The House Energy and Commerce Subcommittee on Communications and Technology, chaired by Rep. Greg Walden (R-OR), today continued a series of hearings on cybersecurity threats to our nation's communications networks. Members heard from five public sector witnesses who provided an update on current practices and input on how the federal government can improve its role in securing networks.
"Today we heard from some of the agencies within our government that are working to meet the threats, both in terms of what is being done to promote cybersecurity as well as how we can better secure our nation's communications networks," said Walden. "The work being done by these government agencies to help address cybersecurity is just the tip of the iceberg of what we can achieve when our private sector innovation and public sector resources are put to a common task. Having heard from the private sector, I appreciated today's public sector perspective that gave members a more complete picture of the cybersecurity landscape."
Rear Admiral James Barnett, Chief of the Federal Communications Commission's Public Safety and Homeland Security Bureau, testified that last week the Communications Security, Reliability and Interoperability Council approved voluntary, industry-based recommendations and that "numerous ISPs, including Comcast, Verizon, AT&T, Time Warner, Sprint, Cox, T-Mobile, Frontier, and Century Link have already pledged to implement the CSRIC recommendations as they apply to their respective networks and infrastructure. This means that these new cybersecurity measures will soon be protecting a significant majority of American Internet users, and we hope more ISPs will adopt these measures."
Fiona Alexander, Associate Administrator in the Office of International Affairs at the National Telecommunications and Information Administration, testified that "Governments, as well as other stakeholders, must continue to support the deployment and development of the Domain Name System Security Extensions," which authenticate the origin of DNS data and verify its integrity.
Dr. Gregory Shannon, Chief Scientist for the CERT Program at the Software Engineering Institute at Carnegie Mellon University, said, "As we have come to understand the threats, gain experience with pragmatic solutions, and consider the role for the public and private sector, we see two opportunities for significantly improving cybersecurity. The first opportunity is to broadly promote the identification of and use of scientifically and operationally validated policies, best practices, technologies, standards, products, etc. The second is to actively enable the controlled collection of and access to high-fidelity operational (real) data for research."
Office of Cybersecurity and Communications at the Department of Homeland Security's Acting Assistant Secretary Roberta Stempfley stressed the importance of working with the private sector. "Because the private sector owns much of the nation's infrastructure, protecting it is a responsibility that the federal government cannot, and should not, shoulder alone," said Stempfley. "Instead, we must collaborate closely with our public and private sector partners. The work that public safety agencies, federal partners, and industry are doing to ensure effective and secure network operations is a significant start, and DHS looks forward to continued partnerships with government and private-sector stakeholders to build a secure communications network for our nation's first responders."
Robert Hutchinson, Senior Manager for Information Security Sciences at Sandia National Laboratories, said, "The government is taking significant steps in sharing information about cyberthreats with industry; what makes this task difficult is a lack of agreement on what should be done with the shared data. We need information sharing that enables a community of stakeholders to execute a strategy. We need information sharing systems that respect not only data, but the strategy and rules associated with that data. A system with clear, enforced rules should enable both government and industry to benefit while allowing all stakeholders to effectively manage their own businesses interests and risks."
In response to members' requests for input on how Congress should move forward, the witnesses advocated that any actions should bolster communications and trust between the public and private sector and incentivize the private sector and government to work together. Witnesses also cautioned against implementing rules that stifle innovation and place an onerous burden on the providers or intelligence community.