“We Are in a State of Digital Warfare”: Chairman Rick Crawford on the Cyber Frontlines
Season 2 Episode 23 •Show Notes
In this episode of Cyber Focus, host Frank Cilluffo sits down with Congressman Rick Crawford, Chairman of the House Permanent Select Committee on Intelligence. They explore the evolving cyber threat landscape—from Chinese infiltration of U.S. supply chains to the rise of paramilitary cartels leveraging advanced digital tools. Crawford shares his perspective on offensive cyber capabilities, domestic counterintelligence reform, and efforts to close legislative blind spots through inter-committee collaboration. The conversation also covers critical infrastructure vulnerabilities, agricultural data security, and the strategic role of open-source intelligence in modern national security.
Main Topics Covered:
- China’s cyber-enabled influence operations in the Western Hemisphere
- The evolution of cartels into cyber-capable paramilitary organizations
- Counterintelligence gaps within the U.S. and the need for stronger domestic protections
- Hardware vulnerabilities in supply chains, agriculture, and freight logistics
- Debate over splitting NSA and U.S. Cyber Command leadership (“dual-hat” issue)
- Legislative focus on reauthorizing CISA and addressing liability protections for reporting
- The national security importance of open-source intelligence (OSINT)
Key Quotes:
“We are living in a state of digital warfare… As long as we continue to be in a defensive posture, this will continue to be a pervasive problem.” —Chairman Rick Crawford
“[The cartels] have evolved into essentially a paramilitary organization… this is not the 1980s and they are very much a sophisticated adversary.” —Chairman Rick Crawford
“It’s [China’s] ability to seed critical infrastructure elements…that gives them a foray into our supply chain. That makes us very, very vulnerable.” —Chairman Rick Crawford
“[Open source intelligence] comprises about 25% of the President’s Daily Brief. That’s significant… but it doesn’t have the appropriate level of attention paid to it.” —Chairman Rick Crawford
“We either need to be all in [on Cyber Command] as a combatant command and then stand it up and authorize it the way it should be, fund it appropriately and organize it appropriately, or we need to say we think the NSA can do this and make this sort of a subsidiary of the NSA.” —Chairman Rick Crawford
Relevant Links and Resources:
· Learn more about Congressman Rick Crawford: https://crawford.house.gov
· House Permanent Select Committee on Intelligence: https://intelligence.house.gov
Guest Bio:
Rep. Rick Crawford represents Arkansas’s First Congressional District and serves as Chairman of the House Permanent Select Committee on Intelligence. A former Army EOD technician, Crawford brings a national security lens to issues ranging from intelligence oversight and supply chain security to cyber threats in agriculture. He also serves on the Transportation and Infrastructure Committee and the Agriculture Committee, positioning him uniquely to address cybersecurity across critical infrastructure sectors.
Transcript
1
00:00:00,000 –> 00:00:01,000
Rick Crawford [00:00:00]:
We’ve got to wrestle with the authorities that give an entity like Cybercom the ability to go on offense. Because what we know, our adversaries are in our networks, they’re in our systems, they’re threatening critical infrastructure. We are living in a state of digital warfare. As long as we continue to be in a defensive posture, this will continue to be a pervasive problem.
2
00:00:01,000 –> 00:00:02,000
Frank Cilluffo [00:00:21]:
Welcome to Cyber Focus from the McCrary Institute, where we explore the people and ideas shaping and defending our digital world. I’m your host, Frank Cilluffo, and this week we’re in for a real treat. I have the opportunity to sit down with the Chairman of the House Permanent Select Committee on Intelligence. Chairman Rick Crawford is a former Army veteran or is an Army veteran, had tours overseas, he was an EOD tech, so that means he’s in the real deal in terms of service. He’s been, he represents the first district in the great state of Arkansas, has served on the Intelligence Committee for seven, eight years, and is now Chairman. So really excited. Can’t ask for a better guest to talk about the threat environment we’re dealing with today and how our women, men in the intelligence and national security community can ameliorate that risk.
3
00:00:02,000 –> 00:00:03,000
Frank Cilluffo [00:01:16]:
So, Chairman Crawford, thank you for joining us.
4
00:00:03,000 –> 00:00:04,000
Rick Crawford [00:01:18]:
You bet. Good to be here.
5
00:00:04,000 –> 00:00:05,000
Frank Cilluffo [00:01:19]:
Yeah. Really excited. I know you’re on the heels of having all the budget posture hearings, so you’ve heard from the entire alphabet soup of the intelligence community leadership. And I thought we’d start with where do you see the threat environment today? What keeps you up at night? What keeps you focused?
6
00:00:05,000 –> 00:00:06,000
Rick Crawford [00:01:34]:
Well, you know, kind of the theme of what we’re talking about today is cyber is pervasive and all inclusive. It covers, you know, the gamut on, you mentioned the alphabet soup. Everyone is impacted playing a role in that space. So that is prevalent. What keeps me up at night, if we’re, you know, being quite honest, it’s really the pervasive China threat, and particularly as it applies to our own hemisphere. So we can attribute that to a variety of factors, but I think the biggest one is the fact that we have shifted so many assets over the 20 plus years of the global war on terror to really drive that, that we left our neighborhood unguarded. And over the last 20 plus years, China has been playing in that space and been doing it very effectively and aggressively, and we have to shore that up.
7
00:00:06,000 –> 00:00:07,000
Rick Crawford [00:02:18]:
We’ve got to go back and sort of redouble our efforts in our own hemisphere, in our neighborhood, if you will, and I think just do a better job of giving these countries alternatives. They’ll all tell me, and I’ve met with many heads of state and nations in the hemisphere and they’ll all tell me you’re our preferred partner, and then they’ll turn around and jump into a deal with China before the dust settles on that sentence.
