October 29, 2019
WASHINGTON, D.C. – Today, U.S. Senator Angus King (I-Maine), co-chair of the Cyberspace Solarium Commission (CSC), questioned Dana Deasy, nominee for Chief Information Officer at the Department Of Defense (DOD), on whether there are security risks associated with storing sensitive information through cloud technology. Senator King also questioned Deasy on the process through which the recent Joint Enterprise Defense Infrastructure (JEDI) contract was awarded to Microsoft, given suggestions by President Trump that he would intervene to prevent the contract from being awarded to rival company Amazon. Later in the hearing, Senator King questioned Mr. Deasy on frequency of cyberattacks on DOD infrastructure and ways to bolster cybersecurity.
“Let me ask you a question about the cloud that was touched on earlier. People in Maine have approached me and said, ‘why are we going to the cloud? You put everything in one place, doesn’t that increase vulnerability?’ [Mr. Deasy,] you talked about the three systems you saw in Afghanistan,” said Senator King. “One of the reasons our election system was not successfully attacked in 2018 is that it’s so diffuse. It’s state, local, it’s – someone described it as a hairball. It’s very hard to penetrate. It seems to me, if you have the cloud and everything’s there … if it is penetrated, it’s a bonanza for the adversary. Assure me that we’re not making a large-scale mistake here, by concentrating all of our assets in one place, hoping that it’s entirely secure, but, if it isn’t, it’s a disaster if it’s penetrated.”
The hearing also featured testimony from Lisa Hershman, nominee for Chief Management Officer at the Department Of Defense, and Robert Sander, nominee for General Counsel at the Department Of The Navy.
During his time in the Senate, Senator King has been a strong advocate for functional and effective cyber policy, and deterring cyberattacks on American elections and everyday life. Senator King and U.S. Senator Jim Risch (R-Idaho) introduced the Securing Energy Infrastructure Act, which was passed by the House of Representatives in July as part of their version of the NDAA. The legislation also passed the Senate in the upper chamber’s version of the NDAA, and is expected to be included in the final bill once it passes through the House/Senate conference process.
In late May, Senator King also cosponsored the Election Security Act, which would require voter-verifiable backup paper ballots and provide election security grants to states for cyber improvements and audits. Earlier that month, he highlighted the factors that could lead to election cybersecurity issues to members of the U.S. Election Assistance Commission (EAC), the commission who provide best practices when certifying voting machines. In March, Senator King sent a letter to the North American Electric Reliability Corporation (NERC) requesting information about NERC’s efforts to protect the United States’ bulk power system from supply chain vulnerabilities, particularly those posed by vendors from Russia and China. In a February hearing, Senator King emphasized the need for urgent action, and questioned NERC President and CEO James Robb about the dangers of foreign equipment in America’s energy grid.
As co-chair of the Cyberspace Solarium Commission, Senator King leads the Commission’s effort to develop a comprehensive national cyber policy with specific policy recommendations to implement and prioritize this approach. This work will culminate with a public report and rollout, including briefings with the congressional committees on defense, intelligence, and homeland security discussing the CSC’s findings and recommendations.