The Senate Armed Services Committee has started a week dense with cyber-security hearings and other cyber concerns with questions about the intent by the White House to take security seriously. Perhaps coincidentally, late last week President Barack Obama met with Chinese President Xi Jinping and reached an understanding of some sort about Chinese spying on U.S. companies.
The Senate is so concerned about White House intentions because the administration was required by last year's National Defense Authorization Act to create a cyber-defense policy, but so far has failed to deliver one. The lack of a specific policy, coupled with an agreement with China that's basically a vague set of promises that the United States and China will try not to intentionally spy on each other's commercial entities, leaves Congress with little to go on. The White House also is saying that if China doesn't do what it's supposed to do, the United States will levy sanctions.
Because there is no written agreement with China, and because there's very little that's specific, many in Congress are questioning if there's any kind of enforceable agreement at all. The Senate, meanwhile, is pondering how (and if) to bring back a cyber-security bill sponsored by Senator Richard Burr (R-N.C.) that has stalled due to strong opposition from a number of fronts, but mostly due to concerns that it might violate the Fourth Amendment.
So far there are 22 amendments on the floor for that bill, and one major stumbling block facing Senate Majority Leader Mitch McConnell is how to handle the debate about the amendments. Many of those amendments are being proposed as ways to get past the worst of the privacy concerns currently dogging the cyber-security bill.
There will be additional hearings in the Senate including one with Director of National Intelligence James Clapper. The House Armed Services Committee will hear from Clapper and National Security Agency Director Adm. Michael Roberts about the administration's stance on cyber-warfare. Part of the difficulty that Congress is having with the hearings is getting a definition of what actually constitutes cyber-warfare.
Adding to the complication with the hearings has been determining an appropriate response if a cyber-attack was detected, which is why the Senate has anxiously been awaiting the policy from the White House.
Meanwhile, the Senate Armed Services Committee did manage to get some agreement with the administration in regards to security, which is that the United States needs more than just a cyber-defense. Administration witnesses agreed that the United States should develop a cyber-offense in addition to a cyber-defense.
Although the government's posture on cyber-offense or -defense doesn't really affect most businesses directly, there could be a significant side issue considering the nature of the attacks from China, especially those against major defense contractors. The attacks against defense contractors have taken on the appearance of economic espionage, which would be prohibited under the agreement between China and the United States.
But those same attacks seemed to originate from within Chinese army installations, which would mean that those attacks also could be considered military espionage, which isn't prohibited. This means that U.S. companies could easily find themselves faced with attacks that seem to originate from the Chinese military, but yielding information that's then passed along to the Chinese commercial sector.