cybersecurity confidence erodes

Senator says Trump administration lacks 'point of entry' to talk cyber

Sen. Sheldon Whitehouse (D-R.I.) is frustrated by the lack of an administration contact with whom to pursue fixes to cybersecurity problems.

The senator expressed frustration at an Oct. 19 Senate Judiciary Committee hearing over his inability to find partners at the White House or Department of Justice to coordinate with Congress on cybersecurity legislation.

While questioning Attorney General Jeff Sessions, Whitehouse asked who at DOJ was responsible for developing legislative recommendations to combat potential Russian cyber interference in future elections.

"Over and over again in this committee and others we have heard the intelligence and national security professionals of our country…warn us that campaign and election interference by the Russians is not going away, that we can expect more of it in the 2018 election, we can expect more of it in the 2020 election," said Whitehouse.

Sessions responded that he believed the matter would fall under the authority of the department's national security division but expressed uncertainty about whether anyone had been designated to recommend legislation.

"I'll be frank, I don't know that we're doing a specific legislative review at this point," said Sessions.

Whitehouse then took aim at the White House, calling President Donald Trump's May 2017 Executive Order on cybersecurity "more or less a call for information" that was lacking in substantive action.

"To my knowledge, there has been no proposed legislation of any kind. My conversations with [Homeland Security Advisor Tom] Bossert at the White House have not produced any type of liaison or way of going forward on this issue," he complained.

While the White House has not publicly floated any legislative proposals, it has at times attempted to leverage its executive authorities to shore up cybersecurity. The executive order directed federal agencies to focus their efforts on protecting high-value assets and formally designate a senior official accountable for risk management. The White House also released an IT modernization draft plan in August that mentions "cybersecurity" 56 times and recommends a consolidated IT environment and expansion of shared services that administration officials believe will allow the federal government to respond to cyber threats in a more holistic manner.

However, Whitehouse said unresponsiveness from the administration and DOJ was impeding the ability of Congress to start work on legislation to plug holes in the nation's cyber and election infrastructures. Whitehouse has been active on cybersecurity issues, in particular legislation to help law enforcement go after botnet operators.

"The issue is there are things that need to be fixed legislatively on cybersecurity and at the moment, I can't find a point of entry into this administration or anyone who is working on cybersecurity legislation or is appointed to or delegated to," he said.

Whitehouse's comments came a day before a bipartisan group of senators on the Armed Services Committee blasted the Trump administration for preventing White House cyber coordinator Rob Joyce from testifying at a hearing focused on defending the U.S. from cyberattacks. Sen. John McCain (R-Ariz.), the committee's chairman, indicated that he may consider using the panel's subpoena power to compel Joyce to testify down the road.

"So, when we see the person in charge and an empty seat here today, then we are going to have to react," McCain said. "The committee is going to have to get together and decide whether we're going to sit by and watch the person in charge not appear before this committee. That's not constitutional."

Featured

Charter Sponsors