Cybersecurity and Homeland Threats from Eastern Europe: A Conversation with Michael McCaul

Tuesday, June 20, 2017
Speaker
Michael T. McCaul

Chairman, House Homeland Security Committee; U.S. Representative from Texas (R), U.S. House of Representatives

Presider
Fred Hiatt

Editorial Page Editor, Washington Post

Chairman McCaul discusses his recent bipartisan congressional trip to France, Poland, Estonia, and Ukraine to examine cybersecurity issues, and how the United States can continue to support European partners while also learning from their experiences to bolster U.S. homeland security.

HIATT: Hello, everybody. I’m Fred Hiatt, editorial page editor of The Washington Post. And welcome to today’s Council on Foreign Relations meeting with Chairman Michael McCaul of the Homeland Security Committee. We apologize for running a little bit late. And since we are running a little bit late, I’m not going to give a big introduction. You all know Congressman McCaul. He’s going to start with just a couple minutes to get us started. And then I’ll come back, we’ll have a little conversation, and then we’ll open it up to Q&A.

MCCAUL: Thank you, Fred. I was running through the Dulles Airport to get here as fast as I could. (Laughter.) So I apologize for that. And I had my oldest daughter’s 21st birthday last night in Austin. But I want to thank all of you for being here, and the Council on Foreign Relations, a great organization, to focus on the most important issues, I think, facing the nation. It continues to be—terrorism, international and cybersecurity really continue to be grave and growing challenges to America and its allies. Over the past few years we’ve seen Islamist terror attacks actually just weeks in Manchester, London, Nice, Berlin, Brussels, in addition to attacks here at home. We’ve also seen an increase in the number of cybersecurity attacks, particularly from Russia, most notably to interfere with our presidential elections.

And in light of these events, I led a bipartisan delegation to France and Eastern Europe to examine these issues and discuss how America and our allies can work together to prevent these attacks and defeat our common enemies. First, we visited France, right before the presidential election, and met to assess terror threats to the West. Counterterrorism and defense cooperation between the United States and France are a priority for both countries, with intelligence and information sharing. There are over 700 French jihadists, including 300 women and children, who traveled to Iraq and Syria since 2015. French authorities have disrupted 17 attacks and arrested six to eight people a week on average, all affiliated with ISIS or al-Qaida. And I think Europe actually can tell—most European countries have the same narrative.

Because of this, France is making unprecedented contributions to the fight against ISIS in Syria, in Iraq. They are a significant force multiplier for NATO in coalition efforts against jihadists in North America (sic; North Africa), particularly in Mali. Integration remains an enormous challenge for France, with large populations of North African and Middle Eastern immigrants who are unemployed and not becoming a part of the French society, something I think we have different here in the United States.

It’s also no stranger to cyberattacks in elections. Emmanuel Macron’s campaign publicly accused Russia and its state-owned media of hacking Macron’s party electronic infrastructure and disseminating fake news aimed at undermining his candidacy. And I was actually there to witness this disinformation campaign. It was quite interesting to see it firsthand. Cybersecurity’s a growing area of cooperation between France and the United States, and France’s defense ministry is currently implementing plans to establish their own CYBERCOM, which will employ about 2,600 digital soldiers by 2019.

Next, we went to Poland, a country that sees the United States as its main strategic partner, a NATO ally, a security linchpin against Russian aggression. And you look at the history of Poland being occupied by the Germans, the Russians, the Nazis, the Soviets, it’s very interesting history. It’s one of five NATO countries that spend 2 percent of the GDP on defense. And they’re in the midst of modernizing their force efforts. They’re very concerned about the Russian military threat. They’re worried about Russia’s upcoming military exercises later this summer in Belarus because Russia could leave behind troops or other military equipment and supplies as part of their ongoing campaign of aggression that we saw.

Poland wants to build a robust cybersecurity system that encourages information sharing and leverages their high-tech capabilities. They’re most concerned about attacks on their electric grids. And they believe that malicious cyberattacks by Russia against sensitive infrastructures, such as hospitals, airlines, banks and the like, are also an imminent threat. After Poland, we then went to Estonia, a very interesting country from a cybersecurity standpoint, because they were shut down by Russia with a denial of service attack in 2007. It’s widely considered to be the first state-sponsored cyberattack against another nation.