8
00:00:07,000 –> 00:00:08,000
Frank Cilluffo [00:02:43]:
Buying soccer stadiums.
9
00:00:08,000 –> 00:00:09,000
Rick Crawford [00:02:44]:
Exactly. That’s a prime example. It’s a short term sort of vision for them, but it’s part of China’s long term vision and that is for them to get a foothold in our hemisphere and really try to supplant the US leadership role, particularly as it applies to our neighbors in the hemisphere.
10
00:00:09,000 –> 00:00:10,000
Frank Cilluffo [00:03:05]:
And do you think, clearly strategic from the Communist Party of China’s perspective, but very transactional. Right?
11
00:00:10,000 –> 00:00:11,000
Rick Crawford [00:03:12]:
Of course.
12
00:00:11,000 –> 00:00:12,000
Frank Cilluffo [00:03:12]:
They’re one and done. Right?
13
00:00:12,000 –> 00:00:13,000
Rick Crawford [00:03:13]:
Of course. And you mentioned kind of a charm offensive. Some people call it debt trap, diplomacy. Any number of terms that you might use to sort of characterize the way they engage with these countries. It’s not unique to the Western hemisphere. We see it in sub Saharan Africa, we see it in other parts of the world as well. And you know, the Australians are equally concerned about this in their region and they should be. And it’s because they will exploit financial need in many cases.
14
00:00:13,000 –> 00:00:14,000
Rick Crawford [00:03:44]:
It’s almost like a hostile takeover. They’ll offer these ultra friendly terms. I know of cases where they’ve offered countries zero interest over a period of time. And of course the default is the real story. When you default on a loan and they essentially take ownership of that asset. That asset could be a port, it could be any number of, it could be a bridge, it could be something that gives them a foothold in that country. And so we have to be better, smarter, more diligent, more vigilant to really create more options for our allies and better position us to deal with the China threat.
15
00:00:14,000 –> 00:00:15,000
Frank Cilluffo [00:04:22]:
You know, and I’ve had this discussion with colleagues recently. It’s kind of crazy if you think about it. Very little attention on our backyard in the Americas. You speak to most of the think tanks. They’re going to look at Asia, they’re going to look at the Middle East, they’re going to look at the transatlantic partnership. But it seems to me that this is an area that warrants and demands more attention, both from China’s influence and Russia’s influence and others, but also the region itself. If I’m not mistaken, you have a cartel task force that’s up and running. And I think, anything you want to share on that, by the way?
16
00:00:15,000 –> 00:00:16,000
Rick Crawford [00:05:02]:
Yeah. Dan Crenshaw is a member that is steeped in this subject matter. He’s the lead on that task force that is, it’s a task force authorized by the House Permanent Select Committee on Intelligence for the express purpose of actually getting after this cartel threat. Now, you could have put this in various other committees. The reason it resides in HPSCI is because of the access to certain kinds of programs that better inform decision making as it applies to how we get after that threat. And so with his background and subject matter expertise
17
00:00:16,000 –> 00:00:17,000
Frank Cilluffo [00:05:37]:
And the ability to unleash tools, right? And capabilities.
18
00:00:17,000 –> 00:00:18,000
Rick Crawford [00:05:38]:
Correct. You know, and so what we’re about really is collecting the information and making recommendations to the committees of authority who can actually authorize that action. So he’ll take the lead on that. We have two members on our side that are also subcommittee chairs. One of them is Brian Fitzpatrick, who chairs the subcommittee on CIA, and the other is Darren LaHood, who chairs the subcommittee on NSA. Those are the three on our side. On the other side, I believe it’s Jason Crow and Chrissy Houlihan, if I’m not mistaken. So what we have are five very responsible sort of veteran members of this committee who I think will do a very good job helping us cover down on that problem.
19
00:00:18,000 –> 00:00:19,000
Frank Cilluffo [00:06:20]:
Great. And there’s also been some legislation passed in last year’s NDAA, if I’m not mistaken, to designate state, in essence, state sponsors of cybercrime. And I do think that this becomes more relevant. We recently had Admiral Mike Rogers on, and he talked about his initial cyber campaign at NSA Cybercom against ISIS. Do you think we could see more in terms of going after the cartels through cyber means?
20
00:00:19,000 –> 00:00:20,000
Rick Crawford [00:06:48]:
Yeah, because I think it’s important to note that the cartels are not these, you know, just sort of rudimentary gangs that are driving around, you know, stirring up trouble. They’re very sophisticated. They have evolved into business entities. It’s like the evolution of any criminal enterprise. They do reshape over time. They seek to legitimize. They want to try to find ways to weave themselves into legitimate businesses, into government, things of this nature. And cyber certainly will play a role in that, their ability to engage in that space.
21
00:00:20,000 –> 00:00:21,000
Rick Crawford [00:07:26]:
And also think about crypto. I mean, their ability now to be able to hide money for their illegal and illicit actions and things of this nature. So the cartels are extremely sophisticated, very well funded. And so not only is that a problem for us in cyberspace, but it’s a problem for us in terms of how we engage them in a kinetic sense. Are we going to go in there and physically wage war on cartels? I don’t think so. But if we did, keep in mind that they’re very well armed and very well trained because they have evolved into essentially a paramilitary organization that protects their own assets and their leadership and so on. So it’s not just as, this is not the 1980s, and they are very much a sophisticated adversary. And then the outsize influence they have, not only obviously in Mexico, but in other areas where they’re doing business.
22
00:00:21,000 –> 00:00:22,000
Frank Cilluffo [00:08:19]:
And we’ve had a lot of guests talk about NSA’s role, which is very significant. And I think SIGINT still accounts for the vast majority of the PDB. SIGINT will always be at the top of the list. But HUMINT is also really important. And you chaired the CIA subcommittee. Do you see CIA’s role in cyber?
