Today in a joint hearing of the Subcommittee on Technology and Innovation (T&I), and the Subcommittee on Research and Science Education (R&SE), Committee members questioned the Administration on President Obama's cybersecurity legislative plan, the 2009 Cyberspace Policy Review, and whether the multi-billion dollar Federal investment in cybersecurity should place greater emphasis on coordination of research and development (R&D) between the various agencies in order to more effectively achieve long-term security. Cybersecurity research and development efforts include working on the prevention of cyber attacks, detecting attacks as they are occurring, responding to attacks effectively, mitigating severity, recovering quickly, and identifying responsible parties.
"Since so many agencies have cybersecurity responsibilities, and federal efforts in this area are growing, I am concerned that agencies may actually compete with each other for cyber ownership" said T&I Chairman Ben Quayle (R-AZ). "Congress must ensure that agencies are working collaboratively to avoid duplication and inefficient use of precious taxpayer funds." Quayle also stressed the value of standards in cybersecurity and the need to ensure that any comprehensive legislation leverages the expertise of all federal assets.
R&SE Chairman Mo Brooks(R-AL) echoed the need for close oversight, saying, "Our role in Congress is to ensure that Federal investments are made wisely, and once made, investments must produce significant value for the nation."
In reviewing the activities of the agencies' cybersecurity programs, the hearing specifically focused on how each agency is addressing: objectives of the 2009 Cyberspace Policy Review; efforts to educate and develop the necessary cybersecurity personnel; and how standards development is coordinated with other relevant agencies. The Cyberspace Policy Review was released on May 29, 2009 by the Obama Administration and recommended an increased level of interagency cooperation among all departments and agencies, specifically highlighting the need for information sharing concerning attacks and vulnerabilities. The review also addressed the need for an exchange of research and security strategies essential to the efficient and effective defense of Federal computer systems. Moreover, it stressed advancing cybersecurity R&D to guarantee a secure and reliable infrastructure, through partnering Federal Government efforts with the private sector.
Dr. George O. Strawn, Director of the National Coordination Office for the Networking and Information Technology Research and Development Program (NITRD) said that R&D will be essential not only to better meet existing vulnerabilities, but also to work toward addressing emerging threats and developments. Strawn also stressed the importance of coordination in reducing duplication of efforts. "The coordination of such research and development, and the transition to practice of its successful results, are key components of the NITRD contributions to improving cybersecurity."
Dr. Farnam Jahanian, Assistant Director of the Directorate for Computer and Information Science and Engineering at the National Science Foundation (NSF) also expressed the weight of importance R&D has on the nation's future, "With robust sustained support for cyber security research and development in both the executive and legislative branches, there is a unique opportunity to protect our national security and enhance our economic prosperity for decades to come."
Since the release of the Cyberspace Policy Review, NITRD has continued to provide leadership in coordinating Federal unclassified R&D. The Department of Homeland Security (DHS) has been tasked with monitoring Federal civilian networks for cyber attacks and coordinating the gathering and dissemination of information on cyber attacks to Federal agencies and private industry. NIST currently develops cybersecurity standards for non-national security Federal information technology systems; and NSF serves as Co-Chair to NITRD and, acts as the principal agency supporting unclassified cybersecurity research and development, education, and the development of cybersecurity professionals.
Rear Admiral Michael Brown, Director of Cybersecurity Coordination in the National Protection and Programs Directorate at DHS, emphasized that Americans depend on cyber infrastructure. "It is important to recognize that we do not undertake cybersecurity for the sake of security itself, but rather to ensure that government, business and critical societal functions can continue to use the information technology and communications infrastructure on which they depend," Brown said.
At today's hearing Rep. Michael McCaul (R-TX) who has been a leader in cybersecurity issues, expressed his intent to introduce legislation in the coming weeks to enhance the 2002 Cybersecurity R&D Act. The legislation will be similar to a bill he cosponsored with RSE Ranking Member Daniel Lipinski (D-IL) in the 111th Congress that overwhelmingly passed the House, but stalled in the Senate.