Along with two other national cybersecurity experts, Karl Rauscher, EWI’s Chief Technology Officer and Distinguished Fellow, testified on the Hill on July 23, at a House subcommittee hearing on “Asia: The Cybersecurity Battleground.”
Rauscher, along with McAfee’s Chief Technology Officer and Global Public Sector Vice President Phyllis Schneck and the Center for Strategic and International Studies’ Director and Senior Fellow James Lewis, gave official statements and fielded questions from the Subcommittee on Asia and the Pacific. They discussed a broad array of cybersecurity challenges, U.S.-Chinese bilateral relations in cyberspace and the prospects for regional and global cooperation.
“Malicious actors are taking advantage of a lack of cooperation in cyberspace,” Rauscher warned. “We just don’t have the tight coordination that we need.” He pointed out that EWI has already started promoting both better coordination and cooperation. Holding up the EWI reports on Fighting Spam to Build Trust and Priority International Communications, Rauscher focused on the need to take proactive measures, including implementing a new means of effective international communication in times of crisis.
In his full testimony, Rauscher drove home this point by using a metaphor to explain the state of cyberspace when an emergency situation arises. “We have too many people practiced in bailing water out of the boat and not enough capable of plugging holes,” he said. “But when there is water in the boat, and you are getting wet, it is hard to focus on long-term solutions. We need leadership to shift the focus.”
Rauscher also pointed out that, to a large extent, the major players in Asia complement each other’s strengths. “The United States is the leading innovator in cyberspace while China is the largest manufacturer of hardware systems, and India is a leading supplier of both software and networked services,” he noted. “Our mutual interdependence in cyberspace is profound.”
Rauscher stressed optimism in improving bilateral relations with China, “The benchmark [for success], really, is zero percent. These are really hard issues. If you look at what we’ve taken on, people aren’t trying to address them because they think they’re impossible.” With other countries, too, he argued, much more can be done to move beyond purely reactive measures.
Committee Chair Rep. Steve Chabot (R-OH) reiterated this point. “The U.S. must engage its allies around the world to promote the preservation of global network functionality, in addition to establishing confidence building measures that foster trust and reliability with nations,” he said. “Establishing some sort of norms, or principals, to guide actions in cyberspace that the Chinese can agree to will be incredibly difficult.” Chabot and the rest of the committee focused much of their attention on U.S.-China cyber relations.
Some Congressmen raised the issue of China’s domestic cyber policy, and its effect on U.S. cybersecurity. “We’re in the phase now where we need to persuade the Chinese to change their behavior,” Lewis responded. “We cannot coerce them, they’re too big a country, the only way you could coerce them is if you go to war, and that is in no one’s interest.”
The hearing covered more than just U.S.-China relations. It included the need for international cooperation in both the private and public sectors and the prospects for new multinational treaties, U.N. regimes and high-level international dialogue on sensitive issues.
In the discussion, Schneck said, “We [at McAfee] believe in global conversation. We need more conversation, and commend some of the recent efforts, like those in the UN. These forums, like [EWI’s annual cybersecurity summit] mentioned by Mr. Rauscher and others, are good starts to that global forum.”
Rauscher stressed that governments alone cannot deal with these problems. “Given its more intimate knowledge of technology design and development, this leadership will likely need to come from the private sector,” he concluded.