September 13, 2018

Senator Hassan Emphasizes Need for Greater Federal Support for Small Companies Facing Cyber Threats

Senator Also Highlights Importance of Strengthening Public-Private Sector Cyber Resiliency


To watch the Senator’s questioning, click here.

WASHINGTON – Senator Maggie Hassan today emphasized the need for greater federal support for small companies and service providers in the face of cyber threats and highlighted the importance of strengthening cyber resiliency during a Senate Homeland Security and Governmental Affairs Committee hearing.

Senator Hassan pointed to last spring when DHS revealed that a Russian cyberattack targeted several small vendors for utility companies in an attempt to access the country’s electrical grid. At the time, DHS reported that many of these vendors lacked the resources or dedicated cybersecurity professionals to detect and prevent these kinds of intrusions. In her questioning, Senator Hassan said “it does not seem reasonable to me to expect companies with only a few staff and maybe one full-time IT professional to be able to defend against the fully offensive cyber capabilities of state-level cyber actors like Russia.” Emphasizing the importance of greater involvement from DHS in helping to support these small companies in the face of cyber threats, Senator Hassan asked, “What should be DHS’s role in helping to secure these companies and what sort of resources should we be considering in order to achieve some degree of defense against state-level hacking?” 

Kevin Mandia, CEO of FireEye, Inc. responded, “We can’t win if all we do is focus on defense, defense, defense. And that’s why we need to have impose risk and consequences to those who do it, which means we have to get attribution rights, support the technical assets, human assets, the international cooperation so that we know who is doing these attacks so we can at least weigh proportional response to it…We are certainly going to need some deterrents to come to the table.” 

Senator Hassan also highlighted the importance of strengthening public-private sector cyber resiliency, asking Mr. Mandia, “Can you help us identify the best ways to achieve effective cyber resiliency? What sort of mechanism and incentives would need to be put in place to encourage the private sector to develop this kind of resiliency and what can the US government’s role be in helping to achieve baseline cyber resiliency?” Mr. Mandia replied by describing the need for “live fire drills.” He said, “Bottom line is live fire drills…The only way you’re ever going to get better at anything is you force the issue…You have the private sector and public sector do a joint drill….We’ll learn a lot just by practicing.”