February 23, 2021
WASHINGTON, D.C. – Today, U.S. Senator Angus King (I-Maine), co-chair of the Cyberspace Solarium Commission (CSC), questioned SolarWinds CEO Sudhakar Ramakrishna and top cybersecurity industry experts about the risks posed by the recent cyber intrusions into key American systems – within both the public and private sectors – and the importance of strengthening America’s cyberdefenses to support national security. During today’s hearing in the Senate Select Committee on Intelligence, Senator King emphasized the need to not only defend our systems, but defend forward by strengthening deterrence of cyberattacks. Senator King also highlighted the value of building international consensus in order to confront malicious cyber actors.
“Mr. Mandia, I’ll give you another analogy to use…‘If all we ever did was lock our windows and robbers never had worry about going to jail, there would be a lot more robbers,’” said Senator King to FireEye CEO Kevin Mandia. “I think deterrence is one of the more important parts of a national strategy, and frankly it’s one that hasn’t been very well-developed in this country and as you pointed out I think, it has to be declared. It has to be public. The adversary has to know what the capabilities are and that costs will be imposed.
“That leads me to a second point that I think [Microsoft President] Brad Smith mentioned but we didn’t really develop, and that is the importance of international internationalizing this problem and that is working with our allies – because we are not the only ones. I think you mentioned there was an attack on a French company…to the extent we have the international community and the establishment of some kind of norms, redlines, guardrails, whatever you want to call them – then things like sanctions are much more effective. I want the hackers to not be able to go to Monte Carlo as well as Miami. So deterrence is key, and the international piece of it is also important.
“And the final thing that I think has come out today, and very clearly, is the importance of some kind of joint collaborative environment where there can be an easy, quick and efficient flow of information. Liability protection may be necessary, anonymizing the data may be necessary, but some kind of mandatory breach notification is also a part of this package. All of these bills, all of these ideas, by the way, are part of the work we are going to be doing on the Solarium this year and I look forward to working with the members of this committee on things like the collaborative environment, breach notification, the international aspect of it.”
As a member of the Senate Armed Services Committee, the Senate Select Committee on Intelligence, and co-chair of the Cyberspace Solarium Commission, Senator King is recognized as one of Congress’s leading experts on cyber defense and a strong advocate for a forward-thinking cyber strategy that emphasizes layered cyber deterrence. He voted in favor of the Senate’s passage of the National Defense Authorization Act (NDAA) for Fiscal Year 2021, which includes 25 bipartisan cybersecurity recommendations from the Cyberspace Solarium Commission. The legislation became law earlier this year after Senator King and the overwhelming majority of his colleagues voted to override President Trump’s veto.
The CSC was established by statute in the 2019 NDAA, officially launched in April 2019, and will continue to execute its statutory mission through December 2021. The Commissioners convened nearly every Monday that Congress was in session for a year, and its staff conducted more than 400 engagements, drawing upon the expertise of corporate leaders, federal, state and local officials, academics, and cybersecurity experts. The meetings and the ensuing report sought to strengthen America’s posture in cyberspace and identify opportunities to improve our national preparedness to defend ourselves against cyberattacks.
Witnesses at today’s hearing included Kevin Mandia, CEO of FireEye; Sudhakar Ramakrishna, CEO of SolarWinds; Brad Smith, President of Microsoft; and George Kurtz, President and CEO of CrowdStrike.