In 2021, there were multiple troublesome cybersecurity incidents, including an attack on the Colonial Pipeline that disrupted gasoline supply for nearly a week, and an even scarier attempted attack on a water treatment plant in South Florida that came very close to poisoning a large number of people. The retail industry also suffered breaches of various sizes, including Bonobos and Office Depot.
On the last day of CES 2022 last Friday, two members of Congress addressed what the government is doing to deal with the threat of such attacks, and the consensus was that this is likely to become a bigger problem over time, as opposed to a smaller one.
The panel, titled “Tech and Government: How Are They Stopping the Next Cyber-attack?,” was moderated by Quentin Scholtz, a specialist in government affairs for the Consumer Technology Association (CTA). It began with individual addresses by two members of Congress, both from California: Democratic Rep. Nanette Barragan and Republican Rep. Jay Obernolte.
Rep. Barragan, while praising advances that have taken place since the start of the Biden Administration, especially some provisions in the recently passed National Defense Authorization Act (NDAA), noted that more work needs to be done- and it should be done with government and private enterprise working hand in hand.
“We cannot take the security of our devices and software for granted,” she said. “Government alone cannot address the cybersecurity problems we face.”
“Moving forward, it is critical that government work closely with technology developers and suppliers to develop and implement policies that will lead to real security benefits without stifling innovation,” Rep. Barragan said on the panel. It is also important, the Congresswoman added, to educate consumers about managing the security risks. Among her proposals are the creation of a mandatory cyber incident reporting program and new critical security centers.
The other member of Congress who spoke was Rep. Obernolte, who was formerly a video game developer, and recalled attending CES years ago and handing out his resume. He added that he believes he is the only sitting member of Congress who holds a Masters degree in artificial intelligence.
Rep. Obernolte called the cyberattacks in 2021 “extraordinary,” and in a bad way. He remembered that the Colonial Pipeline hack led him to see gas lines for the first time since the oil embargo of the 1970s.
Among Obernolte’s proposals was to “take a serious look at catalyzing the growth of our STEM workforce.” He noted that China in recent years has passed the U.S. in the number of computer science PhDs, and could double the U.S. number within a few years.
“We need to start reversing that trend right now,” the Congressman said. He added that he noticed that the U.S. did not have an occupational series for tech professionals in computer science and AI research, and fought successfully to include language in the recent NDAA to establish them.
After the speeches came the panel, which included a man, Will Hurd, who was a member of Congress until recently. Hurd, who now works for Allen & Company, had been a CIA officer prior to his career in politics.
Also on the panel were Eric Tamarkin, director and senior public policy counsel at Samsung Electronics, and Jamie Susskind, who was formerly with both CTA and the FCC, and now works as a policy adviser on the staff of Sen. Marsha Blackburn (R-TN.) Sen. Blackburn herself appeared this year at CES, on a policy panel with four other sitting senators.
“Cybersecurity is easier to deal with than the broad challenges that we have,” Hurd said. That’s because, he said, if China is designing infrastructure, anything they do can be compromised. Hurd, in past interviews, has called China “ probably the most sophisticated adversary we have when it comes to their capabilities in cyberspace.”
Hurd also suggested that immigration policy should be used in a way that helps the U.S. to gain a competitive edge on China, in part by encouraging Chinese workers to come to the U.S. “If China is going to steal our intellectual property… let’s steal their engineers.” It’s a hard-nosed line Hurd has used before in past speeches and interviews.
Susskind mostly discussed the priorities that Sen. Blackburn is pursuing this year, most notably privacy legislation.
Samsung’s Tamarkin acknowledged that people relying on their devices so much is part of what makes the threat larger than ever. But, he added, “we’re using vigorous, vigorous techniques to make sure the manufacturing of these critical products is not disrupted by cyber attack.”
The company uses a management framework called Samsung Knox, which Tamarkin called “defense grade.”
“Cybersecurity is an ecosystem challenge. Not all of the burdens are necessarily on the device,” Tamarkin said. “Security needs to happen at the chip, the device, the software level, local area network, broadband, cloud, all of these players have a role and need to manage those roles.”
Tamarkin added that Samsung will reward those who come to them with tips about vulnerabilities in their security.
Hurd, who has jumped from the public to the private sector, discussed how a public-private partnership could work.
Government, Hurd said, can “leverage the understanding of the private sector,” in order to have a better idea of what hackers are doing. But industry has a part to play as well.
“The tech industry has to recognize this: If you’re writing software that creates a known vulnerability, you’re negligent, and you can’t do that,” Hurd said. “So you have to understand that where you’re pulling that code from.”