Senate Intelligence Committee Member On Latest Hacks In Government Agencies
MARY LOUISE KELLY, HOST:
It's one of the deepest security breaches in recent history, a massive cyberattack believed to have been perpetuated by Russia - and not just massive, but ongoing. That's according to a joint statement from the FBI and others. Among the growing list of confirmed targets, the CDC, the Defense Department and the State Department. I want to bring in Maine's independent senator, Angus King. He caucuses with the Democrats and sits on the Senate Intelligence Committee.
Senator King, welcome.
ANGUS KING: Mary Louise, good to be with you, but sorry it's under these circumstances.
KELLY: I was going to say exactly the same thing. This keeps getting worse and worse the more we learn. There are reports crossing today that the agency that maintains the U.S. nuclear weapons stockpile was among those hacked. In plain language, how serious is this?
KING: It's extremely serious. You set it up. This is, I think - appears to be at this point the most serious cyberattack this country has ever endured. And there are two things that are particularly dangerous. One is it now looks like it started in March, and we're just finding out. That's a real problem. No. 2, we don't really know what their intentions are. We don't know whether this is espionage to steal information or sabotage to cause real damage. And we just don't know that yet. So I don't know if you're aware, I've spent the last year and a half co-chairing a national commission on cyber. And unfortunately...
KELLY: I do know, yeah.
KING: ...This is exactly what we've been concerned about. And this is terrible news. The good news is, in the National Defense Act that, as you know, is now sitting on the president's desk, there are 22 - or 26 different provisions from our report to improve our cyber defenses, one of which might have made a real difference in this case. So I'm very much hoping the president will put aside his reservations and sign this bill because those 26...
KELLY: Can you briefly just tell us what that one is that you think could have prevented this?
KING: Yes. It would allow CISA, the Cybersecurity and Infrastructure Security Administration, to so-called threat hunt on government networks. That is to test, to try to penetrate them, to try to hack them, to find where the vulnerabilities are. That's one of the provisions that's in the bill. I was just about to say, man, I hope the president signs this bill because this is the most important cyber bill ever passed by the Congress, let alone all the other pieces that are in the bill.
KELLY: Let me ask you, as a member of the Intelligence Committee, how big an intelligence failure this might represent given that it appears the National Security Agency and the Department of Homeland Security, with all their resources, learned about this from FireEye, a private cybersecurity firm, not the other way around.
KING: That - we still don't really have the background on that and how that could have happened because, as you say, the National Security Agency has amazing capabilities. But here, we had a private security agency that picked this up. But what it - you know, part of what it underlines, Mary Louise, is how complex this subject is. And cyber is the next phase of conflict. And it's cheap. That's one of the problems. It's a low-cost way for our adversaries to undermine what we're doing.
Imagine for a moment if instead of these government agencies, which is bad enough - but what if it had been the electric grid or the financial system or the air traffic control system? I mean, we are just incredibly vulnerable. And we've got to clean up our act. And we've got to tell these adversaries they're going to pay a price if they do - if they keep pulling this stuff on us.
KELLY: Do we know if the National Security Agency was breached?
KING: I do not know that. And if I did, I probably couldn't tell you because I would have...
KELLY: I had to ask.
KING: ...Learned it in a classified setting.
KELLY: To your knowledge, no - none of the intelligence agencies were briefed?
KING: To my knowledge.
KELLY: Do ordinary Americans - do we need to be worried about our data?
KING: Yes, absolutely. Absolutely. And if you think about it...
KELLY: How? I mean, if I don't have data in the Pentagon, how would ordinary Americans be swept up in this?
KING: Well, if you think they can hack the Pentagon, you know, why can't they hack Facebook or any other - you know, Twitter or anybody else that has data that pertains to you? I mean, this - what this points up is the overall vulnerability that we have and the fact that we've got to really drastically up our game in this area. Not only defensively, we've got to be able to detect hacks earlier. We've got to be able to respond to them. We've got to have a closer relationship between the federal government and federal agencies that work on this and the private sector. But as I mentioned, we also have to develop a deterrent policy so that our adversaries don't feel that they can do something like this to us without incurring a cost.
KELLY: Without consequences - well, we hope to speak to you again and get further into what the U.S. response should look like. That is Senate Intelligence Committee member Angus King, independent from Maine. He caucuses with the Democrats.
Senator, thank you.
KING: Thank you, Mary Louise. Transcript provided by NPR, Copyright NPR.