Washington, D.C. – U.S. Senator John McCain (R-AZ), Chairman of the Senate Armed Services Committee, delivered the following opening statement today at a hearing on cyber strategy and policy:
“The committee meets today to receive testimony on cyber strategy and policy. We are fortunate to be joined this morning by an expert panel of witnesses:
- “Keith Alexander, CEO and President of IronNet Cybersecurity;
- “Dr. Craig Fields, Chairman of the Defense Science Board;
- “Dr. Jim Miller, Former Under Secretary of Defense for Policy; and
- “Matthew Waxman, Professor of Law at Columbia University Law School.
“Threats to the United States in cyberspace continue to grow in scope and severity. But our nation remains woefully unprepared to address these threats, which will be a defining feature of 21st century warfare.
“This committee has not been shy about expressing its displeasure over the lack of policy and strategy for deterring, defending against, and responding to cyberattacks. Treating every attack on a case-by-case basis, as we have done over the last eight years, has bred indecision and inaction. And the appearance of weakness has emboldened our adversaries who believe they can attack the United States in cyberspace with impunity. I have yet to find any serious person who believes we have a strategic advantage over our adversaries in cyberspace, and in fact many of our civilian and military leaders have explicitly warned the opposite.
“In short, this committee is well aware that bold action is required. And we will continue to apply the appropriate pressure to ensure that the new administration develops a cyber strategy that represents a clean break from the past.
“Such a strategy must address the key gaps in our cyber legal, strategic, and policy frameworks. That is the topic of today’s hearing, which is part of this committee’s focused oversight on cyber strategy and policy. Each of our witnesses brings a unique perspective to these issues.
“General Alexander recently served on the Presidential Commission on Enhancing National Cybersecurity. Given his extensive experience as Director of the National Security Agency and the first Commander of United States Cyber Command, we welcome his insights and guidance as we seek to ensure that our policies, capabilities, and the organization of the federal government are commensurate with the cyber challenges we face.
“Dr. Fields and Dr. Miller have been involved with the Defense Science Board’s Task Force on Cyber Deterrence, which was established in October 2014 to evaluate the requirements for effective deterrence of cyberattacks. We are pleased that the Defense Science Board has completed its evaluation, and we urge the new administration to immediately focus its attention on deterrence in cyberspace, which requires a comprehensive strategy for imposing costs on those seeking to attack our country.
“Cyber also involves complex, but highly consequential legal questions. Which is why I am pleased that we have Mr. Waxman with us to shed some light on these challenges. For example, understanding what constitutes an act of war in cyberspace is a central question for any cyber policy or strategy. But it is one we as a government have failed to answer. As cyber threats have evolved rapidly, our legal frameworks have failed to catch up.
“And this is just one of a long list of basic cyber questions we as a nation have yet to answer. What is our theory of cyber deterrence, and what is our strategy to implement it? Is our government organized appropriately to handle this threat, or are we so stove-piped that we cannot deal with it effectively? Who is accountable for this problem, and do they have sufficient authorities to deliver results? Are we in the Congress just as stove-piped on cyber as the executive branch, such that our oversight actually reinforces problems rather than helping to resolve them? Do we need to change how we are organized?
“Meanwhile, our adversaries are not waiting for us to get our act together. They are defining the norms of behavior in cyberspace through their actions, and the United States is in a reactive crouch. We have to turn this around, and ensure cyber norms reflect the values of a free and open society, and do not undermine our national security.
“Cyber may be one of the most consequential national security challenges in a generation, and it will not grow easier with time. Our adversaries now believe that the reward for attacking the United States in cyberspace outweighs the risk. Until that changes, until we develop a policy and strategy for cyber deterrence, until we demonstrate that an attack on the United States has consequences, cyberattacks will grow more frequent and more severe. This is the urgent task before us. And that is why this series of hearings is so critical.
“I thank each of our witnesses for appearing today, and I look forward to their testimony.”