Cyber Warfare, Workforce, and Fixing the System: Top House Chairmen on the Digital Threat
Season 2 Episode 25 •Show Notes
In this special Independence Day episode of Cyber Focus, we bring together highlights from three influential House leaders shaping U.S. cyber policy: Chairman Mark Green (Homeland Security), Chairman Mike Rogers (Armed Services), and Chairman Rick Crawford (Intelligence). From digital warfare and offensive cyber capabilities to workforce development and interagency reform, this episode offers a rare look into how Congress is working to strengthen national security in the digital age.
Listen to their full interviews:
• Rick Crawford – We Are in a State of Digital Warfare
https://mccraryinstitute.com/podcast/cyber-focus/76/we-are-in-a-state-of-digital-warfar/
• Mike Rogers – Cyber, Space, and the Future of Warfare
https://mccraryinstitute.com/podcast/cyber-focus/64/cyber-space-and-the-future-of-warfa/
• Mark Green – Bridging the Cybersecurity Gap
https://mccraryinstitute.com/podcast/cyber-focus/9/bridging-the-cybersecurity-gap-cong/
Transcript
1
00:00:00,000 –> 00:00:01,000
Frank Cilluffo [00:00:00]:
Welcome to CyberFocus from the McCrary Institute, where we explore the people and ideas shaping and defending our digital world. I’m your host, Frank Cilluffo, and let me at the outset, wish everyone a happy Independence Day. Along those lines, we thought we’d take snippets from some of our congressional leaders and some of the most important conversations coming from Capitol Hill. This episode will include some commentary from Chairman of House Homeland Security Committee Mark Green, Chairman of the House Armed Services Committee Mike Rogers, and Chairman of the House Permanent Select Committee on Intelligence, Rick Crawford. Each one of them brings a very unique perspective to this issue and collectively paint an important picture of the work ahead for all of us and where Congress fits in. We’ll be discussing everything from cybersecurity workforce to digital warfare. And onward and upward. Here we go.
2
00:00:01,000 –> 00:00:02,000
Mark Green [00:00:57]:
Well, if you look at the challenge between the United States and China, one of the critical success factors will be talent management. And it’s interesting if you read Confucian writings, that’s what it’s about, how they built their governments even as early as 250 BC. It’s really about talent management. And we have to be in that game of talent management if we’re going to win in the challenge between us and China. We have a 500,000 person shortage in cybersecurity jobs in this country. Empty spaces with nobody to put in them. I was having the worldwide threats briefing and Director Ray, the Director of the FBI, came in. He said, if I take every single person that I have working cyber and put them exclusively on the China desk, we’ll still be outnumbered 50 to 1.
3
00:00:02,000 –> 00:00:03,000
Frank Cilluffo [00:01:55]:
Think about that. 50 to 1. Staggering.
4
00:00:03,000 –> 00:00:04,000
Mark Green [00:01:55]:
50 to 1. It’s staggering. And so obviously this became the number one imperative for us from a strategic standpoint of building our cyber defense. So that’s sort of the incentive behind it. I think that was your question. But you know, the Pivot Act, I think, responds very well to the needs to fill those jobs. There are programs that are out there and they’re good programs.
5
00:00:04,000 –> 00:00:05,000
Mark Green [00:02:20]:
We want to support those. In fact, in some of the legislation of the Pivot act, we actually encourage CISA to go and do more in those programs. But this, this one is ROTC like, and creates a scholarship program that will pay for a young person or really anyone. We titled it Pivot in case somebody wants to make a mid career change, right? So you basically get two years of a technical degree paid for. And I like focusing on the technical stuff because, you know, there are a lot of people, and we’ve learned this over the past 10 years, we push so many people to go to four year degree programs, the graduation rates, all of that stuff. So let’s focus on skills based.
6
00:00:05,000 –> 00:00:06,000
Mark Green [00:03:04]:
And so this is a skills based. Let’s give them the tools they need to do the job when they hit the ground at their workforce or workplace. And so that’s sort of the way it’s structured. We, we do two years, it’s paid for. You owe the government, you have to come work for government. And this is non DoD, right? The DoD has the ROTC program, but this is for non DoD, and the importance of what CISA does for particularly critical infrastructure, and I know you want to talk China later, but we’ve got to address this need. And so we think Pivot does that, supports other programs, and the goal is 10,000 graduates a year.
