facility and unsuccessfully attempted to poison the water supply.
Ransomware attacks have also continued to present a major challenge for schools, hospitals, and other critical organizations during the COVID-19 pandemic, with Krebs saying he believed “we are on the verge of a global emergency” due to the escalation of these attacks.
In light of these continued challenges in cyberspace, Krebs was not alone in pushing for Congress to take immediate action to combat these threats.
Sue Gordon, who served as the principal deputy director of national security under the Trump administration, urged Congress to approach cybersecurity threats by taking a holistic approach that encompassed the private sector and foreign allies.
“We need to bring the problem into the light ruthlessly, because evil cannot survive there,” Gordon testified.
Michael Daniel, the former White House cybersecurity coordinator under the Obama administration, testified that while he believed the lack of successful attacks on critical systems meant the U.S. had been somewhat successful in deterring malicious actors online, there was far more that could be done.
“The level of activity that we have not been able to deter is still too high,” Daniel, who currently serves as president and CEO of the Cyber Threat Alliance, said. “In the nation state context we have to put it in that geo-strategic context…and figure out how to raise the cost on our adversaries in a way that would cause them to change their behavior.”
While the House Homeland Security panel has jurisdiction over a number of potentially divisive topics, such as immigration, in facing up to cybersecurity threats, members of both sides of the aisle similarly pledged action on Wednesday.
Committee Chairman Bennie Thompson (D-Miss.) announced that Wednesday’s hearing would be the “first of several” that would be held to dig into cybersecurity threats, and praised President Biden’s early efforts to prioritize the issue.
“We must do as President Biden has done and treat cybersecurity as a central national security priority and not a ‘boutique add-on,’” Thompson said.
Committee ranking member John Katko (R-N.Y.) described cybersecurity threats as “the preeminent national and homeland security threat of our time.”
“I want this to be a hearing about opportunity for action, not just admiration of the problem,” Katko said during the hearing. “We have already ceded critical ground to our global cyber adversaries, and there is simply no time to waste.”