By Kenneth Corbin
March 28, 2012 — CIO — Federal cybersecurity officials on Wednesday gave lawmakers a sobering warning about the vulnerabilities of critical information technology systems across the public and private sectors, describing a laundry list of threats and the challenge of keeping up with hackers who are continually seeking new methods of attack.
Appearing before a House subcommittee, cybersecurity authorities from the Department of Homeland Security, the Federal Communications Commission and other government arms testified to the work their agencies are undertaking in response to the ongoing threats, both internally and in concert with the private sector, but acknowledged that the challenges remain formidable and appealed for expanded government authority to shore up the nation’s digital defenses.
“Cybersecurity threats are a real and present danger to our current economy and well being,” retired Adm. James Barnett, chief of the FCC’s Public Safety and Homeland Security Bureau, told members of the Energy and Commerce Committee’s Subcommittee on Communications and Technology. “No one would tolerate the level of criminality, thievery, vandalism or invasion of privacy if it were done in the physical world, and we really can no longer afford to tolerate it in cyberspace.”
Barnett and other witnesses described a wide range of threats and vulnerabilities that imperil communications networks, including weaknesses in the domain name system, or DNS, man-in-the middle attacks, route hijacking and weak spots in the supply chain.
But while there is broad agreement that the threats are severe and constantly evolving, deep divisions arise in the policy debate over what role the federal government should play in developing and overseeing the nation’s digital defenses.
The Department of Homeland Security is at the center of that discussion. In the Senate, competing bills have emerged to address the cybersecurity challenge. One proposal, backed by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine), would grant DHS new authorities to oversee private-sector digital infrastructure that was deemed critical. A competing bill takes a far more limited approach, focusing instead on facilitating the sharing of information about cyber threats among public and private entities. The Republicans backing that measure, the SECURE IT Act, have been sharply critical of DHS’ performance on many security fronts, including cybersecurity.
Those same suspicions were on display in Wednesday’s House hearing. Rep. Mary Bono Mack (R-Calif.), who yesterday introduced the companion bill to the SECURE IT Act in the lower chamber, cited the department’s handling of the Chemical Facility Anti-Terrorism Standards program, which she said has squandered hundreds of millions of dollars without measurably improving the infrastructure of the chemical sector. How, then, could DHS be trusted to oversee cybersecurity?
Phi Beta Iota: The US Government is incompetent and does not represent the public interest. The only thing dumber than giving billions of dollars to the US Army and the Potemkin Village called “Cyber-Command” is to give any amount of money to the Department of Homeland Security (DHS) which is the lowest common denominator across the board. The fact is that the US Government is irrelevant to cyber-security–what expertise there is exists outside the government, and the government is the last to know anything, with nothing to contribute except hype and inflated printed money. Absent a non-violent revolution in governance, one that restores intelligence and integrity to the how of governance, what the US Government does in the cyber world is generally going to be part of the problem, not the solution.