7
00:00:06,000 –> 00:00:07,000
Frank Cilluffo [00:03:44]:
Wow.
8
00:00:07,000 –> 00:00:08,000
Mark Green [00:03:44]:
So does it, does it solve the problem completely? No, but, but this is a good first step in addressing the workforce shortage in the country.
9
00:00:08,000 –> 00:00:09,000
Frank Cilluffo [00:03:54]:
And if I’m not mistaken, it also allows the service those two years they owe the government, can also include state, local, tribal, territorial.
10
00:00:09,000 –> 00:00:10,000
Mark Green [00:04:03]:
Absolutely, 100%.
11
00:00:10,000 –> 00:00:11,000
Frank Cilluffo [00:04:04]:
Which is where I think if you look at where our greatest vulnerabilities are, when you think about small states, big states, they face the same threat that the feds do and they don’t necessarily have the resources and capacity.
12
00:00:11,000 –> 00:00:12,000
Mark Green [00:04:15]:
And everyone’s connected. Right? So you find, they find they’re looking for the weak point, right? So where we can help the state and local governments in this particular area, which this will be huge.
13
00:00:12,000 –> 00:00:13,000
Frank Cilluffo [00:04:32]:
What about the workforce and cyber in particular? Any thoughts? I mean ultimately the numbers are staggering, they’re not good. And clearly from a recruiting standpoint, it’s not always going to be the traditional recruit that would necessarily the men and women joining our armed services. But it is back to some of that Silicon Valley thinking. Any thoughts on how we can start to square that circle?
14
00:00:13,000 –> 00:00:14,000
Mike Rogers [00:05:00]:
Yeah, I’ve been talking with folks in the tech world about this for several years, and my initial desire was to put together a brick and mortar digital service academy where federal employees, whether in the Defense Department in particular, but others could join in, would come to get a six week course. Anywhere from a six week course to a master’s degree in cybersecurity. And I was finally convinced that we really should be do this with rather than one school, just have a network of schools. So what we did is we have dramatically increased the digital service academy scholarships for people. They can go to Auburn, they can go to wherever.
15
00:00:14,000 –> 00:00:15,000
Frank Cilluffo [00:05:40]:
Yep. SFS and the like.
16
00:00:15,000 –> 00:00:16,000
Mike Rogers [00:05:42]:
Yep, that’s right. And I see that as probably the easiest way for us to try to expand the number. But you know, we’re still trying to get folks to tell us what is the best way for them. Because you’re right, there are going to be a lot of non traditional students and it may be some way that we find for them to learn online. I don’t know how, but it’s a big challenge, A, to find people, B, to make them want to work for the government and not the private sector, where it’s much more lucrative.
17
00:00:16,000 –> 00:00:17,000
Frank Cilluffo [00:06:10]:
Absolutely. I might note though, the mission, at the end of the day, that’s the one calling I think that is unique and I’ve said this on many episodes, but they do really cool things. And if you can then apply that 20 years later in the private sector, God bless, that’s a good calling. But I think the mission itself is essential. And the state, we recently had on Arthur Orr, who’s a state senator, and Matt Massey, who’s the president of the Alabama School for Cyber Technology and Engineering. This is the first magnet school focused on, I mean, yes, universities, honestly, we have a responsibility, not just an opportunity. We need to arm our next digital warriors and defenders. But I think that’s almost too late.
18
00:00:17,000 –> 00:00:18,000
Frank Cilluffo [00:07:02]:
We got to get them younger.
19
00:00:18,000 –> 00:00:19,000
Mike Rogers [00:07:03]:
Yeah. And as I was reminded when I talk with some of these tech leaders, it’s not just folks that have a bachelor’s, master’s, or a doctorate. We need people with an associate’s degree or maybe just a six month course in some basics where they can work at the lower functional levels. And that’s why I really think scholarships is the best way to get younger people to want to think about this early when they’re looking at career choices. And I have talked about the possibility of us taking existing employees and tell them, we’ll pay for you to go back to school like the military does, but then you’re required to work for us for four or five years after that. You know, the military does that with youngsters who want to go to medical school. They’ll pay for them to go to school and they go to medical school for four, five, six years, but then they have to serve in the military as a doctor for five or six years. And it’s a pretty good deal for both sides.
