Senator Lankford Testifies at Judiciary Subcommittee on US Response to Cybersecurity Threats

CLICK HERE to view Lankford’s remarks. 

WASHINGTON, DC – Senator James Lankford (R-OK) today provided testimony before the Senate Judiciary Subcommittee on Crime and Terrorism during a hearing entitled “Cyber Threats to Our Nation’s Critical Infrastructure.” Tomorrow, the Senate Committee on Rules and Administration will mark up Lankford’s bipartisan bill, the Secure Elections Act, which strengthens election cybersecurity in America. Lankford originally introduced the bill in December 2017; after working with stakeholders, he introduced a revised version of the bill in March 2018. The purpose of the bill is to streamline cybersecurity information-sharing between federal intelligence entities and state election agencies; provide security clearances to state election officials; and provide support for state election cybersecurity infrastructure.

Lankford is a member of the Senate Select Committee on Intelligence and the Senate Homeland Security and Governmental Affairs Committee. 

Excerpts:

(0:10-0:59) Senator Klobuchar and I have worked extensively on the Secure Elections Act. In addition, I’ve had the opportunity to be able to serve on the Intelligence Committee and our Homeland Security Committee. We’ve spent a lot of time dealing with this issue. …there is a false belief that this threat is just from Russia and I’d like to dispel that today. Second, the intelligence community and DHS cannot maintain situational awareness of all the cyber threats attempting to target our critical infrastructure alone. This is a space that is going to require partnership across government, with industry, and independent groups. …the type of cyber threats we fail to face call for a fresh look at our cyber policy…and we need to establish the elusive “cyber doctrine” that we have now talked about for a decade-and-a-half.   

(1:01-2:40 ) …while it is clear the Russian government tried to interfere in the 2016 elections, Iran, North Korea, China, and outside hacktivist groups as well as domestic hacktivist groups have demonstrated capability, and in some cases, an effectiveness to be able to reach into our critical infrastructure. We can look at 2014 when North Korea reached into Sony Pictures because of their frustration of a movie with a relatively simple piece of malware created $35 million worth of damage to an American company because they were mad. Since 2012, Iran has targeted multiple critical infrastructure sectors. They have also targeted foreign and domestic banks and caused millions of dollars of damage. In March of this year, the Justice Department charged nine Iranians for working with directive of the Islamic Revolutionary Guard Corps to steal academic data from hundreds of universities in the United States and aboard. And they were successful penetrating those universities and stealing that information. The FBI recently issued a warning saying that hackers in Iran could potentially use a range of computer network operators from scanning networks for potential vulnerabilities to data deletion attacks against the United States-based networks in response to US governments withdrawal from JCPOA. Russia cyber-attack that cut the electricity to nearly a quarter of a million Ukrainians two days before Christmas in 2015 should remind us of their capabilities and of their use of this kind of technology. 

(5:55-6:37 ) Finally, given the dynamic nature of the threat environment, we must consider a broader policy for responding to a cyber-attack, and to be able to deal with the elusive “cyber doctrine.” Our adversaries must know that they will endure significant cost for a cyber-attack on our infrastructure. This effort has to bring together input from State Department, Intelligence Community, DHS, Department of Defense, federal, state, and local law enforcement. And I look forward to us finally getting that deterrent in place in the days ahead.  

###