January 7, 2022
During a panel at CES 2022, CTA specialist in government affairs Quentin Scholtz queried panelists from government and technology on their priorities and plans for stepping up effective enforcement against cyberattacks, especially those originating from nation states. Jamie Susskind, tech policy advisor for Senator Marsha Blackburn (R-Tennessee); former U.S. representative Will Hurd (R-Texas); and Samsung Electronics senior manager and counsel of public policy Eric Tamarkin offered complementary priorities on how to act in 2022 and going forward.
For Senator Blackburn, said Susskind, a strong privacy framework has been her No. 1 priority, but she also recommended that the Department of Defense consider a report from the National Security Council about AI. Blackburn, who serves on the Senate Commerce, Science and Transportation Committee, is also delving into protecting critical infrastructure.
With Oak Ridge National Laboratory located in Tennessee, Blackburn believes that setting up a cyber consortium for national labs is important to securing the energy grids and other facilities.
Ransomware is also a big topic for her, said Susskind, who noted Blackburn, along with other senators, launched a bipartisan Financial Innovation Caucus to ensure U.S. competitiveness regarding blockchain, digital assets and AI/ML among technologies. “She has also been very outspoken about China and other adversarial nations with regard to these technologies,” Susskind added.
Former Congressman Hurd said that “the issue of cybersecurity is the easier issue.” “Our global leadership is eroding away,” he said. “China is no longer a near-peer, it’s a peer. We need our immigration to attract the kind of technology talent we need. If China wants to steal our technology, let’s steal their engineers. We don’t have the workforce necessary to take on some of the existing challenges.”
He also emphasized that a national privacy standard is an absolute requirement and that the U.S. should use the EU’s GDPR as a model. “We have another fight coming down the pike — AI policy,” he said. “They will pass legislation in Europe on this issue, and we should engage them on the new Cold War with the Chinese.”
Tamarkin pointed out that, as a semiconductor and electronics company, Samsung is deeply concerned about security. “Cybersecurity is an ecosystem problem,” he said. “All the players have a role, and the burdens aren’t necessarily all on the device level.” Susskind agreed, noting that the Cyberspace Solarium Commission, a bipartisan intergovernmental body that issued a report in March 2020 on developing strategies against cyberattacks, “did a good job of educating Congress.”
“The move to 5G makes the attack surface bigger and more diffuse,” she added. “Winning the race to 5G was originally a policy issue, but when we delved deeper, we started hearing about the security risks of equipment and networks.”
Hurd noted that it took two years to pass the IoT Cybersecurity Improvement Act of 2020 that he introduced. “We need to create quantum resilience,” he added. “Remember Y2K? We spent $1 trillion to prepare for that. We have to be prepared for nation states to attack.” For him, the attack of the Florida water system with the intent to kill or harm the population was the most chilling attack. “We need to leverage the understanding of the private sector,” he added.
Tamarkin noted that Samsung has a bug bounty program that pays security researchers who find a bug and alert the company. “We’re constantly getting information from partners in government,” he said. “Cybersecurity is not static.”
Susskind advised, “know your software — and know what inputs are fueling the product.” “Cybersecurity labeling is going to be more important going forward,” she said.
Hurd noted that, despite polarized politics of recent years, there is bipartisan acknowledgement of the threat of China. “I want this century to stay the American century,” he said. “But that will only happen if America and our allies show global leadership in the way we have since WWII.”