20
00:00:19,000 –> 00:00:20,000
Mike Rogers [00:08:04]:
So those kind of things I’m thinking about as a way to at least have that fully trained cyber warrior for five or six years. And it’s my hope that by the end of that five or six years, they do have a passion for the mission and we get to keep them and as I had some tech leaders tell me what the other enticement would be, is that if they will stay in our world and develop their skills, their marketability goes through the roof for the private sector. So there is a day that they will be able to cash in.
21
00:00:20,000 –> 00:00:21,000
Frank Cilluffo [00:08:36]:
Absolutely. And that’s a good thing as long as they’re serving. I mean, I don’t think we can think of any issue for life anymore. At the end of the day, you draw on the talent when you can. And we gotta push all the buttons, not just one or two, I think, to be able to keep up. We’re not winning the numbers game when it comes to the People’s Republic of China.
22
00:00:21,000 –> 00:00:22,000
Mike Rogers [00:08:55]:
No, we’re not.
23
00:00:22,000 –> 00:00:23,000
Frank Cilluffo [00:08:56]:
So we have to always be technologically more advanced and bring the best and the brightest into the fold.
24
00:00:23,000 –> 00:00:24,000
Frank Cilluffo [00:09:05]:
And we’ve had a lot of guests talk about NSA’s role, which is very significant. And I think SIGINT still accounts for the vast majority of the PDB. And SIGINT will always be at the top of the list. But HUMINT is also really important. And you chaired the CIA subcommittee. Do you see CIA’s role in cyber?
25
00:00:24,000 –> 00:00:25,000
Rick Crawford [00:09:25]:
I do. I mean obviously they are, you know, they have, you know, elements of the CIA that are strictly eat, sleep, breathe that mission set as well, that, that is complementary to and supportive of the NSA, who is obviously primary jurisdiction in cyber. But all of these agencies need to be diligent in that space. And CIA is no different. And they, you know, they obviously, they have programs that are tailored to their operations and so on, what they can do differently with different authorities and things of that nature. So each different element of the IC plays a little bit of a different role as it applies to cyber. Not only protecting their own equities and assets, but also how they may use that capability offensively as well.
26
00:00:25,000 –> 00:00:26,000
Frank Cilluffo [00:10:07]:
And one team, one fight.
27
00:00:26,000 –> 00:00:27,000
Rick Crawford [00:10:09]:
Exactly.
28
00:00:27,000 –> 00:00:28,000
Frank Cilluffo [00:10:09]:
And, and at the end of the day, I think people forget there’s a human behind the clickety clack of the keyboard.
29
00:00:28,000 –> 00:00:29,000
Rick Crawford [00:10:14]:
Absolutely, absolutely. And, and you know, we talk about AI all the time, but I don’t think you’re going to replace that completely. I mean…
30
00:00:29,000 –> 00:00:30,000
Frank Cilluffo [00:10:21]:
Not yet.
31
00:00:30,000 –> 00:00:31,000
Rick Crawford [00:10:22]:
Right. AI enhances your ability to, it’s it, it, it drives volume, it helps sort of triage information, helps prioritize, but it, it won’t ever replace the fine tuning and even sort of the instinct of an individual. That’s going to be really, really difficult to replicate. And that’s why HUMINT is such an important component of the overall intelligence picture. So we talk about SIGINT, you mentioned this as a big component of the PDB. True. But HUMINT is still, in my mind, is king. And so what we need to do is make sure that we are not becoming, sort of allowing that capability to degrade or to atrophy in any way that would hinder our ability to collect and be able to do the best we can with that collection.
32
00:00:31,000 –> 00:00:32,000
Mark Green [00:11:17]:
I think one of the greatest challenges we have has been matched with an incredible opportunity. Greatest challenge, wide bureaucracy not talking and communicating with one another, creating these, you know, they’re operating in silos, right? So they’re creating regulations that oftentimes even go so far as to contradict one another. We got to harmonize, right, what government is requiring of the private sector. Because if a company is spending more time complying than they are actually securing themselves, then we’re doing, government is doing harm.
