We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Feds Warn of Cyber Threats, Seek Expanded Authority for DHS

Federal cybersecurity officials on Wednesday gave lawmakers a sobering warning about the vulnerabilities of critical information technology systems across the public and private sectors, describing a laundry list of threats and the challenge of keeping up with hackers who are continually seeking new methods of attack.

Appearing before a House subcommittee, cybersecurity authorities from the Department of Homeland Security, the Federal Communications Commission and other government arms testified to the work their agencies are undertaking in response to the ongoing threats, both internally and in concert with the private sector, but acknowledged that the challenges remain formidable and appealed for expanded government authority to shore up the nation's digital defenses.

"Cybersecurity threats are a real and present danger to our current economy and well being," retired Adm. James Barnett, chief of the FCC's Public Safety and Homeland Security Bureau, told members of the Energy and Commerce Committee's Subcommittee on Communications and Technology. "No one would tolerate the level of criminality, thievery, vandalism or invasion of privacy if it were done in the physical world, and we really can no longer afford to tolerate it in cyberspace."

Barnett and other witnesses described a wide range of threats and vulnerabilities that imperil communications networks, including weaknesses in the domain name system, or DNS, man-in-the middle attacks, route hijacking and weak spots in the supply chain.

But while there is broad agreement that the threats are severe and constantly evolving, deep divisions arise in the policy debate over what role the federal government should play in developing and overseeing the nation's digital defenses.

The Department of Homeland Security is at the center of that discussion. In the Senate, competing bills have emerged to address the cybersecurity challenge. One proposal, backed by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine), would grant DHS new authorities to oversee private-sector digital infrastructure that was deemed critical. A competing bill takes a far more limited approach, focusing instead on facilitating the sharing of information about cyber threats among public and private entities. The Republicans backing that measure, the SECURE IT Act, have been sharply critical of DHS' performance on many security fronts, including cybersecurity.

Those same suspicions were on display in Wednesday's House hearing. Rep. Mary Bono Mack (R-Calif.), who yesterday introduced the companion bill to the SECURE IT Act in the lower chamber, cited the department's handling of the Chemical Facility Anti-Terrorism Standards program, which she said has squandered hundreds of millions of dollars without measurably improving the infrastructure of the chemical sector. How, then, could DHS be trusted to oversee cybersecurity?

Roberta Stempfley, acting assistant secretary for cybersecurity and communications at DHS, acknowledged the department's missteps with the chemical program, but said that the differences between the two industries are "profound," and noted the extensive work that DHS has already done in the cybersecurity arena, where it is the lead agency in charge of securing the systems on the civilian side of the federal government.

Bono Mack's frustration was evident.

"With all due respect, I didn't really hear an answer in your answer," she shot back. "I think you've rattled off quite a list of acronyms, but I don't know that my constituents would feel safer by the list of acronyms that you have used."

The witnesses representing government agencies each endorsed the expanded regulatory authority that the Lieberman-Collins bill would grant DHS, adding to the ranks of senior administration officials who have spoken out in support of the legislation.

But even as the Senate is poised to take up the Lieberman-Collins bill in a floor debate, any legislation that includes the DHS provisions would face vehement opposition in the Republican-controlled House. Time and again, critics have argued that the federal government is not agile enough to oversee such a rapidly evolving area as cybersecurity, and that expanded regulatory authority would shift scarce industry resources from defense to compliance, with the perverse outcome of actually undermining security.

"Frankly, putting an agency in charge of developing rules, even with collaboration, is dooming that industry," said Rep. Lee Terry (R-Neb.).

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.

Read more about government in CIO's Government Drilldown.

IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model