And since that attack, Estonia has leveraged it geographic, cultural and linguistic experience with Russia to develop a focus on cyber experience which I believe we can both learn from. U.S.-Estonian cybersecurity cooperation is excellent and includes joint cyber exercises and cyber intelligence sharing best practices from both governments. Considering the constant cyberattacks that they endure from Russia on a daily basis, Estonia has offered itself to the United States and the EU as the test site Estonia, so that allies can enhance cooperation by adopting lessons learned on useful cybersecurity measures. They also—they hosted the NATO-accredited Cooperative Cyber Defense Center of Excellence and regularly deploy troops in support of American and NATO security operations.

Lastly, we visited Ukraine, which is in my judgment a proxy war between the United States, NATO, and Russia. With upwards of 4 million people now under occupation by Putin’s henchmen, Ukraine is at the frontlines of Russian aggression against the free world. Russia used its invasion of Ukraine to deploy a never before seen combination of both kinetic on the ground and cyber capabilities in tandem. In addition to the ongoing kinetic threat of military action against Eastern Ukraine and Crimea, there have been two major cyberattacks on Ukraine’s electric grids in December 2015 and December 2016.

The financial sector, the military, media, and government are also under constant cyberattacks. And I can’t emphasize that word enough—constant when we were over there. They endure constant hits from Russia, as well as malicious propaganda and misinformation campaigns coming out of Russia to influence their political process and their people. Ukraine was very thankful for the assistance and training we’ve provided and to their soldiers, which I think has made a difference. They believe that Putin will pay a dear price in both blood and treasure in this fight on the ground in eastern Ukraine for any further military aggression in the country.

Ukraine also expressed concern about the Russian military exercises, again, this summer or fall in—with Belarus. And sanctions, I believe, is a topic in the Senate. It’ll be a topic before the Foreign Affairs Committee on which I serve as a senior member. It will be a something that Congress is going to be looking at to strengthen and show American and European resolve in the face of Russian aggression.

And then finally—I want to get our discussion—I’d be remiss if I didn’t mention I did just get back from Mexico City. I chaired the U.S.-Mexico interparliamentary group at a particularly challenging and significant time, to say the least. And I found it to be a very productive, reassuring session with the Mexicans, talking about both the security and cooperation, energy, and how we can improve and modernize NAFTA. And I thought we sent, almost, like, as legislative diplomats, I thought, a very positive message to Mexico, who is our largest trading partner to the south, in Texas, third-largest in the nation, and really our neighbor and friend to the south.

So with that, my apologies for my flight being late. But I do want to thank all of you for being here today. And, Fred, I look forward to the discussion.

HIATT: Thank you for—(off mic). There’s a lot of things to talk about. Let me start on this trip, that Russia came up in every country. And you talked about Russia’s ongoing campaign of aggression. What’s their goal, do you think?

MCCAUL: I think, to establish—well, in France—if you look at the mindset of Putin, I think he fears two things, the EU and NATO. He’s very paranoid about these two organizations and wants to do everything in his power to disrupt it. So, for instance, in France I think a good opportunity for him. We saw that take place also in Germany with Merkel. He wants to impact a disinformation campaign, not unlike what we saw here in the United States in the last presidential election. He wants to do the same thing in the European Union. And I think, secondly, to hit NATO countries in cyberattacks. Because Estonia is a NATO country, I think he does view Estonia with some greater apprehension in terms of a military aggressive campaign, although they are using cyber.

But Ukraine—they consider Ukraine as part of Russia, and they want it back. And so the way they annex these countries is Russian-speaking peoples who vote for them, really under false pretenses. They can regain admittance back into Russia. And so I think there’s this aggressive kinetic operation—Ukraine is the most fascinating because you had two things taking place at the same time. There’s a ground war in eastern Ukraine, and also the fact they’ve wholesale taken over, as I said, 4 million people in the Crimea to exert their aggression.

And I think, ultimately, to close, is that Putin wants to restore the glory of the old Soviet empire. And it’s a very nationalistic cause that is actually popular in his country, although just recently we’ve seen some dissention with a lot of students now in Russia.

HIATT: If Ukraine is a proxy war between the U.S., and NATO, and Russia, are the U.S. and NATO doing enough, do you think?

MCCAUL: Well, we—you know, we just—we saw that NATO partners now are sending troops and tank brigades to the Baltic states, to ensure that these Belarus exercises that I mentioned are contained and don’t get out of hand, to protect the Baltic Sea. I think the reason why he’s in Crimea, quite frankly, is it’s a port in the Black Sea that gives him great access. And it’s really a military base that he has formed with great power that would be very difficult to take back militarily, so much so that Ukraine has almost conceded that portion but is fighting this eastern Ukraine war, which gives them access without having to—it gives them access by land to Crimea. And I think that’s part of what that fight, you know, is about.

