Public Debate Needed on Cyber Security

Experts discussed the need for flexible policies, partnerships and buy-in from the American public to tackle cyber issues.

October 31, 2017

covering cyber

Michael Hayden (center), former NSA director, and Rep. Will Hurd (right) participate in a panel discussion about cybersecurity at Jack Morton Auditorium. (Logan Werlinger/ GW Today)

By Kristen Mitchell

Efforts to influence Americans by the Russian government during the 2016 presidential election will be remembered by the people of “Mother Russia” as some of the greatest covert activities in history, said Rep. Will Hurd.

Speaking at the George Washington University Tuesday, Mr. Hurd said the Russian government has no hope to defeat the Unites States militarily or economically, so it instead is focused on eroding trust among Americans.

“They were trying to drive a wedge, whether real or perceived, between the White House and the intelligence community and the American public,” he said. “The Russians are trying to erode trust in our democratic, liberal institutions, and that was their goal.”

Mr. Hurd (R-Texas) joined Michael Hayden, former director of the National Security Agency, and other expert panelists for “Covering Cyber: How to Improve Reporting and Policy on Cyber Issues,” an event co-sponsored by the School of Media and Public Affairs, its Institute for Public Diplomacy and Global Communication and its Project for Media and National Security.

Frank Sesno, SMPA director, said conversations on these critical issues “couldn’t be more relevant now.” Cyber engagement is largely an uncharted, unpredictable and suspenseful domain.

covering cyber

(Left to right) David Ensor, Michael Hayden, Will Hurd, Susan Hennessey and David Sanger participate in a panel discussion about the cyber domain at Jack Morton Auditorium. (Logan Werlinger/ GW Today).

Two former campaign aides to President Donald Trump turned themselves in this week after they were indicted by a grand jury as part of the Department of Justice investigation on Russian interference in the 2016 election. A third campaign adviser pleaded guilty and appears to be cooperating with the investigation, overseen by special counsel Robert Mueller III.

Mr. Hayden, who also previously served as Central Intelligence Agency director, said the Russians inflamed divisions that already existed in American society in the lead up to the presidential election.

“One thing we know as kind of an iron rule is that covert influence rarely, if ever, creates fractures in a society,” he said. “Successful covert influence identifies and exploits fractures in society.”

It was reported this week that Russian actors were able to reach 126 million Americans through Facebook alone. They published thousands of messages on Twitter and uploaded more than 1,000 videos to YouTube, according to The New York Times.

Congress has trouble keeping up with the changes in the cyber domain as technology evolves. As a result, it’s important to regulate and legislate outcomes, not specific types of technology, Mr. Hurd said. There is also a steep learning curve in Congress—where the average member is 58 years old and very few have a computer science background—that should be addressed through continued education.

Mr. Hurd said there also needs to be better partnerships between the government and private sector on tackling the challenges of modern security.

Susan Hennessey, a fellow in governance studies at the Brookings Institution and managing editor of Lawfare, said there is some consensus around basic steps for greater cybersecurity that need to be taken, but legislators face paralysis in adopting policy solutions.

Discussions grew more complicated after contractor Edward Snowden released classified government documents in 2013 about government surveillance of civilians. It’s time to have a public debate on the issue, Ms. Hennessey said.

“I think what the United States government is learning, and it needs to learn the lesson, that you can’t just strong-arm things sort of through on national security have to get the buy-in of the American people,” Ms. Hennessey said. “The American people ultimately, at the end of the day, get to set the rules.”

Mr. Hayden agreed it is time for a national conversation about cyber security and what the American people are willing to accept from the government. The United States’ cyber capabilities cannot be deployed, he said, because officials “lack legal and policy guidance” on their true limits.

Earlier this year, Equifax, a consumer credit reporting agency, was hacked. Personal data on tens of millions of Americans was exposed. David Sanger, chief Washington correspondent for The New York Times, said this is a recent example of why Americans should have more control over who has access to their data. Companies should have to be more transparent when their systems are compromised, he said.

The cyber domain also has become over reliant on the use of Social Security numbers as an identification tool. The idea a single, hard-to-change number that follows an individual from the day they are born until they die has been used for cybersecurity purposes is “completely nuts,” he said.

“The Social Security number was never intended to be used this way, and why the government continues to allow it to be used this way is a complete mystery to me,” he said.