In this episode of the podcast (#222), we speak with Representative Jim Himes (D-CT) about Capitol Hill’s sudden and singular focus on cybersecurity – an about-face that he says was encouraged by the devastating Colonial Pipeline hack.
It is no news to anyone who has stayed abreast of the cybersecurity space that vulnerable software and hardware pose a serious risk to critical infrastructure in the United States. It is also no secret that sophisticated nation-state adversaries have made a habit of poking around inside sensitive government and corporate networks.
For some reason, however, that message has mostly fallen on deaf ears on Capitol Hill. After all, the Senate first got breached on cyber risk to the government and economy more than 20 years ago, when members of the L0pht, an early hacker collective, casually informed Senators in 1998 that they could “shut down the Internet” in 30 minutes, if they wanted.
Capitol Hill’s Long Learning Curve
Between 1998 and today there have been countless hearings on cyber risks and countless reports documenting the federal government’s ineptitude on matters of information security. There have been even more head-slapping pronouncements of lawmakers utter cluelessness when it comes to matters of technology. Senator Ted Stevens’s famous “the Internet is a series of tubes” statement from 2006 is just the most famous, but lawmakers continue to fall for dubious arguments, like intelligence industry assurances that desired backdoors in encryption algorithms are possible without undermining everyone’s security.
That’s not to say that the ship of state isn’t slowly (slowly) turning, with the help of lawmakers on Capitol Hill who “get it” or that the body can’t put past lapses behind it and forge a brighter future for the public and private sector on matters of cybersecurity. The 2015 Cybersecurity Information Sharing Act is one great example. Among other things, it created the Federal Government’s first point agency on Cybersecurity, the Cybersecurity and Infrastructure Security Agency or CISA.
In this week’s podcast, we invited one of Capitol Hill’s most recognized voices on matters of information security: Congressman Jim Himes, a 7 term Democratic Rep. representing Connecticut’s 4th District. On Capitol Hill, Himes serves on the Defense Intelligence and Warfighter Support (DIWS) Subcommittee and the Strategic Technologies and Advanced Research (STAR) Subcommittee. He is also a member of the House Financial Services Committee where he serves as the Chair of the Subcommittee on National Security, International Development, and Monetary Policy. He also serves as the Ranking Member of the NSA and Cybersecurity subcommittee.
In this conversation, Congressman Himes and I talk about Congress’s dawning awareness of our nation’s vulnerability to cyber attacks – an awareness that the recent Colonial Pipeline ransomware attack helped cement. We also talk about the best way to counter the actions of foreign governments like those in Russia and China that are exploiting our reliance on the Internet and technology to undermine democratic institutions and make off with valuable intellectual property.
I started off our conversation by asking Rep. Himes about how he has seen Congress’s thinking on cybersecurity change during his seven terms in office.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.