33
00:00:32,000 –> 00:00:33,000
Mark Green [00:11:55]:
Would not be the first time that’s happened. So what we’ve got to do is go in here and I’ll tell you, I’ve been really impressed. I was impressed with my team putting the Pivot Act together, right? What they have…
34
00:00:33,000 –> 00:00:34,000
Frank Cilluffo [00:12:06]:
You do have a great team.
35
00:00:34,000 –> 00:00:35,000
Mark Green [00:12:07]:
I have a great team. They’re leaning forward on this. You know, I cast out these things I want, you know, my ideas and doggone.
36
00:00:35,000 –> 00:00:36,000
Frank Cilluffo [00:12:14]:
You gotta make sense of it all.
37
00:00:36,000 –> 00:00:37,000
Mike Rogers [00:12:16]:
Yeah.
38
00:00:37,000 –> 00:00:38,000
Mark Green [00:12:16]:
They bring it back. And so I’ve seen sort of the roadmap going forward for the harmonization stuff, and I’m really excited about that. I think, again, we can make a substantive difference. So the problem is the lack of harmonization and the contradiction. The opportunity is the Chevron deference ruling from the Supreme Court.
39
00:00:38,000 –> 00:00:39,000
Frank Cilluffo [00:12:34]:
Boom.
40
00:00:39,000 –> 00:00:40,000
Mark Green [00:12:35]:
Right? That’s the boom. And I actually have a bill that is a rolling repeal of every piece of bureaucracy, regulation that violates Chevron or, you know, that the ruling would cover. That’s sort of more global. More strategic and focused on this is the Harmonization Act. And we’re going to be working with the private sector. They’re going to be critical on this with the bureaucracy, working with the agencies. And we’re going to identify those areas. In the go forward, something we can do immediately is tell OMB, in a simple bill, you will not pass a new regulation or put a new regulation out there that is either duplicative or contradictory.
41
00:00:40,000 –> 00:00:41,000
Mark Green [00:13:20]:
And we make OMB sort of the, you know, funnel that everything has to go through. So in the go forward, nothing can be contradictory or duplicative. And then we got to go back and then it’s going to be every single piece. Yeah.
42
00:00:41,000 –> 00:00:42,000
Mark Green [00:13:35]:
And that’s not going to be easy, but it’s essential.
43
00:00:42,000 –> 00:00:43,000
Mike Rogers [00:13:40]:
My number one priority. And this is working in concert with Roger Wicker, the chairman of the Senate Armed Services Committee, is trying to get the Congress to understand, working with the administration, that we are at the lowest level of defense spending as a percentage of GDP since before World War II.
44
00:00:43,000 –> 00:00:44,000
Frank Cilluffo [00:13:57]:
Wow.
45
00:00:44,000 –> 00:00:45,000
Mike Rogers [00:13:58]:
It is dangerously low, 2.9% of GDP. We really should be closer to 5%. When you look historically that 4 to 5% range, that bandwidth is kind of the healthy area that you can count on your military being ready to be successful and more importantly, to deter aggression. And we’re not there. So that’s going to take a very substantial increase in defense spending. So that’s going to be our number one priority. And we’ve already been talking publicly about that. And then right behind that is we’ve got to force acquisition reform.
46
00:00:45,000 –> 00:00:46,000
Mike Rogers [00:14:36]:
The fact is, the Defense Department is the largest organization on the planet, which means it’s inherently bureaucratic. Even if it was a private sector organization, it would still be bureaucratic because it’s so large. But the acquisition system is just very risk averse, very bureaucratic, very slow. It takes years, and I mean sometimes a decade to get a new weapons system from concept into use. That is unacceptable, especially how fast technology changes now. We’ve given the Department over the last decade or so a lot of authorities to go faster. They just won’t use it. They’re culturally indoctrinated to do what they do.
47
00:00:46,000 –> 00:00:47,000
Mike Rogers [00:15:16]:
So we’re going to be forcing them to take more commercial approach to acquisition to speed along the process, in part because we need to get new technologies to the war fighter faster. But secondly, we need defense contractors to want to deal with us and they don’t want to deal with a process that takes eight or 10 years. So that’s, the big difference in acquisition reform this time from what we’ve done in the past is this time we are going to make them use the authorities, not just say, here’s some authorities to go faster.
