Subcommittees Discuss Cybercrime and the Threat to American Citizens
(Washington, DC) – Today, the House Committee on Science, Space, and Technology’s Subcommittee on Oversight and Subcommittee on Research and Technology held a joint hearing to discuss the growing issue of cybercrime and the real threat it presents to American citizens’ privacy and security. This hearing follows a number of major cyber-crime incidents that have impacted American businesses and the financial security and personal privacy of U.S. citizens.
Testifying before the Committee were Dr. Charles H. Romine, Director of Information Technology Laboratory at the National Institute of Standards and Technology (NIST); Mr. Bob Russo, General Manager at Payment Card Industry Security Standards Council, LLC; Mr. Randy Vanderhoof, Executive Director of Smart Card Alliance; Mr. Justin Brookman, Director of Consumer Privacy at the Center for Democracy & Technology; Mr. Steven Chabinsky, Senior Vice President of Legal Affairs at CrowdStrike, Inc. and Former Deputy Assistant Director, Federal Bureau of Investigation – Cyber Division.
Subcommittee on Research and Technology Ranking Member Dan Lipinski (D-IL) said in his prepared statement, “Simply put, cybercrime threatens businesses of all sizes and every single American. As such, reducing our risk and improving the security of cyberspace will take the collective effort of both the Federal Government and the private sector, as well as scientists, engineers, and the general public.”
Other members and the witness panel also agreed that prevention of cybercrime requires cooperation between the private sector, state governments, and Federal agencies.
Subcommittee on Oversight Ranking Member Dan Maffei (D-NY) pointed out in his prepared statement that only 11.1 percent of the Payment Card Industry (PCI) was fully compliant with industry’s own Data Security Standard in 2013 and that a holistic approach to cyber-security is needed. This was a 50 percent decline in the payment card industry’s compliance rate since 2009. “It is unclear why the application of these industry-endorsed standards has declined but it is a troubling trend,” said Mr. Maffei. “This is particularly troubling since even the PCI Security Standards Council has said that they have seen a correlation between successful cyber-attacks and the lack of compliance with its standards. We need to figure out a way to either incentivize industry to act or to mandate a requirement that they must act.”
Mr. Brookman of the Center for Democracy & Technology highlighted the fact that commercial companies are acquiring more and more data about consumers all the time and that consumers have little insight into how this data is collected or used, who it is sold to and how long it is retained. He suggested that any efforts to address cyber-security should also address consumer privacy. “A baseline data privacy law would require companies to collect only as much personal information as necessary, be clear about with whom they’re sharing information, and expunge information after it is no longer needed.”
Related Content
Next Article Previous Article