Rep. Will Hurd (R-TX) is a former undercover CIA officer, small business owner and cybersecurity expert. In Washington, he serves as Chairman of the Information Technology Subcommittee on the Oversight and Government Reform Committee and Vice Chair of the Maritime and Border Security Subcommittee on the Committee for Homeland Security .
He published the following op-ed this morning in Red Alert Politics.
I started an unusual job after I graduated college. In the back alleys of foreign nations, I was recruiting spies and uncovering secrets.
I was an undercover officer in the Central Intelligence Agency.
Joining the CIA was based on my desire to serve our nation and protect our Homeland from enemies both domestic and abroad. The generations of officers before me spent most of their careers protecting state secrets,sensitive documents and data of a physical nature. During my almost ten years spent in the CIA, digital data and cybersecurity became a major focus.
As long as there has been important and secret information on a computer somewhere, there have been bad guys trying to break into the system to steal it. For our government, this put our national security at risk. For U.S. companies, trade secrets were vulnerable. And for individuals, identity theft was a serious issue that left people feeling vulnerable and violated.
As more and more information has been transferred and stored online, the danger has only increased. While we as a nation have tried to stay a step ahead of these cyber criminals and hacktivists with malicious intent, the truth is that we always seem to be one step behind.
It is no longer about keeping the bad guys out. If you give attackers enough time, they will get into your system. So a core principle of cybersecurity is – always begin with the presumption of breach. The relevant questions are: How fast can you detect an intrusion? Can you stop intruders from advancing once they are in? Do you have the ability to kick a bad guy out of your system? And, can you determine how much they learned about your network while they were inside?
These are the questions that those of us who are focused on forming solid cybersecurity policies are asking. And it is vitally important that we ask the right questions and come to the right conclusions, because these bad guys mean business.
One person can have major impact. And they are not just focused any more on stealing your identity. They want to learn how to tap into the flight controls of airlines so they can bring a plane down. They are trying to figure out how they can access a network to change the amount of insulin a wirelessly controlled pump releases into the body of a diabetic. They want to know how to disrupt our communications and energy networks, creating systematic failures and bring our economy to a standstill.
They want to create utter chaos.
I know this because I spent years trying to stop them.
Cybersecurity is not just a buzzword. Cyber-attacks are real and they can affect you. If you are fortunate enough to have avoided one so far, do not let that lull you into a false sense of security. You could easily be next.
One of the reasons I wanted to continue serving my country in Congress was so that I could keep working to stop this. Just to be clear, I do not think there is a simple solution. Technology is inherently always changing. Our policies relating to cybersecurity must constantly adapt as well. These folks are smart and relentless and always looking for the next line of attack. But that does not mean we cannotthwart their efforts.
How do we accomplish this?
As a nation, both in the private and public sectors, we are going to have to work together to find the answer. We need to be nimble, creative and vigilant. We need to be just as relentless as they are. One thing we must always remember as we do this is that we have to uphold the constitutionally protected civil liberties that help ensure the privacy of every American.