HIATT: I mean, there are people, maybe some in this room, who would say, you know, if he’s afraid of NATO and EU, NATO and EU should give him reason not to be fearful, should recognize that Ukraine is traditionally part of Russia’s sphere of influence, we should talk to him, we should reassure him. Would that be a more successful strategy than isolation and sanctions?

 MCCAUL: Well, I—you know, you had the Minsk agreement that was not really complied with. There’s been further aggression. You know, it was interesting, I was in the minister of security’s office in Ukraine. And he showed me a list of all the Russians that they have actually captured and imprisoned. And according to their intelligence, they’re not the separatists that they claim to be. They’re actually sending Russian soldiers into the region then combat Ukrainians on that border region. And so I think Russia’s shown a great deal of aggression here that I think needs to be dealt with. I think, you know, weakness invites aggression. You know, we learned that from World War II. And he has taken back Crimea, which is significant.

But as Rex Tillerson, when he testified before Foreign Affairs Committee, said recently, he doesn’t want his hands tied, that he does want the power of diplomacy to try to perhaps work out the situation. But just being on the ground there, you get that feeling and that sense that I don’t think the Russians are all that interested in this. I think they’re—it was a very strong-handed way of dealing with Ukraine. And Ukraine has this horrible, you know, history of Stalin, you know, killing 8 million of his own people in the Ukraine. And so the Ukrainians very much understand that. They had a pro-Russian president that led to riots in the street. Now they have a pro-Ukrainian president. And the general mood on the street in Ukraine is very anti-Putin. It’s very anti-Russian and anti-Putin.

HIATT: And what did you find in all four countries about attitudes toward the U.S. and towards this administration? What are people feeling?

MCCAUL: Well, I met our troops in Poland. And they feel very strongly about our alliance. I think in Estonia, they’re going to be the—they’ll be the president of the EU next year. They’re a NATO ally. And I think Ukraine, you know, is not. And really can’t be, because if we admitted them into NATO we’d be at instant war with Russia. Having said that, I know there have been some sort of signals that we’re not supportive of NATO. I didn’t really get that sense in those countries. But remember, those countries pay 2 percent of their GDP. So they pay more than—they pay what they’re supposed to, and more than what other NATO allies pay in the region. And I think, again, France—you know, their efforts in Mali, Northern Africa, very closely allied. We tried to reassure them too. If there were any misgivings that, you know, there was an issue with NATO, that’s just wrong.

HIATT: And Congress has a role to play in that reassurance, do you think?

MCCAUL: We do. You know, I think these delegations—you know, these CODELs they call them, are—give us an opportunity to meet with a leader. We met with the president of Ukraine, the foreign ministers, the minister of interior. And it gives us a chance to kind of be legislative diplomats, if you will, to reassure, like I did in Mexico, you know, that you’re not the enemy and that we are going to work with you. And I think that played a strong role.

HIATT: Let me step back to the U.S., if I could. I know your committee isn’t the primary one investigating Russian interference in the election, but you have as good an understanding as anybody of sort of the cyber issues. So tell us a little bit, when you see—how far did Russia get in corrupting the electoral process? And what should the United States be doing to keep it from happening again?

MCCAUL: Well, there was a deliberate attack by Russia to influence our elections. There’s no question about that. I got the briefing both in the summer, and then October, right before the November elections on this. So those who question that, I think the intelligence community is very clear that this was—there was no doubt that Russia was attempting to influence it. The question is how much of an impact, if any, they had on the election. But the mere fact they were trying to do, I think whether it’s Republican or Democrat it’s an attack on our democracy, it’s an attack on America. And it needs to be responded with consequences.

I think too often in the cyberspace we let countries get away with things because we think it’s just a cyberattack. And we saw the same disinformation campaign, again, happen in France and in the Ukraine and in Estonia, to try to undermine their political process. So this is not only cyber operations to break things down and steal and destroy, but also to politically influence. And they’ve been doing it for a long time, they just have a new tool, and that’s the cyberspace.

HIATT: If you were briefed in the summer and in October, did you say, should the U.S. have been responding more actively then?

MCCAUL: I urged—and I don’t want to dime out the specific individuals—but the ones who briefed us that we should call out Russia for what they’re doing and that there should be consequences to those actions. I think the sanctions bill that we’re looking at is—would codify executive orders under the Obama administration dealing with Crimea and cyber election forces, but I think it goes further than that. And I think we need to send a strong message that we’re not going to tolerate that in our democracy. And, you know, when China steals 20 million security clearances and there’s no result from that, or when they allegedly hack into our CIA, when they—you know, there are a lot of things that our foreign adversaries do in the cyberspace that really go without consequence.

