(Washington, DC) – Today the House Committee on Science and Technology’s Subcommittee on Technology and Innovation and Subcommittee on Research and Science Education held a joint hearing to hear responses to the Administration’s Cyberspace Policy Review from the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), the National Science Foundation (NSF), and the Defense Advanced Research Projects Agency (DARPA).
“In order to secure government networks and critical infrastructure, it was essential to first conduct a review of our federal cyber security structure,” stated Technology and Innovation Subcommittee Chairman David Wu (D-OR). “The Administration’s cyberspace review does not make any brand new recommendations. However, it is valuable as a frank assessment of current federal activities and a roadmap for what needs to be fixed.”
“A secure and resilient cyberspace is vital not only for the federal government, but for businesses—large and small—and for every single American,” said Research and Science Education Subcommittee Chairman Daniel Lipinski (D-IL). “This goal can only be realized through our combined efforts and a multidisciplinary approach to the problem.”
The recommendations of the review fell generally into four categories: improving interagency coordination; improving public-private partnerships; modernizing the research agenda; and enhancing both public and formal cyber security education.
While there is significant interagency collaboration currently taking place, improvements are needed to streamline coordination between the large number of federal departments and agencies with cyber security responsibilities and overlapping authorities. The review stated that leadership must come from the top and, for that purpose, the president plans to appoint a cyber security official who will oversee the development and implementation of a national strategy for improving cyber security.
Because much of the nation’s critical infrastructure is maintained by the private sector, the federal government needs to develop a process to work with the private sector to help prevent, detect, and respond to cyber incidents.
The review calls for the development of R&D strategies that focus on game-changing technologies. It also emphasizes the importance of coordinating these strategies with the academic community and industry to leverage the federal investment, avoid duplication of efforts, and ensure that useful technologies make their way to the marketplace.
Witnesses and Members agreed that education is also a critical step, both teaching the information technology (IT) workforce the skills necessary to incorporate security into software and systems from the beginning, and giving the general public a better awareness of the risks and consequences of poor security practices. Witnesses discussed the importance of encouraging undergraduates to pursue computing degrees and emphasized the need to engage students at the K-12 level regarding cyber security.
“People are the beneficiaries of IT but also the weakest link in IT security, and computer scientists need to team with social scientists to gain a better understanding of how humans interact with and utilize technology,” said Lipinski.
“Previously, federal efforts were output oriented—focused on things like the number of programs, funds spent, or numbers of interagency working groups—rather than outcome driven,” said Wu. “I am pleased that the new administration has made cyber security a top priority and is focusing efforts on achieving outcomes such as fewer breaches of federal systems, fewer cases of identity theft, and the security of smart grid systems and health IT systems.”