Carly Fiorina: Cybersecurity 'Has To Be a Central Part of Any Homeland Security Strategy'
Despite a Republican presidential field that (mostly) says the U.S. needs to get more aggressive on national security, the candidates have been muted on recent revelations that China has pilfered a massive cache of personal information on millions of U.S. government employees.
But cybersecurity should be a "huge" part of the general security conversation, and now is the right time to talk about it, according to Carly Fiorina, who is among those seeking the Republican nomination.
The former Hewlett-Packard CEO, who has had first-hand experience with cyber-security issues, sent out a statement in reaction to the hack at the government's Office of Personnel Management, which could have exposed data from up to 14 million current and former government employees, including 127-page applications for security clearances. Bloomberg invited her to expand.
"This has to be a central part of any homeland security strategy," Fiorina said in the interview. "The Chinese have had a long-term effort to hack into our databases and systems, which suggests that we should have been on guard for a very long time.
"I’m outraged about this," she added. "It is yet another example of the complete breakdown of government competence."
Speaking on the condition of anonymity to discuss intelligence matters, U.S. officials investigating the intrusions at OPM and a number of government contractors have confirmed that the hacks have been traced to the Chinese intelligence service.
As a Republican presidential hopeful, Fiorina has political reasons to cast doubts on the competence of President Barack Obama's Democratic administration. Her background as a technology executive also makes talking about cybersecurity an opportunity for her to distinguish herself in the crowded field.
Her experience, however, is indisputable. She served on civilian advisory boards for the CIA and National Security Agency. She was also instrumental in securing a literal truck-load of servers for the NSA in the weeks after 9/11, according to the National Review.
So what would be her first concrete policy suggestion for preventing another hack? Centralize the government's cybersecurity operation and put it in the Department of Defense or the Office of the Director of National Intelligence.
"You have to have a consolidated command that has the accountability, the responsibility, for protecting the security of all government systems and databases," she said. "You can’t have this piece-mealed throughout government."
On this, she seems to agree with the president, who directed the government to centralize cybersecurity efforts after a 2009 report found that "The Federal government is not organized to address this growing problem effectively now or in the future" and that "Responsibilities for cybersecurity are distributed across a wide array of federal departments and agencies, many with overlapping authorities, and none with sufficient decision authority...."
The effort is far from complete, though. Even the deployment of hack detection and prevention is still ongoing and a patchwork of agencies, from the NSA and the Department of Homeland Security to the FBI are taking responsibility for the security of government computers.
Fiorina also spoke about streamlining government bureaucracy.
"You have to have exceedingly competent people who are there because of their particular expertise, not simply there because they’ve been in government long enough to get there," she said. "Not everybody has the skills to do this work."
In addition to a centralizing cybersecurity, Fiorina said the government should work with the private sector to detect and repel attacks, although Congress has hampered this by declining to pass legislation that would protect companies that report breaches to the government from legal action.
"Everything in our nation now is dependent in very real ways in network-centric technologies," she said. "While that gives us great capability, it also gives us great vulnerability."