HIATT: So does the consequence for deterrence—does the U.S. need an equivalent offensive cyber capability?

MCCAUL: Well, we have that. And you know, we—you don’t read about. And I probably can’t really get into much of it, but we have that more as a deterrent. Just like we can use our military for diplomacy, same in the cyber offensive capability that we have. But Russia has demonstrated an ability to actually use it. You know, when they shut down Estonia, when they shut down the power grids in the Ukraine. You know, and when—it’s just amazing. Ukraine has become a testing ground and a lab between U.S., NATO, and Russia, again, both kinetically, but also in the cyberspace.

And why is that cyber piece so interesting or important? It’s because we’re learning a lot about Russia’s cyber capability, because they’re launching the best stuff they got. And it’s a testing ground for them. But it’s also a learning ground, a laboratory for us to learn what they are using so we can greater understand their capabilities and defend ourselves from an attack—a similar attack. So, in other words, the signatures, the malicious codes, you know, coming out of Russia into Ukraine, Estonia’s a little better at this game because they’ve been dealing with it longer and they help in this effort. But we’ve actually learned quite a bit about Russian capability through this proxy war.

HIATT: You say we don’t read much about the offensive capability, not for lack of trying. (Laughter.)

MCCAUL: Or reporting.

HIATT: Yeah. But I mean, in the nuclear age, the idea of deterrence was the other side should know about it, and that’s how it worked. Why doesn’t the same thing apply in offensive? Or does it?

MCCAUL: I think—I think for the United States it does, because they know—they do know that we have the power to shut things down. I still contend we have the greatest cyber offensive capability in the world, but Russia and China come pretty close to that. And I think they’re fully aware of that. And that’s why they—but you haven’t seen quite the destructive attacks. China’s more about espionage. Russia, there’s a lot of theft. There’s a lot of IP theft from China and Russia. The destructive attacks are potentially there. We worry that their fingerprints may be in our SCADA systems. And if they’re in—if they are, then they have the capability to turn the switch off, which they should shut down our SCADA and power grids. So, but are they going to use it? Just like the atomic nuclear age, that deterrent factor, I think, you know, they don’t want the same attack on them.

HIATT: Mmm hmm. But when you talk about response to the Russians, should the U.S. response be in cyber, or is it appropriate to have it be sort of asymmetrical and have it be economic sanctions. Or, to the China OPM attack, what’s the most—what would the most effective response be?

MCCAUL: I mean, we’re doing it—I mean, obviously NATO is coming to Ukraine—well, not Ukraine’s defense, but the Baltic states. They’re in the region when these Belarus exercises take place. It’s really Russia doing that, and the Baltic Sea as well. So you’re seeing that kinetic response to that. In terms of our hitting back with cyberattacks, I think Estonia’s not—their interest is more in protecting themselves from that kind of attack. And I think Ukraine’s in the same position. But we need to think about it, at what point do you use both of your capabilities—both kinetic and cyber—in an aggressive posture that Russia has demonstrated?

HIATT: Do you think they were trying to get Le Pen elected? And were they trying to get Donald Trump elected? Or were they just trying to mess us up?

MCCAUL: Yeah, I think—I think—you know, Le Pen had actually met with Putin.

HIATT: She went over there.

MCCAUL: She—there are loans of Russian money. And so we were actually in Paris the day the information was coming out about how Macron had offshore bank accounts he wasn’t paying taxes on. But the difference was, the French understood that this was Russia doing this, and so it didn’t carry the weight—

HIATT: French voters, you mean, understood.

MCCAUL: Yeah. And that was a really interesting thing to see play out. It didn’t work, because they knew it was Russia behind that, and therefore they knew it was false dissemination. So in that sense, I think they probably did—they just want chaos in the EU and NATO. That’s—destabilization in the EU and NATO is what they want. And that’s what they’re trying to do with disinformation campaigns and with cyberattacks. With respect to our presidential election, I wouldn’t necessarily as much—as much had to do with President Trump as much as it had to do with Mrs. Clinton. There was a deep dislike, I think, for each other.