23
00:00:22,000 –> 00:00:23,000
Rick Crawford [00:08:39]:
I do. I mean, obviously they are, you know, they have, you know, elements of the CIA that are strictly eat, sleep, breathe that mission set as well, that that is complementary to and supportive of the NSA, who is obviously primary jurisdiction in cyber. But all of these agencies need to be diligent in that space. And CIA is no different. And they, you know, they obviously, they have programs that are tailored to their operations and so on, what they can do differently with different authorities and things of that nature. So each different element of the IC plays a little bit of a different role as it applies to cyber, not only protecting their own equities and assets, but also how they may use that capability offensively as well.
24
00:00:23,000 –> 00:00:24,000
Frank Cilluffo [00:09:21]:
And one team, one fight.
25
00:00:24,000 –> 00:00:25,000
Rick Crawford [00:09:23]:
Exactly.
26
00:00:25,000 –> 00:00:26,000
Frank Cilluffo [00:09:23]:
And at the end of the day, I think people forget there’s a human behind the clickety clack of the keyboard.
27
00:00:26,000 –> 00:00:27,000
Rick Crawford [00:09:29]:
Absolutely, absolutely. And you know, we talk about AI all the time, but I don’t think you’re going to replace that completely. I mean…
28
00:00:27,000 –> 00:00:28,000
Frank Cilluffo [00:09:35]:
Not yet.
29
00:00:28,000 –> 00:00:29,000
Rick Crawford [00:09:36]:
Right. AI enhances your ability to, it drives volume, it helps sort of triage information, helps prioritize, but it won’t ever replace the fine tuning and even sort of the instinct of an individual. That’s going to be really, really difficult to replicate. And that’s why HUMINT is such an important component of the overall intelligence picture. So we talk about SIGINT.
30
00:00:29,000 –> 00:00:30,000
Rick Crawford [00:10:02]:
You mentioned this as a big component of the PDB. True. But HUMINT is still, in my mind, is king. And so what we need to do is make sure that we are not becoming, sort of allowing that capability to degrade or to atrophy in any way that would hinder our ability to collect and be able to do the best we can with that collection.
31
00:00:30,000 –> 00:00:31,000
Frank Cilluffo [00:10:28]:
You know, and I want to get back to that discussion on another initiative you spearheaded, and that is the standup of a subcommittee on Open Source Intelligence, which maybe lets us then focus on what we really need to focus, the most secret of our capabilities. But I’ll table that for a second. I’d be curious, in terms of, you talked about China’s influence in the Americas and the Caribbean and elsewhere. What do we need to be doing, and what do you think HPSCI’s role is from a counterintelligence perspective? Is our posture where it needs to be?
32
00:00:31,000 –> 00:00:32,000
Rick Crawford [00:11:02]:
No, I think we are, in fact, we are engaged in trying to reform and enhance counterintelligence capabilities within CONUS, also around the world. Our counterintelligence is probably the weakest here at home. And I say that because we live in an open society with constitutional guarantees of protection and things of this nature. And we tend to, you know, keep that uppermost in our thoughts as it applies to our operations here in the United States. But counterintelligence, if we let our guard down, counterintelligence is not about surveilling, you know, US persons and things of this nature. Because, you know, Chinese, for example, Russians are very good at this as well, they exploit the vulnerabilities that are presented in an open society. And so this is the country we live in.
33
00:00:32,000 –> 00:00:33,000
Rick Crawford [00:11:50]:
It’s not the country they live in. And, for example, we can’t operate like they do. Our folks can’t operate in China the way Chinese operatives operate here.
34
00:00:33,000 –> 00:00:34,000
Frank Cilluffo [00:12:01]:
Because it’s not open, right?
35
00:00:34,000 –> 00:00:35,000
Rick Crawford [00:12:02]:
It’s not an open society. And so, therefore, it’s what we might consider a denied country. We have to have different ways of engaging over there. And here they avail themselves of this open culture that we have. And the only way that I think that we really fight back is to engage in a much more enhanced counterintelligence posture across our domestic federal law enforcement enterprise.
36
00:00:35,000 –> 00:00:36,000
Rick Crawford [00:12:33]:
And so that’s what we are seeking to do, is to enhance that. And we have a variety of ways we may be able to do that, but we know that is a primary mission. And I’ve talked to Director Patel about this as well. He knows and is quite aware that we are deficient in counterintelligence here at home to protect the homeland. And so, Secretary Noem, you name it, across the federal law enforcement enterprise, this is a priority issue.
37
00:00:36,000 –> 00:00:37,000
Frank Cilluffo [00:12:59]:
Awesome. And more needs to be done.
38
00:00:37,000 –> 00:00:38,000
Rick Crawford [00:13:01]:
Absolutely.
39
00:00:38,000 –> 00:00:39,000
Frank Cilluffo [00:13:02]:
And our universities, I joke, I’m worried about the day the Chinese stop stealing our secrets because they got nothing left to steal. But we will always, I hope, outinnovate.
40
00:00:39,000 –> 00:00:40,000
Rick Crawford [00:13:12]:
Well that’s an interesting characteristic between us, the difference, the contrast between the United States and the Chinese. The United States has always been very innovative, very entrepreneurial, very, you know, forward leaning, embracing technology. Not only embracing technology, but developing it. And being an open society, we share that.
41
00:00:40,000 –> 00:00:41,000
Frank Cilluffo [00:13:31]:
Spending trillions in RND.
42
00:00:41,000 –> 00:00:42,000
Rick Crawford [00:13:33]:
Absolutely. And then you have a country like China that comes in and they are opportunistic and not so much innovative, but opportunistic and will steal everything that’s not nailed down. And that may sound harsh, but it’s reality. And so we have to be very, very careful to be guarded of the things that are in our interest to be protective of. Technology being one of those and certainly technology that enhances national security.
