Warner: U.S. still unprepared for serious cyber threats
- By Chase Gunter
When it comes to cyberattacks against critical infrastructure, election systems and businesses, Sen. Mark Warner (D-Va.) believes the United States is "woefully unprepared" to handle threats from nation-states and others.
"We don't have our act together at all," Warner said at March 12 panel at South by Southwest. "We don't have a whole of government strategy… There needs to be a much greater sense of urgency."
Warner added this unpreparedness "goes back a decade-plus," and pointed to America's $700 billion in annual defense spending -- by far the most in the world -- with proposed decreases in non-defense-specific research and development dollars and without a current cyber warfare doctrine.
"I would argue from a national security standpoint, we may be investing in the best 20th century military money can buy, and we ought to be thinking a lot of the conflict of the 21st century is going to be in cyber and misinformation and disinformation," he said. "A reallocation of some of those resources would be worthy of debate."
Even in the wake of Russia's interference in the 2016 presidential election, and with the clock ticking before the 2018 midterm elections, "we are not ready as a nation in terms of election security," he said.
Warner, who introduced the Honest Ads Act to require heavily trafficked websites to disclose information about ads purchased on their sites, said that legislation alone would not be enough to effectively protect against interference.
"What you don't want to have happen is a bunch of us in Washington… doing this in a non-collaborative fashion," he said. "Because then, we'll mess it up."
In building strong cybersecurity, Warner also lamented the federal government's inability to attract cyber talent, pointing to lower pay, the protracted hiring process and a massive backlog of security clearance requests as hindrances.
On the industry side, Warner noted that as more devices become connected as part of the internet of things, "we have not even minimum standards built into any of those devices."
"We may need at least to use the purchasing power of the government," he suggested. "At least DOD, and I would argue for the whole of government, we ought to not be buying devices that are going to extend our vulnerability and start with that kind of standard."
Warner also said in the wake of data breaches, namely the Equifax breach, "we at least ought to explore some level of software liability."
"There should be a penalty paid, and it shouldn't be a slap on the wrist," he said.