HIATT: We’re going to turn over to the audience in a minute. Let me just ask two things. You went to Auschwitz. Can you tell us one minute of that and why you went there and what—

MCCAUL: Well, my dad was part of the D-Day air campaign so they could go into Normandy. It was profound. But then to come full circle, you know, the camps being liberated. To see Auschwitz was really just mind blowing. And it’s larger in scale than most people imagine, about 20 football fields. The original Auschwitz is a little bit smaller, larger ones—and they were only halfway done. Four major gas chambers. We saw the original gas chamber, with the scratching on the wall—without to get too graphic. But, you know, Dr. Mengele was there. You know, we were at, you know, that famous—“Schindler’s List,” you know, railcars coming in. Seeing that backdrop and go left to the chamber, go right to the camp.

And it just—it was a great stain and sin against humanity that reminded us—should remind us why we fought that war, and why people like my father fought that war, was to rid that evil and to liberate those camps. It was horrific. And in the case of Auschwitz, it was the Russians who liberated Auschwitz. And unlike us, who brought the Red Cross there, they just told them to walk 70 miles to the nearest village, which was Krakow. But the sheer scale of the operation—and it wasn’t the only one. And to think, a million—a million Jews were killed there.

HIATT: OK. Let’s see. A reminder that this meeting is on the record. And please wait for the microphone, speak directly into it, please stand and state your name and affiliation, and limit yourself to one question as concise as possible so we can get as many questions as possible.

Q: Thank you.

Thank you, Chairman McCaul for sharing your perspectives on Eastern Europe. There’s not too much good news on the cybersecurity front, other than what you said about the United States still having the most powerful offensive cyber capability. That’s great to hear. But there was a tidbit of good news, maybe, in the ODNI, the director of national intelligence, recent threat assessment, where cybersecurity comes out the first greatest threat and emerging technologies the second. But on cybersecurity he says that from China, and you mentioned IP theft, that it seems to be going down, and that perhaps that is a function of the agreement or the discussions between President Xi Jinping and President Obama. So my question—and it also goes to kind of NATO—is there a basis for more aggressive cyber diplomacy, which can somehow, you know, bring us more good news, perhaps?

MCCAUL: Yeah, and great question. I’m glad you brought that up. You know, I serve on the Foreign Affairs Committee, which is probably more relevant to this group. And I’ve always been calling for international norms and standards in this arena, because we don’t really have any. It’s a bit of a frontier, Wild West, where there are not rules that really apply to this. You know, what constitutes an act of warfare? Is Article 5 invoked if a NATO power is hit with an act of cyberwarfare? A lot of unanswered questions. But I think these—if we could enter into negotiations with other countries to at least start that dialogue. And I passed a bill out of the Foreign Affairs Committee to—requesting the State Department to come up with a strategy for this, a strategy for what do these international norms and standards look like.

But I think this is where diplomacy, I think, could play out. It didn’t work so well when we met with the Chinese after they stole 20 million security clearances. They still continued to do that. And you know, I’ve got five teenagers. And, you know, if you have bad behavior and there are no consequences, you get bad—more bad behavior. And so I think we need to have some consequence to these actions. What is the appropriate consequence, I think to your point, is—you know, is the question. And it’s a very—it’s complicated. But we need to start that process, because people don’t understand that it’s just as deadly as kinetic warfare can be.

HIATT: Congressman, wasn’t the administration supposed to provide the cyber strategy in the first 90 days?

MCCAUL: And they did—they did come out with an executive order. I think in light of the travel ban kind of pulled back a little bit to make sure they did this right. And we—actually, my office and my committee worked with them on this. And consequences was part of what they issued to the—you know, the relevant departments to look at, what are the appropriate consequences.

HIATT: So you’re still waiting?

MCCAUL: Well, the executive order’s come out.

HIATT: And that’s the strategy as far as—

MCCAUL: Well, it’s the beginning of the process.

HIATT: Mmm hmm. Way back.

Q: Thank you very much. Nick Schifrin. I’m a term member and a correspondent with PBS “NewsHour.”

I just returned from seven weeks in Russia. And even among those officials who tentatively admit that hacking did occur, there’s a real denial about its seriousness and how seriously we take it. So do you think that a sanctions bill is enough to deliver that message that we are taking it seriously? And do you think the administration’s—the president’s hands should effectively be shackled by a congressional bill—whether it’s the exact language that’s already in the Senate—that essential restricts the administration from perhaps lifting some previous sanctions? Thanks.

MCCAUL: And I think that’s the intent behind the Senate sanctions, is to codify existing executive orders with respect to Russian sanctions for Crimea and with the election cyberattacks. So that would, if codified into law, that would take that ability to rescind those executive orders. And I think that’s part of the incentive. But I think that bill goes far beyond—it goes into energy, which could cripple Russia, for instance. Now, I’ve talked to some energy companies. They’ve had some—you know, there are going to be negotiations, I think, around the House product that we deliver out of the House Foreign Affairs Committee in terms of energy that’s not emanating out of Russia but could still be sanctioned, and the impact that could have on our companies and our interests. And so, but I think—I think this bill does go farther. And it does take away the ability to rescind the previous executive orders.

