SAN FRANCISCO -- The chairman of the House Committee on Homeland Security has had enough of state-sponsored hacking, and he wants the U.S. government to take a tougher stance against adversaries -- including Russia.
"I'm going to be brutally honest: We're in the fight of our digital lives, and we are not winning," said Rep. Michael McCaul (R-Tex.) during his keynote address at RSA Conference 2017 on Tuesday. "The threat is worse than just espionage. Our democracy itself is at risk. Last year, there was no doubt in my mind that the Russian government tried to undermine and influence our elections."
In a speech titled "The War in Cyberspace: Why We Are Losing -- and How to Fight Back," McCaul argued the U.S. government must do more to stop state-sponsored hacking and impose tougher consequences on the nations behind these campaigns.
McCaul referenced the Russian state-sponsored hacking of the Democratic National Committee and called the attacks "unacceptable." He said he pushed both the administrations of Barack Obama and Donald Trump to take a forceful approach to the attacks, but was ultimately disappointed in their response.
"This crisis was the biggest wake-up call yet," McCaul said. "These cyberintrusions have the potential to jeopardize the very fabric of our republic."
While McCaul implored the U.S. government and private sector to do more to stop these nation-state cyberattacks, he acknowledged the effort is a daunting one because of five primary reasons: the volume of attacks and attackers; the fast pace of innovation that gives hackers an advantage; the lack of information sharing between businesses and governments; a lack of deterrence for nation states; and threat actors using encryption to stay under the government's radar.
Michael McCaulchairman of the U.S. House Committee on Homeland Security
"At the same time," McCaul said, "we must resist the temptation to go after encryption with simple, knee-jerk responses. I believe creating backdoors into secure platforms would be a huge mistake."
Instead, McCaul said, the security industry and government need to work together to find a solution that "balances digital security with national security." To that end, McCaul said he would continue pushing for the creation of an "encryption commission," which he and Sen. Mark Warner (D-Va.) introduced last year.
But McCaul said more is needed to fight back against state-sponsored hacking, and he encouraged the Trump administration to adopt "a new national cybersecurity strategy as soon as possible." He also said "strong leadership at the top" is needed to take a more stringent approach to nations that commit cyberintrusions or attacks against the U.S., and he specifically referenced Russia.
"We must continue to call out Moscow for election interference," McCaul said. "If we don't hold the line on sanctions and deliver meaningful consequences, I'm certain they will do it again. We've got to say enough is enough."
While state-sponsored hacking has led to high-profile incidents like the DNC breach, security vendors like Digital Guardian have seen an uptick in apparent nation-state attacks. "The attacks we see right now are still IP [intellectual property] theft and cyberespionage, so we haven't seen anything like the Sony hack," said Tim Bandos, director of cybersecurity at Digital Guardian, based in Waltham, Mass. "We're still seeing a lot of state-sponsored threats lately. It's usually very targeted, but we still see it across the customer base."
What the Cybersecurity Information Sharing Act means
How threat intelligence metrics can protect enterprise data
Fitara's effect on U.S. government cybersecurity