How one congressman is working to get the the government and industry to team-up against foreign threats
The last year of high-profile hacks has been a “clarion call” for the federal government and the private sector to work together to combat security threats from foreign adversaries, according to Rep. Rick Crawford (R-Ark.).
The fifth-term lawmaker — who serves on the House Intelligence, Agriculture and Transportation and Infrastructure committees — is uniquely situated to glean insights about the recent spate of incidents, from the SolarWinds breach and the Colonial Pipeline cyberattack to the stream of ransomware attacks on the agriculture sector.
That’s why earlier this month Crawford hosted the first ever “Scale Up” event in his district. The day-long, closed-door symposium saw around 260 thought leaders from across the Natural State hear presentations from the Office of the Director of National Intelligence, the FBI and CISA about the dangers posed by digital criminals and hostile foreign governments.
The Record sat down with Crawford in his Capitol Hill office last week to discuss the event, his takeaways from it and how he plans to keep both sides talking to each other. The conversation has been edited for length and clarity.
Why hold the “Scale Up” event?
I've actually been working on this for about three years. The urgency was ramped up because of [Covid-19], because of what I was seeing as gaps, threats, weaknesses, vulnerabilities in a variety of industries and particularly with ag.
The issue is, how do we get industry stakeholders that are engaged in more of a defensive posture and also a proactive posture? You can achieve both those things. But they don't know how to communicate with law enforcement and the appropriate channels. That is one of the biggest gaps that we have. Regardless of the industry, they don't seem to know how to report suspicious behavior. If they feel like they're vulnerable to a cyberattack, for example, who do they call? They don't know. Cyber is the tip of the iceberg. There are a lot of other vulnerabilities out there.
I just thought we really needed the intelligence community to engage the private sector. They've not done that.
It took a while to impress upon them and I honestly think, unfortunately, it was the JBS hack, the Colonial Pipeline hack, and some other, smaller types of incidents that got them to say ‘Yeah, we should do this.’
Were people skeptical about the event’s value? What was the response from attendees?
There was a lot of credibility in the presenters that made people say, ‘This is probably worth my time.’
I spoke with [Director of National Intelligence Avril Haines] on this topic a couple of times. She wrote a letter, basically letting me know that they were authorizing this, and then wrote some handwritten comments in the margins that indicated to me that she was fully committed. That gave me a lot of confidence that this was going to be a good presentation.
The response that we got was phenomenal. I honestly think that if we had put this off another week or two we could have doubled attendance, as it was we had to cap the number … The bigger something gets, the harder it becomes to communicate. Not only are people attending, they want some dialogue. So did ODNI. They wanted to get some Q&A and generate dialogue because that was the whole point of it.
I think people were shocked. Because a lot came thinking cyber was the primary focus. [Acting National Counterintelligence and Security Center director Mike Orlando’s] presentation had to do with a very detailed assessment in relation to the China threat … and gave several examples of where the Chinese Communist Party has been particularly aggressive.
It was just stunned silence. I mean, the look on people's faces as he's making this presentation. It was just — they had no idea.
We've done an after action report and a post-event survey, continuing to get comments. They're all favorable. They're all saying, ‘When are you going to do it again?’ In fact, I had a conversation this morning with Mr. Orlando and he was very well pleased with the event. They're fully prepared to replicate this in other states.
Will you hold the event again?
I would like to do it annually. A lot of it will depend on the uptake from other members. We already have three members on [House Intelligence] that have said they want this presentation in their district.
Of course, the template exists there to make it easier for them to produce it, because the leg work's been done and you don't have to reinvent the wheel. There's some flexibility in terms of each individual district is different — has different concerns, different industries.
How do you make sure that the federal government and the private sector don’t go back to their respective corners and not share information?
That's my challenge here and that's what we're trying to do, starting in the intelligence community, broadening this out, sharing with the other members: ‘This is what we're doing back home in Arkansas. Arkansas can't do it alone. Take this, what we've done here, and let's replicate it and continue to do that.’ This can't just be a one-off thing.
Yes, it's going to require a little more work on everybody's part but the net effect is that everybody's going to be better prepared on an ongoing basis.
We're already being asked to do it again next year by people who were in attendance. It's going to change. The subject matter will change. The breakout sessions will change. But the fact that the engagement doesn't is the critical part. It's keeping that part going, keeping that dialogue open, and letting the private sector know that we are proactively engaged.
It may be difficult, it may require a little extra work, not just on our part, but on the IC’s part.
I'll tell you this from the presenter's perspective: I could see the energy with which they were presenting. This was a great opportunity for them and my sense was that they saw it as that. This is what they needed to reach out on a broad scale.
You sit on the House Intelligence, Agriculture and Transportation and Infrastructure committees. What can you do to keep the momentum going?
Well, I can't necessarily come into the Transportation committee and say, ‘Hey I just got this briefing from the DNI about a threat to this or that.’ But I can go in there and say, ‘Hey, we need to probably think about how we shore up security on this front. Here's what I'm suggesting.’
I'm not out there saying, ‘The sky is falling!’ But the reality is there are some things we need to do differently. That starts for farmers at the turnaround level. What are they doing from a security standpoint, on the farm and then as we get from the farm and those commodities move into the supply chain, further processing? What are those ag producers and further processing facilities and then ultimately the wholesaler and the retailer, what are they doing and how is that whole chain, secure so that by the time it gets to the marketplace we haven't compromised the integrity of our food chain or disrupted it.
Last question. What was the last book you read?
The last book I read was probably True Grit. It's one of those books that it's way better than the movie. Both of the movies were awesome, but the book is so much better. It's one of those books that I will pick up and read, occasionally, because it's just so well done.
I've also been writing. That's how I spend my time on the airplanes, writing. I've spent an awful lot of time and finished a book.
I don't know what the timeline is. I've got some publishers looking at it but we'll see what happens.
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.