Q: Is that enough to deliver that message of seriousness?

MCCAUL: Well, certainly I think it sends a strong message to Putin. I think on the energy piece we got to be careful how we do it. If energy originates out of Russia, it should be subject to the sanction. But we have to be mindful of our European allies, joint projects that we’re working on. But, no, it definitely goes much farther than just those previous executive orders. That’s going to be something we’re going to be looking at in the House on the Foreign Affairs Committee in the near future.

HIATT: And you think the two chambers will be able to get together on a strong sanctions—

MCCAUL: I think so. I really—you know, honestly, looking at the aggression of Crimea, what they’re doing in the Ukraine on the eastern front, what they did—attempted to do in our elections, you know, my whole point’s been we have to have consequences to bad behavior. And if we do nothing in the face of Putin’s aggression, then we’re abdicating our responsibilities. And I think we’re just inviting more aggression, you know, to take place. And we’ve seen that historically with whether it’s Hitler and—you know, Churchill talking about Hitler and Stalin. Ukraine knows very well about Stalin.

HIATT: Sir.

Q: Thank you. Sam Visner with ICF, also a CFR member.

The historical parallels are interesting. I’m wondering if the Russians in particular are looking at cyberspace differently than we do. We think of it as the—DOD calls it the fifth domain, it’s an operational domain. But there are those that think that the Russians and Chinese, and particularly the Russians, look at it as territory that could become sovereign, could become controlled and governed, even conquered in some way, and subject to sovereign control. And that if they can grab more of it, they can do it at the expense of other countries, and they can begin to surround those countries in cyberspace and surround their infrastructures with territories that they’ve seized. And I’d be interested and grateful for your view on that, sir.

MCCAUL: Well, and I think that’s the—you’re getting right to the core principle of Putin’s strategy, and that is to annex the Russian-speaking peoples. To do that, I think he uses the cyber disinformation warfare piece to influence and persuade the Russian-speaking peoples that they’re better coming to the motherland, you know, back to their homeland, to Russia, rather than staying where they are. And I think that’s their kind of strategy, both military, politically, and in the cyberspace.

And it worked in Crimea. Seventy percent in Crimea voted to stay—or, to be a part of Russia. That has been questioned by the United States. In fact, most experts don’t believe that’s an accurate number, and it was a bit of a rigged election. But that’s precisely what they’re trying to do. And you look at, you know, Putin—what is his legacy? What does he want to be remembered for? Bringing back, you know, these states that they lost back to Russia, and expansion of Russia. He looks at, you know, the great leaders of Russia prior, they’ve all expanded the empire. And he wants to have that legacy as well.

HIATT: The irony is, if he allowed Ukraine to prosper, Russia would prosper so much more also. But he doesn’t see it that way.

MCCAUL: Yeah. You saw “Bitter Harvest.” I mean, so they, you know, even back then, Stalin took all the grain from Ukraine, starved their own people, about 8 million, to benefit himself.

HIATT: In the corner.

Q: Hi. Rick Weber at Inside Cybersecurity.

Chairman, the ranking member on your committee, Bennie Thompson, cosponsored legislation on Friday on Russia sanctions. Have you seen that bill, and do you think that that has some room for movement in Foreign Affairs?

MCCAUL: I’m not sure if that’s the—are you talking about the Senate version?

Q: With Maxine Waters. He cosponsored legislation on Friday on Russia sanctions.

MCCAUL: Right. And yeah, well, I’ll work with—as I always do. We passed a—by the way, we passed a reauthorization bill out of my committee unanimously to reauthorize the Department of Homeland Security for the first time since it’s been created. So I think this is an area where you can have—certainly, it shouldn’t be party line. It should be a bipartisan effort, as we saw it was in the summer.

HIATT: I’m Michael Krepon. I work at the Stimson Center.

 Mr. Chairman, what more should we be doing in Ukraine to increase the costs of this aggression?

