During a Senate confirmation hearing today, the nominees for vice chairman of the Joint Chiefs of Staff and commander of U.S. Transportation Command named cyber attacks as one of the biggest threats to national security.
“Across the networks of cyberspace we see intruders and nation states actively counter our capability to provide command and control for our military,” said Air Force Gen. Paul Selva, current commander of Transportation Command (USTRANSCOM) and the nominee for vice chairman of the Joint Chiefs.
The military needs the capability to attribute the source of a breach—whether that’s a criminal organization, nation state or group of hackers, he said. It also needs Congress to get to work on laws that would more clearly define the ability of the military and law enforcement agencies to respond to cyber attacks.
“In the absence of statues that define the responsibilities and authorities of our law enforcement agencies and our military capability to react to cyber, we run into those policy questions as a consequence of the nature of that threat,” he said.
For Air Force Gen. Darren McDew, who is slated to take over Selva’s current position as commander of USTRANSCOM, a cyber attack could hamper his ability to deliver equipment to troops, he said. McDew is currently the head of Air Mobility Command.
“That threat is there. I believe that U.S. Transportation Command has put some things in place that make that less likely, but as we go forward, the threat only gets worse,” he said. “Our ability to deal with it must evolve.”
Ninety percent of the work USTRANSCOM does is conducted over commercial networks, which are sometimes more vulnerable than those owned and operated by the military, he added. The military must figure out how it can continue to work with commercial industry to safeguard Defense Department information and infrastructure from potential cyber attacks.
McDew expounded on the topic in written answers to advanced questions from senators. He noted concerns that commercial contractors do not always notify the government when their networks are attacked, and pledged to address the issue if confirmed as the new head of USTRANSCOM.
“Compromise of a commercial partner’s networks by an APT (advanced persistent threat) is a potential cyber security issue that provides insight into USTRANSCOM operations,” he wrote. “Awareness of the intrusions is paramount so that we can mitigate their operational impacts.”
Selva said that the command would be helped by laws obligating all federal agencies to share information on network intrusions.
Currently, “that authority is tied up in a variety of statutes that prevent agencies from speaking to each other” he said.