Miller Gives Major Speech On Cyber Policy At National Press Club
Press Release
Miller Gives Major Speech On Cyber Policy At National Press Club
Cyber attacks "are growing more frequent and more devastating," Rep. Jeff Miller, said at a discussion on cybersecurity March 17 at the National Press Club in Washington.
"Recent events will remind us that we are all in a cyberwar right now, whether you want to call it a war or not," he added, citing the 2007 cyberattack that shut down government Web sites in Estonia, the 2008 cyberattacks against Georgia, and an attack that hit 1,500 computers in the Defense Department in November and damaged the networks for U.S. Central Command.
Those incidents highlight the need for the U.S. to determine the origin of the attack, when it reaches the threshold of terrorism and what is the most appropriate response.
Miller, a member of the House Armed Services Committee and ranking member of the terrorism, unconventional threats and capabilities subcommittee, was the keynote speaker at the event held by a recently formed consortium of IT companies called the Secure Enterprise Network Consortium (SEN-C). The group formed in October "to help the United States address its cyber security needs," and Tuesday's forum was its first public event. SEN-C's members are Accenture, CA, Cisco, Sun Microsystems and the Energy Department's Los Alamos National Laboratory.
Information technology is a part of every national security and defense acquisition, Miller said, and one concern is that cyberthreats could come from within computer hardware, in addition to coming through Internet connections.
"There's a growing concern that major manufacturing for many mission-critical semiconductors have moved off-shore, primarily to Asia, and the inherent risk associated with procuring electronic components that have been designed, fabricated, tested and packaged in unsecure facilities abroad demand a well-planned and a structured response," Miller said.
Congress has asked the Defense Department to look at potential vulnerabilities in the electronic components supply chain and find methods to assure a specific level of "trust," he added.
Other speakers at the event - representatives from each of SEN-C's members - spoke on the challenges the U.S. government faces in protecting its information and computer networks.
Several speakers said no technology can completely protect information networks, especially because the nature of cyberattacks changes continuously and those determined to get sensitive information will find ways to do so. Instead, the government should focus on building a "baseline" level of protection.
"Certainly, we should be building into this a baseline protection of information, but we should be going into that with our eyes wide open that if, in fact, somebody really wants that information, no matter what you build in as the baseline, the information can still be gotten. So we're really building a level of comfort" for protecting information, Wayne Fullerton of Cisco Systems said.
In addition to a dire outlook of growing cyber security threats, the speakers also suggested possible options for protecting sensitive information, such as allowing only temporary access to information, tailoring the level of access to the location access is requested from, and more open-source systems and software.
Open-source software, in which the source code is in the public domain instead of under copyright and can be changed and improved by users, would mean potential cyber attackers couldn't hide harmful problems in the code, said Bill Vass, president of Sun Microsystems Federal.
In terms of state-sponsored cyberattacks, "if you open source it, they can't hide anything in the code," Vass said. "Everything gets fixed before it's exploited."
A recent Homeland Security Department study found open source products were six times more secure than proprietary products, on average, he said. As more federal agencies start to use open source programs and databases, "we're going to get a higher level of cybersecurity, just from that."
Source