Testifying before the Senate Armed Services Committee Tuesday Director of National Intelligence James R. Clapper Jr., spoke about the U.S.'s attempts to deter cyberattacks, such as the OPM hack that led to the breach of 21.5 million Social Security Numbers and 5.6 million stolen fingerprints.
Following Clapper's testimony, Sen. John McCain, chairman of the Senate Committee on Armed Services, argued that the U.S. should respond to cyberattacks more proactively. “We are not winning the fight in cyberspace," he said. "The problem is a lack of deterrence. The U.S. has not demonstrated to our adversaries that the consequences of continued cyber attacks against us outweigh the benefit.”
Some cybersecurity pros caution against prohibiting and penalizing nations for engaging in cyberattacks.
Yogen Edholm, CEO of Accellion Inc., told SCMagazine.com, “If you are in the spy business and you prohibit government-on-government cyberspying, you are out of business."
Edholm said the U.S. has led effective cyberspying operations against other governments, and he believes the U.S. would would limit its capabilities by prohibiting government cyberspying. "If we do that," he told SCMagazine.com, "frankly, we have more to lose than anybody else."
Clapper told the committee that the U.S. practiced "cyber espionage and in a public forum, I'm not going to say how successful we are, but we're not bad."
McCain is the sponsor of the National Defense Authorization Act for 2016, and he is a proponent of information-sharing legislation. Language in the NDAA that referred to information-sharing was dropped as a result of concerns that the legislation would increase cyber surveillance.
When contacted by SCMagazine.com, the CIA declined to comment on the decision to remove the spies from China.