48
00:00:47,000 –> 00:00:48,000
Frank Cilluffo [00:15:47]:
Which is great because again, this isn’t a new problem, but I think it’s really front and center to be able to, again, push capabilities down to the war fighter to get things done. And that is essential that we stay ahead technologically.
49
00:00:48,000 –> 00:00:49,000
Mike Rogers [00:16:05]:
Or at least stay up.
50
00:00:49,000 –> 00:00:50,000
Frank Cilluffo [00:16:07]:
Exactly. At the very least. My argument, we always want to be ahead. And there are certain technologies where that just moves like this. I mean, whether it’s software or all the way down to two big emerging technologies, such as Quantum and, and the like.
51
00:00:50,000 –> 00:00:51,000
Frank Cilluffo [00:16:25]:
And I do think these are races we cannot afford to lose.
52
00:00:51,000 –> 00:00:52,000
Mike Rogers [00:16:29]:
It’s a great example, let me tell you. Last fall, we did something the Armed Services Committee hadn’t done in decades, and that is, we did a full committee hearing in Silicon Valley. And I think it was in September of last year. And the point was to talk with folks out in the tech world about what we need to be doing differently. And to touch on the point you just brought up, they were making reference to what’s happening in Ukraine. Drones have revolutionized the fighting of war. And they made this point that we right now can produce several thousand, maybe ten, twenty thousand drones a month. And they said we need to have in our stockpile millions.
53
00:00:52,000 –> 00:00:53,000
Mike Rogers [00:17:12]:
And the first response they got back from members in that hearing was, wait a minute, you want us to buy millions of drones knowing that the software that operates them is going to be antiquated in less than six months?
54
00:00:53,000 –> 00:00:54,000
Frank Cilluffo [00:17:27]:
And made from BGI, right? So that’s the other thing.
55
00:00:54,000 –> 00:00:55,000
Mike Rogers [00:17:29]:
Well, they made the point, we don’t need to touch them to upgrade them. And it’s like nobody thought of that in our world. And their point was, you can put a multimillion warehouse stockpile of drones together and we can upgrade them every week or every month without touching them. And those are the kind of changes that we need to make sure that we can move with the speed of relevance on and just think differently. We’ve always just thought, you buy the drones when you need them, you put them in a warehouse, and they sit there and rot for years. But that’s not the case anymore.
56
00:00:55,000 –> 00:00:56,000
Frank Cilluffo [00:18:07]:
And, I mean, the nature of combat, war fighting, and threats generally is changing so rapidly, and we do need to stay ahead.
57
00:00:56,000 –> 00:00:57,000
Rick Crawford [00:18:20]:
We have to start playing a more proactive role. And, you know, quite frankly, the government can step it up, can do some things differently to protect the private sector, but it’s also on the private sector to play a role in protecting themselves. What I think we’re lacking, and you mentioned supply chain. I’ll give you an example of something we did as we, I try to find the nexus among my committee assignments, TNI, Agriculture, and Intel.
58
00:00:57,000 –> 00:00:58,000
Frank Cilluffo [00:18:45]:
Great committees.
59
00:00:58,000 –> 00:00:59,000
Rick Crawford [00:18:46]:
Right. So we did this in the ag space. In the last IAA, or maybe it was two versions ago, we actually authorized ODNI essentially to create an office that interacted with USDA with appropriately cleared personnel to address the potential for agro terrorism, the cyber threat to ag infrastructure, things of this nature. And the subject matter expertise that resides in USDA needs to be tapped as it applies to Title 50 concerns. So we did that, and the previous administration refused to follow through on that, even though I got in committee, I got a commitment from the previous DNI, Director Haynes, and that has yet to be acted on. So I’ve talked to Director Gabbard and she said, I’m all in. Here’s why. Because we had two more potential attacks, recent arrests on what could have been a bioterrorism or agro terrorism threat.
60
00:00:59,000 –> 00:01:00,000
Rick Crawford [00:19:41]:
And this is where we need that USDA expertise. ODNI needs to be bought in completely and then see that through to the end state of an arrest to take them into custody and then adjudicate those individuals. This is a sort of a holistic approach to how we address it using the subject matter expertise that resides in a given agency. If we can do that with USDA, we can do it with DoT. So we can now talk about trying to close those gaps, identify those weaknesses and vulnerabilities that exist in the supply chain through the subject matter expertise that resides in the agency that has jurisdiction.
