WASHINGTON –The private sector and federal government must collaborate to ensure a robust cybersecurity approach, especially to safeguard elections, but that may require companies to disclose more information, a scientist told a House cybersecurity subcommittee on Tuesday.
Robert Knake, a senior research scientist at Global Resilience Institute and a senior fellow on the Council on Foreign Relations, told the House Subcommittee on Cybersecurity, Infrastructure Protection and Innovation that the nation’s cybersecurity is like “the good, the bad, and the ugly.” Good because the U.S. is making progress, bad because the technology landscape is rapidly changing, and ugly because technology is moving too fast for government regulation to keep up.
“Instead of government setting requirements, our goals need to be to require outcome,” Knake said. He recommended setting outcome-based government guidelines and enforcing disclosures from private companies.
He also said in an interview that the government needs to do in cybersecurity what it does for military defense — “red teaming,” in which experts imagine what the enemy would do and then how that could be counteracted. “We already do this with nuclear threats,” he said.
Knake and other expert witnesses as well as subcommittee members agreed that collaboration between the government and the private sector plays a crucial role in ensuring cybersecurity.
Niloofar Razi Howe, a senior fellow at the progressive think tank New America’s Cybersecurity Initiative, emphasized the importance of industry and government working hand in hand with trust.
“With collaboration, no matter how our adversaries adapt and technologies evolve, we can be agile,” she said.
Subcommittee Chairman Rep. Cedric Richmond, D-La., said he was concerned that adversaries are outpacing America in cyber investment.
China, Russia and North Korea have new technologies, such as artificial intelligence and quantum computing, and already are trying to disrupt the U.S. democracy and economy, Richmond said.