House hearing: U.S. in "dangerous" cybersecurity state
Public and private cybersecurity experts, in a hearing before Congress on Tuesday, discussed goals and challenges of federal government cybersecurity initiatives going forward.During the hearing before the U.S. House Subcommittee on Emerging Threats, Cybersecurity, Science and Technology, witnesses discussed goals for the 60-day review of federal government cybersecurity initiatives ordered last month by President Obama. The review is underway, being overseen by former Bush aide, Melissa Hathaway. [SC Magazine erroneously reported on Monday that she was scheduled to present an update on the review's status to the committee.]
“We find ourselves in an extremely dangerous situation today – too many vulnerabilities exist on too many critical networks, which are exposed to too many skilled attackers who can inflict too many damages to our systems,” said Rep. Yvette Clarke, D-N.Y., who chairs the subcommittee, during opening statements. “Unfortunately, to this day, too few people are even aware of these dangers, and fewer still are doing anything about it.”
Amit Yoran, chairman and CEO at cyberintelligence firm NetWitness, who was among the witnesses that testified at Tuesday's hearing, said the federal cybersecurity mission needs improvement. Yoran said the White House must lead efforts, which should involve the intelligence community and the private sector.
Yoran also said that research and development must be bolstered, standards for securing systems must be reformed, and a legal analysis of the governance, authority and privacy requirements is needed. Also, Yoran said the roles and responsibilities of federal departments, including the Department of Homeland Security and the National Security Agency, must be better defined.
Commenting on the proceedings, security software veteran Phil Lieberman, founder and CEO of Lieberman Software, said it is clear that the President is the ultimate “big hammer” when it comes to making government agencies cooperate and behave properly, but as with any CEO, he cannot be everywhere and needs clear policies that take care of the majority of situations that occur each day.
“Unfortunately, most of the time was spent talking about building better walls and doors, and going in circles as to who is in charge on the government site,” Lieberman, who listened to the hearing online, told SCMagazineUS.com in an email Tuesday.
Josh Shaul, vice president of product management at database security firm Application Security, said Congress must offer adequate funding to enable the strengthening of cybersecurity.
“Also, the sudden resignation of Rod Beckstrom as the director of the National Cybersecurity Center reflects the bureaucracy that can hinder policies,” Shaul said. “It remains to be seen if the NSA's influence over federal cybersecurity initiatives will be effective.”
Rod Beckstrom, director of the National Cybersecurity Center (NCSC), an agency of the U.S. Department of Homeland Security, resigned last Friday. In his resignation letter, Beckstrom cited frustration over inadequate NCSC funding and said the NSA "effectively controls" DHS's cybersecurity efforts.
The subcommittee plans to hold two other hearings on cybersecurity this month, on March 17 and 24.
Copies of written testimony from Tuesday's proceedings are available on the Committee on Homeland Security website.