MCCAUL: I think we’re advising their soldiers, training them. I think more training. I think giving them more—you know, there’s a debate about lethal military assets versus nonlethal, and is that going to escalate the tension? But the tension’s pretty high, you know, already. It’s a ground war. It’s not in the air. We worry about the Belarus exercises going in the air, doing some air operations—which they haven’t done yet. And so—but I think as NATO’s done with the Baltic nations with these Belarus exercises, we fortified it, and have given the more tank brigades and more NATO troops. And, you know, I think we need to send a signal to Putin that we’re serious, that we’re not going to stand back and let them wholesale take over countries just like, you know, Hitler took over Poland, you know, or Alsace-Lorraine.

You know, at what point do you stand up to somebody like that say: You can’t do this. And he does this under the ruse of the Russian-speaking peoples and these elections, but it’s outright naked aggression, in my view, that’s paralleled to what Nazi Germany did. And the history is extraordinary with these countries, because they’ve been under occupation by the Germans, and the Russians, and the Nazis, and the Soviets for so many years. And they want to be—they want to be free. They want to be a liberated country.

HIATT: Is the kind of U.S. leadership and alliances you’re talking about compatible with the cuts in the State Department funding that the administration budget had proposed?

MCCAUL: Well, and I think diplomacy—I think Mattis put it well when he said if you cut that, you’re going to have to spend more for bullets. And, you know, we all see soft and hard power working together. And hard power gets you to the negotiation table. And if you can’t negotiate diplomatically, then the ultimate, you know, last resort is to use the military power. And so I think that would be unwise. And I think our committee had a very bipartisan hearing on this stating that this would be detrimental. Could we reform some of this? Of course. You know, some of the expenditures and appropriations. And what is it we’re cutting. And there’s always room to improve the way you’re executing and using the taxpayer dollar. But I think a 30 percent reduction would be—would be harmful.

HIATT: Other questions?

Q: Hi. Thank you very much. Aynne Kokas, the University of Virginia and Baker Institute at Rice University. So a fellow Texan.

So I’m really curious as an educator about the role in kind of building up the U.S. cyber—U.S. cyberwarfare capabilities, particular attracting top talent to these roles, because one of the things that we’ve noticed in our sector is both a difficulty in terms of building a pipeline into government for students who are trained in these areas, as well as a frustration with working conditions within government, which leads people to then go to the private sector. So essentially, the privatization of a lot of the top talent in these areas. So I was wondering if this is something—and, you know, given the concerns about the Pickering Fellowship recently. I was wondering if this is something that your committee is looking at, or when we think about this as a long-term strategic issue how this fits within the larger picture.

MCCAUL: Yeah, an excellent question. That goes to the workforce. And if we don’t have a cyber workforce, then we can’t—we’re not going to prevail. I think there are more jobs than there are scientists and engineers who can do this stuff. And that’s the bottom line. It’s hard for the government to retain good, qualified people when the private—it’s hard to compete with the private sector, just because they can pay so much more money. I passed a bill out of my committee last Congress and then revised it for teachers, but it’s the cyber core. We’ve had 3,000 graduates now of this program, to—and basically it’s kind of like—it’s kind of like the Peace Corps. If you sign up, we’ll pay for your tuition if you will agree to three years of service in the federal government in cybersecurity.

And so we’re getting some good talent in both DHS and NSA. And we expanded that to teachers now in that field. But I think we need more centers of excellence. I didn’t realize, you know, I got a briefing from Annapolis, the Naval Academy, they just—they just created a major in cybersecurity. You know, I think all the branches of service need to have that. And I think more universities need to have, like yours, a cybersecurity major, so that we can have that workforce, because I can tell you, you know, again, the jobs far outweigh the workforce that we have in a very, you know, important field. And then retention in the federal government is very difficult.

I’m trying to build up the capabilities at Homeland. NSA has always been kind of the gold standard up here. Homeland five years ago wasn’t, but they—I think they’ve really raised their capabilities. I passed the information sharing bill, the Cybersecurity Act, to share that threat information with the private sector, and private-to-private with legal liability protections. And it’s starting to work. But we need to build up their capability and talent in the workforce.

HIATT: I’m going to sneak another one in here. I know you’ve paid attention to North Korea in the past. And a lot of us have been almost obsessed with this story over the last few days, this terrible story about Otto Warmbier. Is there a response the United States should be making? And more broadly, are there things the U.S. could be doing that we’re not doing, do you think?

MCCAUL: I mean, so we got all—we got briefed in a classified setting on all of this. I think Mattis kind of views this as one of the biggest threats, just because it’s nuclear. Now, I worry about nuclear material being smuggled into the United States, but this is a direct capability to deliver. And so what we’re worried about is them building the capability to move. If they’re stationary, we can probably take—we can take those out. But if they’re mobile and they can move launchpads and missiles with miniaturized warheads, that’s where we don’t want them to get to. And so you’re seeing a lot of, you know, obviously, ships now being sent to that region. And one had an accident, unfortunately. But being sent to the region as a strong showing of force that, you know, we’re serious about this. We’re trying to leverage the Chinese.

