CSIA Calls for Strategic National Information Assurance Policy
Paul Kurtz Testifies Before Two Congressional Committees; Highlights Need for a Holistic Government Approach to Cyber Security and Increased DHS Leadership
In testimony before the House Committee on Energy and Commerce’s Subcommittee on Telecommunications and the Internet, CSIA's Paul Kurtz highlighted the importance of our nation’s cyber systems, calling them the newest and most pervasive portion of our critical infrastructure, and discussed the federal government’s role in its protection. At the core of CSIA’s recommendations is the need for a Strategic National Information Assurance Policy that would outline the key roles that relevant government agencies should play in the protection of our cyber infrastructure.
|
"The government has shown little strategic direction... in ensuring our information infrastructure and the protection of the privacy of our citizens. This is baffling when one considers that nearly every service we use... is some way reliant on our digital infrastructure". |
|
| Testifying before the House Committee on Energy and Commerce's Subcommittee on Telecommunications and the Internet on cyber security issues are, from left: Mr. David Powner, United States Government Accountability Office; The Honorable George W. Foresman, United States Department of Homeland Security; Kenneth Moran, Federal Communications Commission (hidden); Mr. Vincent Weafer, Symantec Corporation; Paul Kurtz, CSIA; Mr. Larry Clinton, Internet Security Alliance | |
"No single entity owns our information infrastructure and no single government agency is solely responsible for its protection. While the Department of Homeland Security clearly plays a critical role, many other agencies share responsibility for the overall well being of our cyber systems," said Kurtz. "Yet the government has shown little strategic direction or leadership when it comes to ensuring the resiliency and integrity of our information infrastructure and the protection of the privacy of our citizens. This is baffling when one considers that nearly every service we use, from our communications and utility networks to our financial and medical systems, is in some way reliant upon our nation’s digital networks."
|
"Our digital systems are already under a daily assault... doing little to prevent or prepare for crises is simply irresponsible...." |
Kurtz gave more specific insight into the Department of Homeland Security’s (DHS) role in ensuring our national cyber security in a separate testimony before House Committee on Homeland Security’s Subcommittee on Economic Security, Infrastructure Protection and Cybersecurity. In these remarks, he discussed the specific responsibilities DHS has for safeguarding our nation’s cyber systems given its role as the focal point for infrastructure protection. He also noted the ways in which DHS is not living up to its responsibilities, including its lack of attention to the issue, the absence of DHS leadership in cyber security and the fact that there is no plan for preventing or minimizing a major cyber disaster and no strategy for working with the private sector to recover from a cyber disaster.
| Panelists continue the conversation
with Congressman Edward Markey (D-MA) |
"Clearly the Department of Homeland Security has focused its efforts on securing our physical well-being, and rightly so. Yet, by not addressing the threats to our cyber systems, the Department is inadvertently leaving our nation vulnerable to a new attack vector," said Kurtz. "Our digital systems are already under a daily assault and while we have not yet seen a major cyber catastrophe, doing little to prevent or prepare for one is simply irresponsible given our national reliance on these systems."
Kurtz specifically pointed to the need to fill the position of assistant secretary for cybersecurity and telecommunications, a post that has been empty for the 14 months since its creation. He also encouraged DHS to focus on a smaller set of priorities around preventing and/or minimizing a major cyber disaster and to articulate a clear chain-of-command between the government and private sector in the case of such an incident.
In both testimonies, Kurtz called out the need for a cyber early warning system that provides the nation with situational awareness of attacks. This mechanism would be similar to the National Oceanic and Atmospheric Administration’s (NOAA) National Hurricane Center, which can provide advance notice before a storm. While there are some similar warning mechanisms in place, we still are lacking a federally-supported, formal system that provides rapid, and clear indication that an attack is underway, and alerts all key stakeholders.