43
00:00:42,000 –> 00:00:43,000
Frank Cilluffo [00:13:59]:
Well said, well said. So the Typhoons coming out of China, whether it’s Volt, which is very different than Salt or Flax or Silk, what do Americans need to understand about the typhoons?
44
00:00:43,000 –> 00:00:44,000
Rick Crawford [00:14:14]:
Well we talk about this cyber threat that’s presented by many of these nation states, but probably none as pervasive and maybe even as potentially damaging as what the Chinese are capable of and a willingness to engage in Salt Typhoon, Volt Typhoon, two that you named. It’s, you know, it’s, it’s attacking critical infrastructure assets. And you know, the private sector needs to be diligent. We talk about, you know, cyber hygiene and people think, okay, well that means I just, I gotta change my password. I’ve gotta, you know, do things that are, you know, be careful about your information online and, okay, yeah. But it’s not just your, you know, the way you conduct yourself online.
45
00:00:44,000 –> 00:00:45,000
Rick Crawford [00:14:56]:
A lot of it is not just software, some of it’s hardware. I mean, what we do to protect actual hardware that could be exploited by an adversary like China. It’s their ability to seed critical infrastructure elements like cranes, like chassis for moving storage containers, like the storage containers themselves. That gives them a foray into our supply chain that’s, that makes us very, very vulnerable. How do we fix that? Well, for one thing, we need to stop relying on, on Chinese enterprises to build things that are fundamental to our supply chain. Things like cranes. We talk about, we’re going to go and engage in a port project overseas and we’re doing everything we can to engage in a really, you know, a secure environment. But we’re going to go ahead and buy a Chinese crane to move those shipping containers. And oh, by the way, the shipping containers are made in China as well.
46
00:00:45,000 –> 00:00:46,000
Rick Crawford [00:15:49]:
And the chassis that we put the shipping containers on to move them in that last mile delivery are also made in China. Our industry needs to recognize that there is a demand for secure domestically manufactured hardware that does not give them the platform to introduce a capability for collection, for monitoring, things of this nature. They’ve tried this for things like freight rail. You know, ideally what they’d like to do is shrink wrap a freight rail car and introduce it, you know, ship it to Seattle or Long beach and get it right into our system. And they have the capability to monitor about 85% of freight rail movement across the world. Where they’re lacking is the United States. That’s more than just an economic barometer. There’s, there’s a lot of information you can gather by being able to monitor the way freight moves on rail, the way freight moves on trucks, the way freight moves on last mile delivery.
47
00:00:46,000 –> 00:00:47,000
Rick Crawford [00:16:49]:
All this stuff is important information to the Chinese and that’s why they have an insatiable demand for it. In many cases, I’m not even sure that they know how they’re going to analyze it, but they are rabid collectors of all of our data.
48
00:00:47,000 –> 00:00:48,000
Frank Cilluffo [00:17:02]:
And I might note, I forgot to mention in the beginning, you also serve on TNI and serve on the ag committees on Capitol Hill, both of whom are, and that’s what makes cyber so, everyone, it’s everyone’s mission. Right?
49
00:00:48,000 –> 00:00:49,000
Rick Crawford [00:17:17]:
So an interesting thing that I’ll point to is like, there was a recent, I say recent, it’s been about seven or eight years ago that Bayer acquired Monsanto. And as a part of them being able to do that, part of the CFIUS requirement was that they had to do a 100%, you know, wholly owned subsidiary that was, that resides in the United States. And okay, they got through. CFIUS acquired Monsanto. Okay, that’s great. But within months they announced a partnership with Alibaba on data collection.
50
00:00:49,000 –> 00:00:50,000
Frank Cilluffo [00:17:47]:
Yeah.
51
00:00:50,000 –> 00:00:51,000
Rick Crawford [00:17:48]:
So it’s, it’s, it’s some things we can’t control, but we ought to have the foresight to recognize that, you know, the Chinese are always going to try to position themselves to gather data. This is ag data collection we’re talking about.
52
00:00:51,000 –> 00:00:52,000
Frank Cilluffo [00:18:00]:
Yeah. Which you wouldn’t think of immediately as national, but it is economic security.
53
00:00:52,000 –> 00:00:53,000
Rick Crawford [00:18:05]:
100%. And it’s become now one of the most important commodities of agriculture production is the farmer’s data.
54
00:00:53,000 –> 00:00:54,000
Frank Cilluffo [00:18:13]:
Absolutely.
55
00:00:54,000 –> 00:00:55,000
Rick Crawford [00:18:13]:
And trying to find a way to, number one, to protect that data. And number two, it has nothing to do with our context of conversation today, but how do we monetize it on behalf of the farmer to make them better, better funded. So these, these are cyber concerns.
56
00:00:55,000 –> 00:00:56,000
Frank Cilluffo [00:18:29]:
And these are business plans. Not only intellectual property in the way we think, but how to maximize that. That is a big part of it. And I’m glad you, you brought that up. And supply chain security, I think, is the missing…
57
00:00:56,000 –> 00:00:57,000
Rick Crawford [00:18:45]:
Absolutely.
58
00:00:57,000 –> 00:00:58,000
Frank Cilluffo [00:18:46]:
…dimension. And it is hard, whether it’s hardware, firmware, software. But the reality is, is most companies did not go into business thinking they had to defend themselves against foreign militaries, against nation state threats.
59
00:00:58,000 –> 00:00:59,000
Rick Crawford [00:19:03]:
Like who does that?
60
00:00:59,000 –> 00:01:00,000
Frank Cilluffo [00:19:03]:
Yeah.
61
00:01:00,000 –> 00:01:01,000
Rick Crawford [00:19:04]:
And we…
62
00:01:01,000 –> 00:01:02,000
Frank Cilluffo [00:19:05]:
Kinetic world, physical world. That would not be the case. Right?
