Congress has a new rising target when it comes to cyber: The Pentagon.
The U.S. military last year was given the green light to start offensive cyber operations against foreign adversaries, an area that one new Democratic subcommittee chair says he will keep a close eye on in the coming months.
But recent internal reports have pointed to a lack of basic cybersecurity measures within the Department of Defense (DOD) itself, with one DOD report last week finding that the military is “at risk from adversarial cyber operations.”
And lawmakers have indicated that they will use this upcoming Congress to look at the Pentagon’s cyber preparedness, both in terms of carrying out and fending off cyberattacks.
Rep. Jim Langevin (D-R.I.), the chair of the House Armed Services Committee’s intelligence subcommittee, which oversees cybersecurity for the Pentagon, said he is particularly concerned about the offensive cyberattacks that the U.S. could carry out.
He said that in the past, the U.S may have been too cautious in conducting cyber operations. But he warned against officials going too far and fast in exercising their newly found authorities and said that he plans to hold hearings on the topic.
“Cyberspace, in some ways, it’s already a Wild West. We don’t want to make it worse,” Langevin said. “Wherever possible, we should working with our allies and friends in this space as we carry out the strategies — it’s important to have a whole of government approach.”
The Democrat, who also co-founded the Congressional Cybersecurity Caucus, said that not all retaliation to a cyberattack has to actually take place in cyberspace. The U.S. will often deliver indictments or sanctions as a penalty for cyber acts, although that was largely before the military was given more power for offensive cyber actions.
The Senate has wasted little time in questioning military leaders over their cybersecurity measures, grilling them about their preparedness at a hearing last week.
Sen. Mike Rounds (R-S.D.), the chairman of the Senate Armed Services Subcommittee on Cybersecurity, said last week’s hearing on Pentagon cybersecurity is one of several his panel will have in the coming months.
“What we’re looking at is how do we get to whole of nation or whole of country when we talk about cybersecurity protections, and that means you have to have input from both the private and the government sector,” he said this week. “Each is separate, but they’re got to coordinate.”
During that subcommittee hearing, senators raised concerns about a variety of cybersecurity issues that have plagued the Pentagon, from threats posed by products manufactured overseas to whether the military is falling behind when it comes to emerging technologies like artificial intelligence and machine learning.
And at around the same time of the hearing, the Defense Department’s Office of the Director of Operational Test and Evaluation released a report finding that the military is still suffering from a wide range of vulnerabilities, including a lack of resources to even test the extent of those flaws.
The report found that while the military had progressed in some areas, “the rate of these improvements is not outpacing the growing capabilities of potential adversaries, who continue to find new vulnerabilities and techniques to counter the fixes and countermeasures by DOD defenders.”
Sen. Richard Blumenthal (D-Conn.) raised concerns about the report to the officials testifying at the hearing, but they largely focused their responses on the areas of the assessment that showed signs of improvement.
“I think it’s a fair criticism of past performance, but I’d like to say that I think we are on a different track and I’m pretty optimistic that we can pull together,” testified Brig. Gen. Dennis Crall, the Marines Corps’ principal deputy cyber adviser and senior military adviser for cyber policy.
Senators also raised questions about the Pentagon’s work in areas like machine learning and AI, which officials have said will allow them to remove some human elements from warfare.
Langevin said that his committee will also look at AI and other related technologies, like quantum computing.
He said he will work on the topic as both the chair of the subcommittee, but also as a member of the newly formed Cybersecurity Solarium Commission, a panel of policymakers and experts formed to address the U.S.’s place and policies in cyberspace.
But he — in comments echoing those made by many experts — said he fears that adversaries like China may have already progressed beyond the U.S.’s achievements in those fields
“Our adversaries are not standing still, they are investing heavily in AI, in quantum computing,” Langevin said. “And we can’t lose our technological edge in this field.”