61
00:01:00,000 –> 00:01:01,000
Frank Cilluffo [00:20:16]:
And I love that you’re looking at it in a, not through one committee’s lens, because oversight is hard on issues like this. It touches every committee.
62
00:01:01,000 –> 00:01:02,000
Rick Crawford [00:20:26]:
One of the things, and you just touched on something I think it’s important to note, one of the things that’s never happened in this committee that we’re doing now, and that is to engage other committees through their chairs. So what we did was we created, we expanded rule, we call it Rule 14, that allows us to read in a committee chair of jurisdiction if and when the subject matter resides in their jurisdictional purview. So if we had something that was relevant to, for example, Energy and Commerce, we would go in and get the Energy and Commerce chairman and the ranking member and their cleared, one cleared staff for each and allow them to come in and sit in ex officio to hear that briefing. We’ve been able to do that on three occasions now in this Congress. And we think it’s a game changer because now what this does is it better informs the legislative process. It de conflicts and makes those, even though the chairs can’t walk out of there and…
63
00:01:02,000 –> 00:01:03,000
Frank Cilluffo [00:21:18]:
So the Rules Committee doesn’t drive everything.
64
00:01:03,000 –> 00:01:04,000
Rick Crawford [00:21:21]:
Right. You can’t as a chairman go, well, listen, I just got this brief in Intel. You’ve got to now go and say, look, I think my committee members trust me. And when I say we need to pump the brakes on this particular piece of legislation because it might create a conflict from a national interest, a national security interest, you know, you have to understand that I just got a briefing on this. Although I can’t share it with you, I can say with confidence we may be misguided in this approach or we might want to keep our powder dry on this one until we get some better direction from some national security advisors or whatever. But we feel like this is a way to bring them in in a way that not everybody can be a participant in that process. But reading them in on an as needed basis for those committee chairmen we think is a game changer in making us more effective legislators.
65
00:01:04,000 –> 00:01:05,000
Frank Cilluffo [00:22:09]:
Well, firstly, from a governance standpoint, that’s really refreshing to hear and I hope other chairs follow that lead because, because many of the challenges we deal with don’t fit neatly in one box or another. It transcends all of that. So hats off, I hope that you continue to move that needle.
66
00:01:05,000 –> 00:01:06,000
Rick Crawford [00:22:30]:
It’s been working pretty well.
67
00:01:06,000 –> 00:01:07,000
Frank Cilluffo [00:22:32]:
It’s a governance issue, leadership on the Hill. That’s great to hear.
68
00:01:07,000 –> 00:01:08,000
Frank Cilluffo [00:22:38]:
I mean, the nature of combat, war fighting and threats generally is changing so rapidly and we do need to stay ahead. And I might add, when it comes to UAS and drones, also defending, defending against swarms I think is a pretty hot button issue.
69
00:01:08,000 –> 00:01:09,000
Mike Rogers [00:22:58]:
And that’s why Ukraine has been a real test bed. It’s just been a laboratory.
70
00:01:09,000 –> 00:01:10,000
Frank Cilluffo [00:23:03]:
Movie coming to a theater near you, right?
71
00:01:10,000 –> 00:01:11,000
Mike Rogers [00:23:04]:
That’s right. Both sides, the Russians and the Ukrainians have evolved multiple times on their ability to take down incoming drones with various technologies. And every time whatever they’ve been using is not working, they evolve and try to find a new way. It’s been fascinating. It’s a thing for us to keep in mind as we think about combat with China in the Indo Pacific.
72
00:01:11,000 –> 00:01:12,000
Frank Cilluffo [00:23:28]:
And I know you’ve thought about this, and clearly all the recent typhoons, Volt Typhoon and, and Salt Typhoon and to a lesser extent Flax, but it does have some implications, demonstrates one of our adversaries intent. And with Volt, which is very different than say Salt, there was no espionage value, there was no tactical military value. That’s just literally owning our systems in the event they want to move. And Guam was pretty front and center in all of that.