63
00:01:02,000 –> 00:01:03,000
Rick Crawford [00:19:08]:
And we just sort of live, you know, most Americans sort of live sort of safely insulated from these considerations. But that’s not the case anymore.
64
00:01:03,000 –> 00:01:04,000
Frank Cilluffo [00:19:15]:
Exactly.
65
00:01:04,000 –> 00:01:05,000
Rick Crawford [00:19:15]:
These things are in our face, whether we like it or not. And we have to start playing a more proactive role. And you know, quite frankly, the government can step it up, it can do some things differently to protect the private sector, but it’s also on the private sector to play a role in protecting themselves. What I think we’re lacking, and you mentioned supply chain. I’ll give you an example of something we did as we, you know, I try to find the nexus among my committee assignments. TNI, agriculture and, and intel.
66
00:01:05,000 –> 00:01:06,000
Frank Cilluffo [00:19:42]:
Great committees.
67
00:01:06,000 –> 00:01:07,000
Rick Crawford [00:19:43]:
Right.
68
00:01:07,000 –> 00:01:08,000
Frank Cilluffo [00:19:43]:
Yeah. Yeah.
69
00:01:08,000 –> 00:01:09,000
Rick Crawford [00:19:44]:
So we did this with the, with the, in the ag space in the last IAA, or maybe it was two versions ago, we actually authorized ODNI essentially to create an office that interacted with USDA with appropriately cleared personnel to address the potential for agro terrorism, the, the cyber threat to ag infrastructure, things of this nature. And the subject matter expertise that resides in USDA needs to be tapped as it applies to Title 50 concerns. So we did that, and the previous administration refused to follow through on that, even though I got in committee, I got a commitment from the previous DNI, Director Haynes, and that has yet to be acted on. So I’ve talked to Director Gabbard and she said, I’m all in. Here’s why. Because we had two more potential recent arrests on what could have been a bioterrorism or agroterrorism threat. And this is where we need that USDA expertise.
70
00:01:09,000 –> 00:01:10,000
Rick Crawford [00:20:42]:
ODNI needs to be bought in completely and then see that through to the end state of an arrest to take them into custody and then adjudicate those individuals. This is a, sort of a holistic approach to how we address it using the subject matter expertise that resides in a given agency. If we can do that with USDA, we can do it with DoT. So we can now talk about trying to close those gaps, identify those weaknesses and vulnerabilities that exist in the supply chain through the subject matter expertise that resides in the agency that has jurisdiction.
71
00:01:10,000 –> 00:01:11,000
Frank Cilluffo [00:21:14]:
And I love that you’re looking at it in a, not through one committee’s lens because oversight is hard on issues like this. It touches every committee.
72
00:01:11,000 –> 00:01:12,000
Rick Crawford [00:21:24]:
One of the things, and you just touched on something I think it’s important to note. One of the things that’s never happened in this committee that we’re doing now, and that is to engage other committees through their chairs. So what we did was we created, we expanded rule, we call it Rule 14 that allows us to read in a committee chair of jurisdiction if and when the subject matter resides in their jurisdictional purview. So if we had something that was relevant to, for example, Energy and Commerce, we would go in and get the Energy and Commerce chairman and the ranking member and their cleared, one cleared staff for each and allow them to come in and sit in ex officio to hear that briefing. We’ve been able to do that on three occasions now in this Congress. And we think it’s a game changer because now what this does is it better informs the legislative process. It deconflicts and makes those, even though the chairs can’t walk out of there until…
73
00:01:12,000 –> 00:01:13,000
Frank Cilluffo [00:22:16]:
So the Rules Committee doesn’t drive everything.
74
00:01:13,000 –> 00:01:14,000
Rick Crawford [00:22:18]:
Right. You can’t as a chairman go, well, listen, I just got this brief in intel. You’ve got to now go and say, look, I think my committee members trust me and when I say we need to pump the brakes on this particular piece of legislation because it might create a conflict from a national interest, a national security interest, you know, you have to understand that. I just got a briefing on this. Although I can’t share it with you, I can say with confidence we may be misguided in this approach or we might want to keep our powder dry on this one until we get some better direction from some national security advisors or whatever. But we feel like this is a way to bring them in in a way that not everybody can be a participant in that process. But reading them in on an as needed basis for those committee chairmen we think is a game changer in making us more effective legislators.
75
00:01:14,000 –> 00:01:15,000
Frank Cilluffo [00:23:07]:
Well, firstly, from a governance standpoint, that’s really refreshing to hear and I hope other chairs follow that lead because many of the challenges we deal with don’t fit neatly in one box or another. It transcends all of that. So hats off, I hope that you continue to move that needle.
76
00:01:15,000 –> 00:01:16,000
Rick Crawford [00:23:27]:
It’s been working pretty well thus far.
77
00:01:16,000 –> 00:01:17,000
Frank Cilluffo [00:23:28]:
It’s a governance issue, that’s a leadership on the Hill. That’s, that’s great to hear. I want to get to hot topic in, inside DC. Maybe not the average citizen thinking about it right now, but there’s a lot of discussion around the dual hat. Whether or not NSA, Cyber Command, right now obviously in the same combatant command, wearing both hats. Do you think that that should be split? Do you have a position on that?
78
00:01:17,000 –> 00:01:18,000
Rick Crawford [00:23:54]:
I actually do have an opinion on that. And I would say this. It’s, it, it’s been a hot topic for quite a while. We’ve had this conversation for a number of years and it really hasn’t been resolved. And I think that on the one hand, if Cybercom has matured, and it’s been around long enough that has, has it matured enough to warrant a commanding general? If we’re going to continue to call it Cyber Command, I would say yes. If we’re not, then I think the answer would be, okay, let’s look at this as maybe this becomes a directorate of NSA and we can put a deputy NSA director in charge of cyber to fill that role. I don’t think it serves the best interest to continue to be half in, half out in this context. We either need to be all in as a combatant command and then stand it up and authorize it the way it should be, fund it appropriately and organize it appropriately, or we need to say we think the NSA can do this and make this sort of a subsidiary of the NSA, name a deputy director of Cybercom. Could be a three star, I don’t know, that resides under the NSA umbrella. And they eat, sleep and breathe cyber. This way it gets the attention it deserves.
