House S&T Committee Discusses Cyberspace Policy Review Report With Federal Agencies
The House Science and Technology Committee held a hearing Tuesday afternoon to review the response of the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), the National Science Foundation (NSF), and the Defense Advanced Research Projects Agency (DARPA) to the Administration’s recently released Cyberspace Policy Review (pdf). Near-term and mid-term action plans in the review raise a number of concerns relevant to the Committee’s work. These issues center around federal agency efforts in research and development, education, standards, information coordination and interagency collaboration. Witnesses called to testify were Ms. Cita Furlani, Director of the Information Technology Laboratory (NIST); Dr. Jeannette Wing, Assistant Director at the Directorate for Computer & Information Science & Engineering (NSF); Dr. Robert Leheny, Acting Director (DARPA); Dr. Peter Fonash, Acting Deputy Assistant Secretary at the Office of Cyber Security Communications (DHS).
Technology and Innovation Subcommittee Chairman David Wu (D-OR) opened the hearing by expressing his concern regarding previous federal cyber security efforts he believes were too “output oriented” rather than “outcome driven”, and was hopeful that the new administration will focus on achieving fewer breaches of federal systems, fewer cases of identity theft, as well as ensuring the security of smart grid systems and health IT systems. In his opening statement, he called upon witnesses to explain how each agency hopes to improve its cyber security in light of the Administration’s review.
Speaking next, Representative Adrian Smith (R-NE) drew attention to the agencies’ efforts in investing appropriately in cyber security research and development, securing the dot-gov domain as well as the critical infrastructure of the private sector.
Research and Science Education Subcommittee Chairman Daniel Lipinski (D-IL) emphasized the need for increased collaboration between public and private sectors to expose weaknesses in security and share breach information, as well as a multidisciplinary approach to cyber security in order to understand how we interact with computers and their information, calling people the “weakest link” in cyber security.
In their opening remarks, the witnesses discussed their responses to the review. They each expressed their appreciation that the review highlights the need for unclassified cyber security research and cyber security education. Ms. Furlani restated NIST’s mission to work with federal, state, local, private and academic institutions to develop the standards for information security. Dr. Wing, reminded the committee that many security measures implemented today are built on practices that were designed decades ago. Wing called for increased openness in the field of cyber security research. Looking ahead, she stated that the need to develop new practices based on current research could be filled by such an increase in the collaboration between industry and academic research institutions. Dr. Leheny echoed previous remarks that recognized the need for innovation to address cyber security threats. He also highlighted a DARPA project to develop a National Cyber Range that would have the ability to perform rigorous, realistic assessments of cyber security technology. In response to the review, Dr. Fonash described the role of the DHS in updating national security strategy, strengthening international partnerships, educating the public, and working with the U.S. Computer Emergency Response Team (CERT) to prepare for plan for cyber incidents.
The member questions tended not to focus on any particular issue. Rep. Ehlers (R-MI) asked the panel how we can ensure security and at the same time preserve the freedom of unfettered communication. Rep. Ehlers’ question about the decreasing enrollment of computer science majors in the U.S. led to a discussion of the various programs each agency has in order to address the seeming decline in computer science interest among students. Dr. Wing, citing the CRA Taulbee Survey and expressed hope that the recent uptick in enrollments will continue. Dr. Leheny described two DARPA programs that focus on developing the attractiveness of computer science for undergraduates and untenured faculty. Rep. Lujan asked the witnesses how we can tap into the expertise of classified cyber security practices and research. Wing responded by explaining the formal process for agency collaboration under the National Coordinating Office for Networking and Information Technology Research and Development (NITRD) where unclassified IT research and development investments for thirteen Ferderal agencies are coordinated. Rep. Smith, while acknowledging the need for public and private partnership in cyber security, asked Dr. Fonash how the private sector can be compelled to follow standards. Fonash responded by stressing the importance of information sharing programs in order for industry to not only be aware of security standards, but that they know how to take the appropriate measures to secure their private data. When pressed about the need for legislation in this regard, Fonash replied that he couldn’t say yes or no at this time.
Tuesday’s hearing was the second of three hearings on cyber security. The first hearing was held by the Research and Science Education Subcommittee on the research needs of improved cyber security. Computing Research Association board member Dr. Fred Schneider testified about the state of cyber security education as well as the range of federally supported research. The final hearing regarding the cyber security activities of NIST and the DHS will be held next week.
An archived webcast of the hearing as well as copies of witness testimonies can be found on the House S&T Committee website.