You know, this is a diplomatic effort but, again, showing the hard power to then get them and the Chinese to—China has the most leverage over North Korea. They’re kind of like a—you know, like a bad stepchild to them. But if they’re—it’s their child, so they have to deal with it. But I think—I think that showing of force in that region, and then getting a diplomatic process underway with the Chinese involved. And my—I don’t know. You know, this guy is—they say he’s not irrational, but he killed his own family members. And when you look at the capability where the range that these missiles now can hit, if I were Japan or Europe I’d be very concerned about that.

HIATT: Time for one or two more. Yes.

Q: Hi. Eric Schmitt with The New York Times, CFR member.

Mr. Chairman, the nation’s offensive cyber capabilities had some mixed success against Iranian and North Korean weapons development. How would you assess, however, how well the offensive cyber has done against the Islamic State, going against its capabilities? Thanks.

MCCAUL: Yeah. Well, so people say what’s the difference between bin Laden and al-Baghdadi, al-Qaida and ISIS. And it’s the internet. They don’t have—they aren’t trying to grow what they call a cyber jihadist army. They’re not that capable. But they are very capable of using the internet to recruit, train and radicalize. And that’s a kind of communications we want to stop. Now, it’s a bit of a—when you have that café in, say, Syria, sending out these messages, what’s the best way to deal with that? You know, we have had some limited targeted cyber operations to try to stop that. But at the same time, you know, I have to be a little careful space in talking about it, but at the same time there’s an intelligence value to, you know monitoring these cafés, and not to mention human assets.

And so it’s very delicate, but we have had some success. I think that this internet propaganda has been one of the greatest challenges we’ve had with the Islamic State. I do think the private sector high tech has a role to play here. So the service contract agreements, if you have someone sign up for a contract with Facebook or Google, then if you’re going to put jihadist material out there, that that should be part of the service and conditions.

Therefore, then the—then we don’t have to worry about the government getting into this business and the First Amendment free speech rights and what constitutes—you know, it’s hate speech, but what rises to the level of being able to actually take action on it. It could be handled by the private sector, I think, in addition to what we’re doing, I think, offensively. I do think they’re falling in Mosul and Raqqa. But they will still have the power of the global internet, which made them a global franchise, which is very different from what we saw with al-Qaida.

HIATT: Well, I’m afraid we have run out of time. Thank you so much. It was a very interesting tour of the world.

MCCAUL: Appreciate it. Thank you, Fred. (Applause.)

(END)

Explore More on Europe and Eurasia

NATO (North Atlantic Treaty Organization)

What Is NATO?
The alliance is bolstering its military deterrent in Europe amid Russia’s invasion of Ukraine and has expanded to include Finland and Sweden.

Backgrounder by Jonathan Masters March 18, 2024

China

China’s Massive Belt and Road Initiative
China’s colossal infrastructure investments may usher in a new era of trade and growth for economies in Asia and beyond. But skeptics worry that China is laying a debt trap for borrowing governments.

Backgrounder by James McBride, Noah Berman and Andrew Chatzky February 2, 2023

Russia

How the Coronavirus Threatens Putin’s Global Image
President Vladimir Putin planned to use this year to raise his stature as not only the face of Russian politics at home but also a dominant figure on the global stage. Then the new coronavirus intervened.

In Brief by Thomas Graham March 25, 2020 U.S. Foreign Policy Program

Top Stories on CFR

Iran

Iran Attack Means an Even Tougher Balancing Act for the U.S. in the Middle East
The unprecedented Iranian attack on Israel presents U.S. officials with mounting challenges in trying to contain the conflict and maintain a deterrence against Iran and its allies.

In Brief by Steven A. Cook April 14, 2024 Middle East Program

Economics

Virtual Media Briefing: Previewing the World Bank/IMF Spring Meetings

Play
CFR experts preview the upcoming World Bank and International Monetary Fund (IMF) Spring Meetings taking place in Washington, DC, from April 17 through 19.   

Virtual Event with Heidi Crebo-Rediker, Sebastian Mallaby, Brad W. Setser and Michael Froman April 16, 2024 Media Briefings

Japan

Prime Minister Kishida’s Tour de Force

The highlights from Kishida Fumio's busy week in Washington.

Blog Post by Sheila A. Smith April 15, 2024 Asia Unbound