79
00:01:18,000 –> 00:01:19,000
Rick Crawford [00:25:12]:
But either way we go, I don’t think we’re, at this current posture, we’re paying adequate attention to this mission set.
80
00:01:19,000 –> 00:01:20,000
Frank Cilluffo [00:25:19]:
Interesting. No, that’s a very, and NSA is a combat support agency to all the existing combatant commands.
81
00:01:20,000 –> 00:01:21,000
Rick Crawford [00:25:26]:
Right. They have a broad range of customers that they serve. Customers, if you will, that they serve. And this would allow that focus on cyber as it should be. I’d be okay with it residing under the NSA umbrella. I don’t like the idea of this is the NSA and this is Cybercom, but we’ve got one guy controlling both. If you said we’re going to merge Cybercom under as a deputy position or a directorate of NSA, that makes a little more sense to me. Otherwise, let’s put it over here, give this its own commander and let them pay attention to this problem 100%.
82
00:01:21,000 –> 00:01:22,000
Frank Cilluffo [00:26:04]:
And you know, the Title 10 mission of Cyber Command is so essential.
83
00:01:22,000 –> 00:01:23,000
Rick Crawford [00:26:09]:
Right.
84
00:01:23,000 –> 00:01:24,000
Frank Cilluffo [00:26:10]:
And if, if there is a split, Congress has to play a big role.
85
00:01:24,000 –> 00:01:25,000
Rick Crawford [00:26:16]:
Oh, 100%.
86
00:01:25,000 –> 00:01:26,000
Frank Cilluffo [00:26:17]:
Right?
87
00:01:26,000 –> 00:01:27,000
Rick Crawford [00:26:17]:
Yeah. And you just touched on it there. The Title 10 versus Title 50 is always sort of at the crux of this argument. And so you’re right. I mean, that’s obviously going to take some authorizations to be able to manifest in some form that does the best job for the country.
88
00:01:27,000 –> 00:01:28,000
Frank Cilluffo [00:26:32]:
And this is a loaded, I mean, there, we’ve had debates, deputy directors of NSA on both sides, and this is one that, fair to say, I’m not sure there is a right or wrong, but at the end of the day, we better achieve the outcomes the American people expect.
89
00:01:28,000 –> 00:01:29,000
Rick Crawford [00:26:47]:
I agree. I don’t think there’s necessarily a right or wrong in either of those two models.
90
00:01:29,000 –> 00:01:30,000
Frank Cilluffo [00:26:51]:
Just get it done.
91
00:01:30,000 –> 00:01:31,000
Rick Crawford [00:26:52]:
The wrong is to not get it done.
92
00:01:31,000 –> 00:01:32,000
Frank Cilluffo [00:26:54]:
Yeah, well said, well said. And I do believe if there is a split, Congress is going to play a significant role in what it looks like. And, and I also think the question of a Cyber Force comes up at that point. Sort of like a Space Com, Space Force set of discussions, but TBD on all of that. But I also know you’ve done some work on looking at liability exemptions, protections and the like for information sharing around cyber. Anything you want to share there?
93
00:01:32,000 –> 00:01:33,000
Rick Crawford [00:27:27]:
Yeah. So we had a closed hearing on CISA, oh, a couple of months ago. We’ll have an open hearing probably in two or three weeks. NSA subcommittee chaired by Darren LaHood. One of the recurring themes from the principals was that CISA needs to be reauthorized. Now we’re 10 years on and obviously they want it, they want to continue. So without question they said yes, reauthorize CISA.
94
00:01:33,000 –> 00:01:34,000
Frank Cilluffo [00:27:57]:
We need to reauthorize something.
95
00:01:34,000 –> 00:01:35,000
Rick Crawford [00:27:58]:
The issue is the liability protection as it applies to the private sector and so on. So that was woven into the conversation. And we are well advised and taking every consideration on that particular piece of the equation.
96
00:01:35,000 –> 00:01:36,000
Frank Cilluffo [00:28:12]:
So just for transparency, we have a task force looking at that that we’re doing with the US Chamber of Commerce.
97
00:01:36,000 –> 00:01:37,000
Rick Crawford [00:28:18]:
Yeah, we’d love to engage with you on that.
98
00:01:37,000 –> 00:01:38,000
Frank Cilluffo [00:28:19]:
Absolutely. It’s a big issue. And if we’re expecting more of the private sector, and there is an onus to private sector and SLTT, State, local, tribal, territorial. They need the resources to get the job done. So how do we square that circle? And, and it can’t just be sticks. There need to be some carrots in that. Because their day job is business.
99
00:01:38,000 –> 00:01:39,000
Rick Crawford [00:28:41]:
That’s absolutely right. And I think there’s been some consternation in the private sector about how do we report, how do we have, where, what are the channels of communication?
100
00:01:39,000 –> 00:01:40,000
Frank Cilluffo [00:28:50]:
Just one report. We don’t need 17 different. Right?
101
00:01:40,000 –> 00:01:41,000
Rick Crawford [00:28:53]:
What are the channels up and then what are the channels down? You know, so what, how are we doing this in a way that is proactive from the federal government to maybe send out early warnings, things of this nature, and then on the back end, okay, what if I am, you know, subject to a cyber attack or whatever? What’s my responsibility and my reporting protocol so that I make sure that I’m engaged with the appropriate authorities at the appropriate time?
102
00:01:41,000 –> 00:01:42,000
Frank Cilluffo [00:29:19]:
Well said. And clarity around not having to just fill out paperwork.
