On Tuesday January 27th, the Research and Technology Subcommittee of the House Science, Space, & Technology Committee held it’s first hearing of the 114th Congress. The topic was expanding cyber threats and cybersecurity, and the subcommittee heard from experts from both the private sector and government agencies. Assistant Director of CISE, Jim Kurose, testifying for the first time in his new position, told the subcommittee that sustained investment in basic research is need to combat these threats and that it is a socio-technological issue that requires involvement from behavioral researchers as well.
Subcommittee Chairwoman Barbara Comstock (R-VA) opened the hearing making the point that, “advances in technology and the growing nature of every individual’s online presence means cybersecurity needs to become an essential part of our vernacular.” Further elaborating on the threats the country is dealing with, she went on:
Instances of harmful cyber-attacks are reported regularly and expose the very real threats growing in this area. Financial information, medical records, and personal data maintained on computer systems by individuals and organizations continue to be vulnerable. Cyber-attacks on companies like Sony or Target and the U.S. Central Command will not go away and we have to constantly adapt and intercept and stop these threats before they happen and understand where and how they are happening and stay ever vigilant. Utilizing targeted emails, spam, malware, bots and other tools, cyber criminals, “hacktivists” and nation states are attempting to access information technology systems all the time. The defense of these systems relies on professionals who can react to threats and proactively prepare those systems for attack. (Citation)
Ranking Member Daniel Lipinski (D-IL), in his own opening statement, agreed with the chairwoman, saying that, “cybercrimes are ever-increasing. The threats are not only growing in number, but in the level of sophistication.” There was no dissenting opinions from any members of the subcommittee, Democrat or Republican, that cyber threats are real or that the country needs to do more to understand and combat them.
The witnesses for the hearing represented the cybersecurity community quite well. In addition to Dr. Kurose, there was Cheri McGuire , Vice President, Global Government Affairs & Cybersecurity Policy, Symantec Corporation, who shared the insights her company has from their customers and global security network; Charles Romine, Director, Information Technology Laboratory, National Institute of Standards and Technology (NIST), which is the lead agency within the Federal Government in creating standards and distributing best practices throughout the cybersecurity community; Eric A. Fischer, Senior Specialist in Science and Technology, Congressional Research Service, who spoken about the long term challenges and short term needs of the cybersecurity, as well as the Federal role in the field; and Dean Garfield, President and CEO, Information Technology Industry Council, who provided the IT industry perspective of what is going within the industry and how Congress can help. You can read their individual testimony on the Science Committee website.
To sum up, all the witnesses agreed that what was most needed is a sustained investment in basic research for cybersecurity, as well as research into how people interact/use cybersecurity technology. As Dr. Kurose put it, any solutions will be “socio-technical” ones; behavioral research is needed just as much as the physical science research. As well, more interactions between Federal agencies, particularly NIST, and industry is needed in order to get the latest information on threats and best practices. This was brought up, not so much because there is bad or no interaction now (many witnesses stated the opposite; NIST was highly praised by both witnesses and members of the subcommittee) but that the threats change so quickly, necessitating close communication.
Many of the questions asked by committee members showed an interest and a realization of the challenges in cybersecurity. Chairwoman Comstock asked all the witnesses on how Congress should engage their constituents on this matter; the general response being that everyday people need to take this issue seriously and use the security tools that are available. Ranking Member Lipinski asked Mr. Garfield of the IT Industry Council if there is anything different that should be done within the Federal government R&D portfolio; the response was nothing new needs to be done but adequate funding is needed. Rep. Randy Hultgren (R-IL) asked about the status of research to get “beyond the password;” Mr. Garfield pointed out that many new security features and technology is already being deployed into the marketplace. There were even questions about how threats to personal information, such as fraudulent credit card usage, are tracked; this certainly demonstrated the everyday concerns for regular people that can dominate this discussion.
All in all, it was a very informative hearing. One gets the sense that the members of Congress walked away with a good picture of the threats and what is being done about it. And aside from a few off-topic political questions, there was no grandstanding or disagreement (something that is becoming rarer on the committee, sad to say). Hopefully this augurs well for the coming year and this topic specifically.
Photo by CERDEC
We’re entering the final stretch for submitting nominations and applications for the 2015 Leadership in Science Policy workshop. The deadline is this Friday, January 23rd; we’ll be letting those who are selected know by February 2nd. If you know of someone who meets the qualifications and you would like to nominate them, or if you have already been nominated, now is your chance. Don’t miss out on this chance to learn about science policy from experts in the field.
If you are an upper-class undergrad, or are in grad school, and you’ve always been interested in science policy, but didn’t know where to begin, then do we have a lead for you! The American Association for the Advancement of Science (AAAS) has brought together for a second year, a coalition of scientific and engineering societies, universities, and academic organizations to create a program to introduce science policy and advocacy to the next generation of scientists and engineers.
Called CASE, which stands for Catalyzing Advocacy in Science and Engineering, it is a chance for upper-class undergraduates and graduate students in the science, mathematics, and engineering disciplines to take part in a three-and-a-half day workshop in Washington DC in the spring of 2015 (April 12-15). Students will learn about:
“the structure and organization of Congress, the federal budget and appropriations processes, and tools for effective science communication and civic engagement. In addition, students will participate in interactive seminars about policy-making and communication. By the end of the workshop students will have an opportunity to learn about ways to remain engaged through on-campus activities.” (See more here.)
Additionally, students will participate in teams after the workshop to conduct meetings with their Members of Congress and congressional staff to put what they learned to use. It’s a great chance to learn why things happen in Washington and if it’s something you’d want to consider for a career.
How can you get involved? Well it’s a sponsoring process: each student must be sponsored by a university or professional society, and institutions may send one to two students. Sponsoring institutions are responsible for a $100.00 registration fee per student, as well as all associated travel and lodging costs. The deadline is February 6th; space is limited and it is first-come, first-served.
This sounds very similar to CRA’s LiSPI workshop, only geared to students. And it is providing a valuable tool to the science community, as often there is a disconnect between what goes on in Washington and how that impacts those in the science community (and what the science community can do about it). This helps bridge that natural disconnect. While CRA isn’t participating specifically in CASE, the groups who are organizing it are some of the best in the science policy world of Washington. If you’re interested, I’d encourage you to apply.