You slept in and missed the Senate Intel Committee hearing on worldwide threats. No problem, I’ll give you a rundown.
The top 5 threats to the US right now are China, Russia, Iran, North Korea, and terrorism. Haines, the ODNI director, broke it down:
- China: competition in the cyber, space, and geographic spaces. A “near peer”. They have their own demographic challenges.
- Russia: interested in asymmetric conflict (cyberrrrr) with the goal of weakening the US
- Iran: regionally crucial, Iraq as key battleground
- North Korea: wedges between US and allies. Ballistic missiles
- Terrorists: ‘domestic homegrown’ (extremist Islamic) and ‘domestic violent extremism’ (the white ones)
She also mentioned pandemic strain, climate change causing humanitarian crises, and transnational organized crime (drugs) in addition to regional concerns including volatile elections in Latin America and ongoing tension between India and Pakistan. Interestingly, she also brought up the anomalous health incidents that are still plaguing intel personnel.
There was some discussion about the decision to pull out of Afghanistan. The consensus from the committee is that the US ability to react will diminish but we still have capabilities and regional partners. No one really knows what Russia wants in Ukraine. Chair Warner made the important point to differentiate between the CCP and the Chinese people. Director Wray (FBI) spoke about Operation Fox Hunt, and 2 thousand investigations that revolve around uncoordinated and illegal law enforcement perpetrated by the CCP to intimidate the Chinese diaspora.
In case you were thinking about watching the hearing yourself, the Senators managed to mostly stay away from partisan bickering and tedious grandstanding.
SolarWinds
The SolarWinds attack was the star of the show. There was much discussion over a ‘blind spot’. Senators discussed their concerns about a lack of information sharing between international agencies gathering foreign intel and domestic agencies monitoring government networks. Directors seem to understand this blind spot somewhat differently, and want more visibility into critical infrastructure. I interpreted this visibility as a unified and robust logging and notification system, but they may have meant an expansion in their powers.
One solution that was mentioned time and time again, mostly by Director General Nakasone (NSA), is the need for a public-private partnership between the corporate victims of cyberattacks and the government entities trying to mitigate or prevent future attacks. If corporations were willing to fess up about cyber infiltration earlier, than harm could be prevented. Director Wray (FBI) emphasized the need for some form of incentivization.
Another solution is to introduce legislation that would force companies to reveal when their networks or systems have been exploited, so we’re not dependent on third-party investigators to break the news. I won’t begin to address the legal and technical challenges that this type of requirement could have.
Two things are clear after this hearing: 1) China represents the largest national security threat to the United States. 2) It’s a good time to get into cybersecurity.