103
00:01:42,000 –> 00:01:43,000
Rick Crawford [00:29:23]:
There’s been some, if we’re being honest about it here, there’s been a lot of hesitance on the part of the private sector because of the stigma of a cyber attack. Because, you know, this can impact particularly a public, publicly traded company doesn’t want to see their stock price decline with a report of a cyber attack. And so there has to be some considerations there as well with regard to the, the privacy of, of that report. But also how do we protect the public who may be subject to that or may have been made vulnerable as a result.
104
00:01:43,000 –> 00:01:44,000
Frank Cilluffo [00:29:55]:
Which may tip off other critical infrastructure they need to batten down the hatches. That is, you captured that square and that is a hard set of issues. And I might be a little forward leaning on this. I’m not sure if you would agree with this, but I think the conversation has to move from public private partnership and information sharing, which is all about trust, it takes years to build, you can lose it in a nanosecond, and toward operational collaboration. Nothing like being in the same foxhole, fighting the same fight.
105
00:01:44,000 –> 00:01:45,000
Frank Cilluffo [00:30:29]:
And hopefully we’ll see some action around that.
106
00:01:45,000 –> 00:01:46,000
Rick Crawford [00:30:33]:
Absolutely.
107
00:01:46,000 –> 00:01:47,000
Frank Cilluffo [00:30:34]:
What about a more forward leaning posture? Lots of discussion coming from the White House, from other cabinet members, and I’m a big proponent. I like to say we’ll never firewall our way out of this problem, but translating the nouns into verbs is a different set of issues. What are your thoughts there for a forward leaning posture?
108
00:01:47,000 –> 00:01:48,000
Rick Crawford [00:30:58]:
Well, I mean, I’ll give you an example of some things that I’ve been able to do since I’ve been on the committee that I think could easily be replicated. We’re encouraging members on the committee to do this and fan out over the country, and is what we called a, we called it a scale up event. That was where we brought in CISA, FBI, and others and presented to a public audience, here are the threats. Here are our recommendations on how you mitigate these threats. Here are the protocols and channels for communication. And then a lunch speaker. And then break out and go into topical discussions that are relevant to your industry, whether it be healthcare, agriculture, industry, whatever it was.
109
00:01:48,000 –> 00:01:49,000
Rick Crawford [00:31:38]:
So we were able to bring that IC right down to the grassroots level. We call it SCALE UP, which is an acronym. We all love acronyms, helps us recommend things.
110
00:01:49,000 –> 00:01:50,000
Frank Cilluffo [00:31:49]:
That’s a good one at least.
111
00:01:50,000 –> 00:01:51,000
Rick Crawford [00:31:50]:
Right. So SCALE UP means supply chain, cyber, agriculture, logistics, energy, university, and proprietary, protecting proprietary information, that’s intellectual property. So that’s where we come up with SCALE UP. Brought it home. We had to actually close the door with a, with a number of, we limited the number of people because the uptake was huge. But in order to facilitate a dialogue, we had CEOs from companies all over the state of Arkansas. Every university in Arkansas, public and private, was present for this presentation.
112
00:01:51,000 –> 00:01:52,000
Rick Crawford [00:32:24]:
We had great presenters and it resulted in industry now reaching out to us and saying, hey, can you give us a topical classified briefing to our C suite so we’re better informed? And so we’ve turned this into almost an extension effort for us to be able to replicate in other states and asking our members to kind of fan out and take that message out and replicate that effort so that the entire country understands what’s available to them. To me, that’s a real forward leaning posture on how we can bring the IC home in a measurable, tangible way.
113
00:01:52,000 –> 00:01:53,000
Frank Cilluffo [00:32:58]:
Absolutely. And I would just add, and I don’t want to put words in your mouth, but OSD with their persistent engagement, at the end of the day, if we’re going to punch, we have to be able to take a punch. Right? And we have a lot to lose. But I do think we can’t just defend. At the end of the day, if you want to impose cost or consequence on bad behavior, there have to be consequences. So hopefully we’ll see some of that, but do so in a smart, measured kind of way because we have a lot to lose too. And others will pay the price for that. Industry will.
114
00:01:53,000 –> 00:01:54,000
Rick Crawford [00:33:31]:
One other thing I would, I would point out too as a forward leaning posture as it applies to cyber, we are good at defensive cyber. I think where we sort of lose focus is when we try to differentiate between defensive and offensive. In many cases we call offensive cyber is actually defensive in the way that it’s…
115
00:01:54,000 –> 00:01:55,000
Frank Cilluffo [00:33:54]:
It’s like a linebacker, right? You’re blitzing the other team, but your still defense.
116
00:01:55,000 –> 00:01:56,000
Rick Crawford [00:33:57]:
That’s right. And so yes, we can be, you know, you know, we have safeguards in a system or a network that help us to identify threats. That’s not offensive cyber.
117
00:01:56,000 –> 00:01:57,000
Frank Cilluffo [00:34:09]:
I agree.
118
00:01:57,000 –> 00:01:58,000
Rick Crawford [00:34:10]:
So we’ve got to wrestle with the authorities that give an entity like Cybercom the ability to go on offense. Because what we know, our adversaries are in our networks, they’re in our systems, they’re threatening critical infrastructure. Is there any reason why we shouldn’t do that? Because we are living in a state of digital warfare.
119
00:01:58,000 –> 00:01:59,000
Frank Cilluffo [00:34:29]:
Absolutely.
120
00:01:59,000 –> 00:02:00,000
Rick Crawford [00:34:30]:
And so it’s happening every day. And as long as we continue to be in a defensive posture, this will continue to be a pervasive problem.
