A week after President Obama announced an agreement with Chinese President Xi Jinping to limit corporate espionage—a tentative step toward setting up norms of state behavior on the Internet—a panel of senators urged cybersecurity officials in the Defense Department to go further in establishing clear rules of war for cyberattacks.
As members of the Senate Armed Forces Committee pushed Tuesday for a more clearly delineated cyber policy—and better follow-through to make U.S. intentions clear—the committee's chairman, Sen. John McCain of Arizona, suggested the lack of such a policy is illegal.
In a heated exchange, McCain pressed Deputy Defense Secretary Robert Work on his department's progress in developing an "integrated policy" for cybersecurity, a task Congress assigned the department in the fiscal year 2014 Defense reauthorization bill.
"Suppose there's an attack, a cyberattack, like the one on OPM," McCain said, referring to a pair of data breaches at the Office of Personnel Management that affected more than 22 million individuals. "Do we have a policy as to what we do?"
Work began responding, haltingly, "The first is to try—first we deny and then we first find out, we do the forensics—"