President Trump’s nominee to lead a new office at the Department of Energy agreed Tuesday to urge the administration to develop a cyber deterrence strategy.
Sen. Angus King (I-Maine) asked Karen Evans, Trump’s pick to lead a new energy cybersecurity office, to prod the administration to develop a cyber doctrine and select “one point of authority” at the White House to coordinate cybersecurity efforts if she is confirmed to the position.
{mosads}
“I hope those are two messages that you can carry back,” King told Evans during her confirmation hearing Tuesday before the Senate Energy and Natural Resources Committee.
“I would be happy to do that, sir,” Evans replied.
King is among a bipartisan group of lawmakers in the Senate who have criticized both the Obama and Trump administrations for failing to set forth a comprehensive cyber doctrine that telegraphs repercussions for adversaries who launch attacks against the United States in cyberspace.
“Right now, there is no deterrence,” King said Tuesday. “We are entirely defensive and ultimately that is a losing strategy.”
“We know that a cyberattack is coming at some point,” the senator continued. “It’s the longest windup for a punch in the history of the world, and shame on us if we’re not prepared for it. The best way to prepare for it is to deter it.”
A provision in the Senate-passed annual defense policy legislation would set a national policy for cybersecurity and cyber warfare, despite the fact that Trump has already submitted his own, classified report on cyber policy to Congress.
King also asked Evans during Tuesday’s hearing to urge the White House to implement a structure where there is one point of contact for agencies on the issue of cybersecurity.
“I go to these hearings all the time and everybody says the ‘whole of government.’ When I hear that, I think none of government. That means nobody’s in charge and nobody’s accountable. I believe that we need a leadership position,” King said. “Please urge the administration to think about a cyber coordination function.”
The administration has been criticized for deciding last month to eliminate the cyber coordinator position at the White House — a role established to coordinate federal cyber policy efforts across the government. The White House said the decision was made to reduce bureaucracy and improve management at the National Security Council, where the position was housed.
Earlier this month, Trump nominated Evans, who held information technology leadership positions in the George W. Bush administration, to lead the Department of Energy’s new Office of Cybersecurity, Energy Security and Emergency Response.
On Tuesday, she pledged to address evolving threats to U.S. energy systems by executing plans to make them more secure and resilient if confirmed to the assistant secretary role. Lawmakers have increasingly raised alarm over potential threats to the power grid and other assets, particularly in the wake of cyberattacks that knocked out portions of Ukraine’s electric grid in 2015 and 2016.
“I don’t want to admire the problem anymore. I think a lot of us have done that through the years. It really now [is time] to execute and to start looking at how do you make these systems more resilient, how do you ensure that you have a response plan, that you exercise that response plan and you do it in partnership with private industry and state and local governments,” Evans told lawmakers.
Evans earned bipartisan recognition for her experience during the hearing. She served as chief information officer at the Department of Energy and was later appointed by Bush to a top White House role where she oversaw federal IT programs.
More recently, Evans has served as the national director for U.S. Cyber Challenge, a public-private program dedicated to seeking out cybersecurity talent across the country.
Energy Secretary Rick Perry announced in February that that the department was creating a new office to handle cybersecurity and energy security.