73
00:01:12,000 –> 00:01:13,000
Mike Rogers [00:24:00]:
And it will be. You know, that’s the thing that I’ve tried to emphasize to my colleagues in the House that aren’t on the committee because we on the committee know it. Guam has a big target on it, number one target by China. If we get into a conflict, we have a lot of upgrades that we have to make at Guam. Well, first of all, just like you said repairs from the weather, the storms they’ve suffered, but a lot of defensive capability because it will be target number one.
74
00:01:13,000 –> 00:01:14,000
Frank Cilluffo [00:24:27]:
Absolutely. And I might just note, not that you haven’t thought about this, but also submersibles under sea. That to me is the domain we have. I mean, you’ve been a incredible advocate for space and I think it’s inextricably interwoven with our economy and obviously our national defense. But the next domain is actually probably under sea. Right?
75
00:01:14,000 –> 00:01:15,000
Mike Rogers [00:24:50]:
And it’s going to be unmanned.
76
00:01:15,000 –> 00:01:16,000
Frank Cilluffo [00:24:51]:
Yeah, it’s all unmanned.
77
00:01:16,000 –> 00:01:17,000
Mike Rogers [00:24:53]:
The Anduril already has a new unmanned submersible that we’re using, but a lot of companies are going to go into that. And you’re exactly right. We’re going to be doing swarms underground just like we’re doing swarms in the air. You’re going to find the use of unmanned fighter jets is going to be very commonplace. We’re already doing some of that now, but it’s going to be a lot more than that.
78
00:01:17,000 –> 00:01:18,000
Frank Cilluffo [00:25:16]:
And big implications.
79
00:01:18,000 –> 00:01:19,000
Frank Cilluffo [00:25:21]:
When we think of cyber, it’s, it is its own domain, but it transcends air, land, sea, space. When you think, space as well, by the way, it transcends air, land, sea, cyber. So undersea and, and some things that we don’t always think about in terms of cyber and protecting our critical infrastructure is part of our border. But we have to push it out, don’t we?
80
00:01:19,000 –> 00:01:20,000
Mark Green [00:25:43]:
We do, yeah, absolutely.
81
00:01:20,000 –> 00:01:21,000
Frank Cilluffo [00:25:44]:
And, and ultimately we’re never going to simply firewall or defend our way out of this problem. We need to impose cost and consequence on bad behavior.
82
00:01:21,000 –> 00:01:22,000
Mark Green [00:25:54]:
So you, you bring up really two…
83
00:01:22,000 –> 00:01:23,000
Frank Cilluffo [00:25:56]:
I’m already there, so I’m sorry. I jump fast.
84
00:01:23,000 –> 00:01:24,000
Mark Green [00:25:58]:
You kind of bring up two important points. But yeah, I, look, we need redundancy. That’s, that’s an issue, right? You look at CrowdStrike and what it taught us, the cost of that 5 billion, going back to the cost of the Pivot Act. I mean, just CrowdStrike cost us $5 billion. So I think we probably could be smart to afford it.
85
00:01:24,000 –> 00:01:25,000
Mark Green [00:26:16]:
Right? But anyway, I digress. We have got to create redundancy in our systems. So, you know, we’re on from harmonization and synchronization now to that. The other issue is the economic models that support threat actors. Okay? And some of those are intrinsic to ourselves and some of them are extrinsic. The intrinsic ones are where, you know, we allow businesses to go put a product out there that has vulnerabilities in it.
86
00:01:25,000 –> 00:01:26,000
Mark Green [00:26:50]:
And I get the, I ran a healthcare company. I get first to market. If you could be, we were hoping to be the first to market when I ran my health care company with, with a system where you could actually log into the ER from home and do a telemedicine interview from home, and we were gonna brand it and do all that. So I get the concept. It’s out there now that I’ve sold the company. But anyway, the point is, if you can be first to market, that’s a competitive advantage.
87
00:01:26,000 –> 00:01:27,000
Frank Cilluffo [00:27:16]:
Absolutely.
88
00:01:27,000 –> 00:01:28,000
Mark Green [00:27:17]:
Well, if you rush a product to market, to be the first to market, and it’s got vulnerabilities, you could put the whole system at risk. So we’ve got to figure this one out. And reversing that economic model, there are a lot of different courses of action, but it’s not palatable to anyone. But that’s a challenge. Just because it’s hard doesn’t mean we run from it.
