AI Content Chat (Beta) logo

solutions to pressing challenges in critical areas of economic, strategic, and technological competition. We are set to officially launch next week, and I hope this will just be the first of many occasions for Silverado to engage with this Committee to support your important work for the nation. As the U.S. enters a new era of competition, on battlefields old and new, modernizing and further resourcing America’s cyber strategy is a necessary precondition for achieving any number of other critical government objectives. In my testimony today, I will outline a conceptual framework for understanding cybersecurity. I offer five recommendations that I believe will meaningfully improve our ability to anticipate and prevent cyber threats and fortify our cyber defenses, building on the recommendations and critical work undertaken by the Cyberspace Solarium Commission: 1. Providing the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. Department of Homeland Security with the authorities and resources to one day become an operational federal CISO, or Chief Information Security Officer, for the civilian federal government; 2. Adopting speed-based metrics to measure agencies’ response to cyber threats; 3. Passing a comprehensive federal breach notification law; 4. Increasing security standards for vendors supplying high-risk software through government acquisition processes; and 5. Targeting the business model of ransomware criminals with mandatory “Know Your Customers” rules in cryptocurrency payment systems. Threat Landscape Almost half a decade ago, I coined the phrase: “We do not have a cyber problem, we have a China, Russia, Iran and North Korea problem.” Cyberspace is not a separate virtual world, immune from the forces that shape the broader geopolitical landscape. Instead, it is an extension of that landscape, and the threats we face in cyberspace are not fundamentally different from the threats we face in the non-cyber realm. China, Russia, Iran and North Korea are the four primary strategic adversaries whose malignant activities in cyberspace we try to counter on a daily basis, as we do their more traditional tactics in the physical world. Oftentimes, these battle lines extend to non-state actors, such as the most well-organized cybercriminals. These actors inflict enormous damage on our economy by launching ransomware attacks and stealing financial data from our businesses and citizens, and it is no coincidence that they operate with impunity from the safety of their homes in these very same countries. These countries conduct a variety of cyber operations against us on a daily basis, ranging from cyber-enabled espionage against our government to the theft of intellectual property from our 2

Homeland Cybersecurity: Assessing Cyber Threats and Building Resilience - Page 2 Homeland Cybersecurity: Assessing Cyber Threats and Building Resilience Page 1 Page 3