Skip to primary navigation Skip to content
Learn More About the CHIPS and Science Act
report a concern

Assessing Cybersecurity Activities at NIST and DHS

Date: Monday, July 27, 2009 Time: 02:00 PM Location: 2318 Rayburn House Office Building

Opening Statement By Chairman David Wu

Good afternoon. I want to welcome everyone to today’s hearing on the cybersecurity activities of the National Institute of Standards and Technology and the Department of Homeland Security. This is the third hearing the Science and Technology Committee has held on this critical issue.

The previous hearings discussed the research and development needs for improved cybersecurity and federal agencies’ responses to recommendations made in the Cyber Space Policy Review.
All of us, in both public and private sectors, rely on IT networks to manage everything from online bank accounts to the power grid. With this increased reliance on networks, we have become more sensitive to the security of these networks. To support cybersecurity efforts, the previous administration implemented an estimated $40 billion Comprehensive National Cybersecurity Initiative in January 2008.

This year alone, DHS and NIST have requested over $500 million for their cybersecurity efforts, with an additional $340 million requested for research through the Networking and Information Technology Research and Development Program. Even by government standards, almost $850 million is a lot of money.

Despite the substantial funding levels and many hours spent by federal employees on this issue, the assessment remains the same: our cybersecurity is poor.

The administration’s Cyber Space Policy Review reemphasized the recommendations made in previous reports: first, bolster cybersecurity operations protecting the federal network systems; second, improve interagency and private sector coordination; third, modernize the research agenda; and fourth, enhance public education on cybersecurity. This committee wants to wants to understand the impediments that have prevented similar recommendations from being successfully implemented in the past.

I believe one key recommendation made in the Cyber Space Policy Review is the need for objectives and metrics to accurately measure cybersecurity performance. The development of these metrics would provide a base from which we could improve program assessment, budgeting, research and development prioritization, and strategic planning.

This recommendation mirrors the subcommittee’s belief that agencies should be accountable for real-world outcomes, rather than outputs measured in terms of money spent, projects supported, and interagency meetings, which is how the agencies categorized their success at a subcommittee hearing last week.

As is generally the case, we have many recommendations, but the devil is in the details. I hope that in addition to making suggestions on this hearing’s issues, our witnesses can tell us what is required to implement their recommendations.
 

Witnesses

Panel

3 - Mr. Scott Charney
Corporate Vice President Trustworthy Computing Microsoft Trustworthy Computing Microsoft
Download the Witness Testimony

4 - Mr. Jim Harper
Director of Information Policy Studies Cato Institute Cato Institute
Download the Witness Testimony

1 - Mr. Gregory C. Wilshusen
Director Information Security Issues Government Accountability Office (GAO) Information Security Issues Government Accountability Office (GAO)
Download the Witness Testimony

2 - Mr. Mark Bregman
Executive Vice President and Chief Technology Officer Symantec Corporation Symantec Corporation
Download the Witness Testimony