121
00:02:00,000 –> 00:02:01,000
Frank Cilluffo [00:34:38]:
Well said. There’s, not to throw another acronym, but the whole active cyber defense sets of questions I think are essential. And private sector’s role in collaboration with government I think can take a more proactive yet still defensive approach. So hopefully we see more of that. I want to get to why you stood up a subcommittee on open source intelligence. And I was joking with someone, OSINT has sort of been the Rodney Dangerfield of intelligence for a long time. For those of us who remember Rodney Dangerfield, God, may he rest in peace.
122
00:02:01,000 –> 00:02:02,000
Frank Cilluffo [00:35:14]:
But what are your thoughts there? Why did you literally take, I think it’s very forward leaning and really important, but I don’t want to…
123
00:02:02,000 –> 00:02:03,000
Rick Crawford [00:35:25]:
Well, when I was named for this position, I kind of wanted to do sort of a wholesale inventory of what do we have at our disposal here in this committee. And we had the authority to have five subcommittees, but we actually had the authority for six. So why are we not addressing something that was really, really important and using that authority of standing up a sixth subcommittee? And I would say that OSINT comprises about 25% of the President’s daily brief. That’s significant. Every agency in the IC relies heavily on OSINT. OSINT has become a collection discipline, but it doesn’t have the appropriate level of attention paid to it. So that we have sort of a standardized sort of tradecraft, if you will, and how we engage in OSINT collection. It’s, you know, look, my wife is a great OSINT collector. She does all kinds of online research and is really, really good.
124
00:02:03,000 –> 00:02:04,000
Rick Crawford [00:36:19]:
If I want something found, I go, hey, you know, Stacy, can you do this? And next thing you know, she’s really good at that. She’s not been trained in it, so what are we going to do? We sort of have this, having grown up in this space, we sort of have the innate ability to engage in scraping and collecting, but we haven’t standardized it. We haven’t defined a doctrine. We haven’t done anything to identify it as its own discipline. And so we think that it’s an important component that helps undergird HUMINT and SIGINT collection.
125
00:02:04,000 –> 00:02:05,000
Frank Cilluffo [00:36:52]:
And it could actually further or better focus our collection requirements, right?
126
00:02:05,000 –> 00:02:06,000
Rick Crawford [00:37:00]:
Absolutely.
127
00:02:06,000 –> 00:02:07,000
Frank Cilluffo [00:37:00]:
At the end of the day, if others can do it better on the open source side, there is a role for government there.
128
00:02:07,000 –> 00:02:08,000
Rick Crawford [00:37:06]:
Absolutely. And we’ve been engaged in OSINT collection forever. And counterintelligence, by the way, we’ve been using, you know, media outlets and so on for counterintelligence operations since time began, right out in the open source. And so we need to be better at it. We need to recognize when we are being victimized by maybe a foreign counterintelligence operation or whatever. We need to know how we might engage them.
129
00:02:08,000 –> 00:02:09,000
Rick Crawford [00:37:35]:
We need to have a better understanding of the OSINT sources that are available to us around the world. I think we do a pretty good job of it, but I think we can do better. And I also think that it needs to be recognized as the discipline that it is. And so that was the reason and the motivation for standing up an OSINT subcommittee.
130
00:02:09,000 –> 00:02:10,000
Frank Cilluffo [00:37:52]:
That’s great. And from an analytical tradecraft perspective, Central Intelligence Agency, ODNI, are very well positioned to sort of make sense, and I think it allows us to have, again, more focus on what is truly secret and how do we go after that information. But the question I would have is, is it situated right in the IC? If I’m not mistaken, it moved from the Agency to ODNI.
131
00:02:10,000 –> 00:02:11,000
Rick Crawford [00:38:20]:
Well, so there’s a back and forth about where that functional manager should reside. And that is a conversation we can have. That is, you know, okay, that’s a debate worth having. Where should it be? You know, historically, something like this might reside in, in CIA. Perfectly willing to have that conversation. But what we don’t need to do is to start seeing this move to defund or to zero out or whatever OSINT enterprise at any agency because they’re important across the spectrum.
132
00:02:11,000 –> 00:02:12,000
Frank Cilluffo [00:38:53]:
And policy without resources is rhetoric. Then it would just further undermine. Mr. Chairman, we’re near the end of our time here. What questions didn’t I ask that I should have?
133
00:02:12,000 –> 00:02:13,000
Rick Crawford [00:39:02]:
I would say we didn’t talk about AI. And I think AI is going to continue to play an important role in intelligence gathering. It is a force multiplier as a, you’re dealing with volumes of information, that it’s difficult for one individual to be able to pour over, but it helps you sort of triage the level of information that you receive and then get those human eyes on it for an analysis that, that certain things that might escape AI analysis. So I think that’s an important component that we’ll see continue to develop, but it won’t replace human in that context, but it can certainly enhance what human capabilities we have.
134
00:02:13,000 –> 00:02:14,000
Frank Cilluffo [00:39:43]:
Chairman Crawford, thank you for spending so much time with us today. Thank you for your leadership and I love your governance approach with other committees. I hope others steal that idea and run with it. So thank you so much for joining us. Let me leave you with a token, both figuratively and literally.
135
00:02:14,000 –> 00:02:15,000
Rick Crawford [00:39:58]:
Beautiful. Thank you so much. Appreciate that.
136
00:02:15,000 –> 00:02:16,000
Frank Cilluffo [00:40:01]:
Appreciate it.
137
00:02:16,000 –> 00:02:17,000
Rick Crawford [00:40:01]:
Thank you.
138
00:02:17,000 –> 00:02:18,000
Frank Cilluffo [00:40:02]:
Thank you. Thank you for joining us for this episode of Cyber Focus. If you liked what you heard, please consider subscribing. Your ratings and reviews help us reach more listeners. Drop us a line if you have any ideas in terms of topics, themes, or individuals you’d like for us to host. Until next time, stay safe, stay informed, and stay curious.
