As mentioned previously, the House Science Committee met yesterday to focus on the threat cyber security vulnerabilities pose to various critical sectors of the Nation’s critical infrastructure. Representatives from the oil and gas, chemical, electrical and communications sectors all testified that their industries are becoming more and more dependent upon public networks, those networks are under serious threat from cyber attack, and the federal government has a clear role both in supporting information exchange and coordination among all the industry stakeholders, and supporting a research agenda aimed at addressing the threat, primarily in the long-term. I’m not sure there’s much more I need to add to that, other than to point to the archived video, the hearing charter (pdf), and the testimony of the five witnesses.
A few observations:
We shouldnt have to wait for the cyber equivalent of a Hurricane Katrina – or even and Hurricane Ophelia might serve – to realize that we are inadequately prepared to prevent, detect and respond to cyber attacks.
And a cyber attack can affect a far larger area at a single stroke that can any hurricane. Not only that, given the increasing reliance of critical infrastructures on the Internet, a cyber attack could result in deaths as well as in massive disruption to the economy and daily life.
So our goal this morning is to help develop a cybersecurity agenda for the federal government, especially for the new Assistant Secretary. I never want to have to sit on a special committee set up to investigate why we were unprepared for a cyber attack. We know we are vulnerable, its time to act.
Perform R&D aimed at improving the security of existing deployed technologies and to ensure the security of new emerging systems; Develop new and enhanced technologies ofr the detection of, prevention of, and response to cyber attacks on the nation’s critical infrastructure; and Facilitate the transfer of these technologies into the national infrastructure as a matter of urgency.
Of course, as PITAC found in its review of the nation’s cyber security R&D portfolio, even this narrow commitment to the short-term suffers from a severe lack of priority within the agency. The agency has requested only $17 million for FY 06 ($1 million less than last year) for cyber security research, out of a total S&T budget of over a billion dollars. I was disappointed that the members of the committee didn’t spend more time questioning DHS’ priority when it comes to funding cyber security R&D.