89
00:01:28,000 –> 00:01:29,000
Frank Cilluffo [00:27:39]:
Exactly.
90
00:01:29,000 –> 00:01:30,000
Mark Green [00:27:40]:
Okay?
91
00:01:30,000 –> 00:01:31,000
Frank Cilluffo [00:27:41]:
Never quit.
92
00:01:31,000 –> 00:01:32,000
Mark Green [00:27:42]:
Never quit. So you got two different pieces to this, and we have to address both of them.
93
00:01:32,000 –> 00:01:33,000
Frank Cilluffo [00:27:48]:
And the other side of that economic model is, I would argue for a while, we’ve been blaming the victim. An entity gets hacked, and you can’t expect even the biggest companies to defend themselves against China, Russia, Iran, North Korea, you name the bad actors. So we’ve got to sort of even that playing field as much as we can as well. Correct on that?
94
00:01:33,000 –> 00:01:34,000
Mark Green [00:28:12]:
Yeah. And that starts with the compulsory compliance stuff that we give these guys, right? So that’s sort of the step one to this. But step two is a real partnership. Maybe that begins with the harmonization stuff, but then we can move that forward to actual protecting first critical infrastructure and then our economy and people. I mean, you can hack, you can hack pacemakers. So this ultimately has the threat to American lives.
95
00:01:34,000 –> 00:01:35,000
Frank Cilluffo [00:28:46]:
Individuals.
96
00:01:35,000 –> 00:01:36,000
Mark Green [00:28:47]:
Individuals, too. So I have a strong belief that we have to, as a country, own the fact that these businesses can’t protect themselves against nation states. And we have an obligation. I spent 24 years in the army defending the country, right? So I see that as something that we have to do.
97
00:01:36,000 –> 00:01:37,000
Frank Cilluffo [00:29:12]:
At the end of the day, if we’re gonna punch, we have to be able to take a punch. Right? And we have a lot to lose. But I do think we can’t just defend. At the end of the day, if you want to impose cost or consequence on bad behavior, there have to be consequences. So hopefully we’ll see some of that, but do so in a smart, measured kind of way, because we have a lot to lose, too, and others will pay the price for that. Industry will.
98
00:01:37,000 –> 00:01:38,000
Rick Crawford [00:29:37]:
One other thing I would point out too, as a forward leaning posture as it applies to cyber, we are good at defensive cyber. I think where we sort of lose focus is when we try to differentiate between defensive and offensive. In many cases we call offensive cyber is actually defensive in the way that it’s…
99
00:01:38,000 –> 00:01:39,000
Frank Cilluffo [00:29:59]:
It’s like a linebacker, right? You’re blitzing the other team, but you’re still defense.
100
00:01:39,000 –> 00:01:40,000
Rick Crawford [00:30:03]:
That’s right. And so yes, we can be, you know, you know, we have safeguards in a system or a network that help us to identify threats. That’s not offensive cyber.
101
00:01:40,000 –> 00:01:41,000
Frank Cilluffo [00:30:15]:
I agree.
102
00:01:41,000 –> 00:01:42,000
Rick Crawford [00:30:16]:
So we’ve got to wrestle with the authorities that give an entity like Cybercom the ability to go on offense because what we know, our adversaries are in our networks, they’re in our systems, they’re threatening critical infrastructure. Is there any reason why we shouldn’t do that? Because we are living in a, in a state of digital warfare.
103
00:01:42,000 –> 00:01:43,000
Frank Cilluffo [00:30:35]:
Absolutely.
104
00:01:43,000 –> 00:01:44,000
Rick Crawford [00:30:36]:
And so it’s happened every day and it’s, as long as we continue to be in a defensive posture, this will continue to be a pervasive problem.
105
00:01:44,000 –> 00:01:45,000
Frank Cilluffo [00:30:44]:
Thank you for joining us for this episode of Cyber Focus. If you liked what you heard, please consider subscribing. Your ratings and reviews help us reach more listeners. Drop us a line if you have any ideas in terms of topics, themes or individuals you’d like for us to host. Until next time, stay safe, stay informed and stay curious.