With Inauguration Day upon us, it’s time for a #MLWashingtonCyberWatch update.   President-elect Donald Trump has vocalized his support for the future of “cyber” throughout his campaign – but how will members of his cabinet act, or refuse to act, on his vision for that future?

During the past two weeks, the United States Senate has been holding confirmation hearings for Mr. Trump’s cabinet selections. Pointed questioning from senators has surfaced many issues of critical importance to the American people, among them the future of privacy and cybersecurity. The incoming administration will confront significant issues in these areas such as the use of back-door encryption, mass data collection and surveillance, and international cybersecurity threats. The nominees for Attorney General, Secretary of the Department of Homeland Security (“DHS”), and Director of the Central Intelligence Agency (“CIA”) were each questioned about how they will navigate these concerns as part of the Trump Administration. In this installment of #MLWashingtonCyberWatch we are discussing highlights from these hearings.

Attorney General: Senator Jeff Sessions

In his opening testimony before the Senate Judiciary Committee (“SJC”), Senator Jeff Sessions (R-AL) stated that under his leadership the Department of Justice will pursue an offensive and defensive strategy to protect the nation’s online security. Members of the SJC examined Sen. Sessions regarding unauthorized government data access, cybersecurity infrastructure, online terrorism, as well as the influence of Russian cyberattacks on the presidential election.

Senator Orrin Hatch (R-UT), who has been a staunch advocate for protecting citizens’ data from unauthorized government access, pressed Sen. Sessions on how the Department of Justice will balance the sometimes competing demands of consumer privacy and data security. Sen. Sessions emphasized that he would work to protect Americans’ rights but he did not offer firm opinions on potential tradeoffs when making data more accessible to government and law enforcement. Senator John Cornyn (R-UT) picked up on this theme and focused on recently proposed legislation permitting the Federal Bureau of Investigation (“FBI”) to monitor and collect IP addresses as a means to combat online terrorism. Sen. Sessions confirmed that he will work to support these bills.

The SJC had several questions for Sen. Sessions regarding Russia’s possible involvement in the 2016 presidential elections. Sen. Sessions did not offer an official opinion on the allegations, but he did voice his support for the FBI and suggested that protocols and punishments should be established for Russia’s “objectionable” behavior. In his words, he has “no reason to disagree” with the intelligence community’s recent findings that Russia engaged in cyberattacks to influence the presidential election.

Finally, Senator Chris Coons (D-DE) asked if Sen. Sessions would support a recently proposed bipartisan bill to levy sanctions on Russia, as a punitive measure and as a deterrent to other nations. Sen. Sessions agreed that Congress has the prerogative to impose sanctions and that as the head of the Department of Justice he will enforce the law.

 

Secretary of the Department of Homeland Security: General John Kelly

During retired Marine Corps general John Kelly’s testimony before the Senate Committee on Homeland Security and Governmental Affairs, he revealed plans for a proactive approach to cybersecurity utilizing partnerships with local governments and the private sector, in particular Silicon Valley. He acknowledged the need for the United States to stay abreast of evolving threats and to remain “agile” in its cyber capabilities.

How Gen. Kelly plans to enact his strategy however remained somewhat unclear. Gen. Kelly admitted he is not overly familiar with the National Protection and Programs Directorate – the DHS section which handles cyber security and infrastructure – although he recognized the directorate’s importance. He also expressed that he does not favor mass data collection as a general principle.

Gen. Kelly stated that he considers part of his mission at DHS to include working with the private sector to prevent cyberattacks and that he would leverage resources from state governments and small businesses to make it happen. Around this point Senator James Lankford (R-OK) asked Gen. Kelly how it will be possible to create a “cyber doctrine” to encourage cooperation between departments and even branches of government, to which Gen. Kelly responded that an aggressive approach would be needed to address the country’s vulnerability to cyberattacks.

Director of the Central Intelligence Agency: Representative Mike Pompeo

In his opening statements before the Senate Intelligence Committee, Representative Mike Pompeo (R-KS) expressed concerns about cybersecurity stemming from the new “borderless” international landscape created by the World Wide Web, which he conceded opens dangerous pathways for sophisticated cyber enemies. He noted that China’s activities in the South China Sea and in cyberspace have resulted in mounting tensions.

Rep. Pompeo was broadly questioned by Senator Ron Wyden (D-OR) concerning an opinion article he authored for the Wall Street Journal advocating for the broad collection of metadata, including Americans’ financial and lifestyle information. Rep. Pompeo attempted to qualify his stance, claiming that there should be legal boundaries to such metadata collection, and that the intelligence community falls shorts of its duty if it does not collect and exploit what is publicly available on social media. Sen. Wyden pressed Rep. Pompeo for an affirmation that Americans’ data would be protected, particularly since President-elect Trump supports the “backdoor encryption” method that critics view as a threat to consumer privacy. Rep. Pompeo agreed on the importance of safeguarding citizens’ privacy and said that he would confront the President and FBI with any CIA findings regarding the implications of encryption policies.

When asked by Senator John McCain (R-AR) what it will take to deter Russia from further hacking and interference in American government, Rep. Pompeo declared that Russian actors need to be held accountable. He noted that policymakers make the call on matters such as issuing blanket sanctions on state-sponsored cyberattacks, but that the CIA should also play a role by providing information and guidance about possible plans of action. He expressed confidence that the CIA can combat similar attacks in the future.

Whether or not these nominees are confirmed for their respective offices remains to be seen, but either way we will be keeping an eye on these crucial roles in government during the early days of the Trump Administration to see if privacy and cybersecurity truly do become a federal priority.   Follow #MLWashingtonCyberWatch.