Subcommittees Discuss Cybersecurity R&D to Prepare for Legislation
(Washington, DC) - – Today the House Committee on Science, Space, and Technology’s Subcommittees on Technology and Research held a joint hearing to review cybersecurity research and development (R&D) efforts. Specifically, the hearing examined how current federal efforts align with current and emerging threats. Witnesses included Mr. Michael Barrett, the Chief Information Security Officer at Paypal; Dr. Fred Chang, President and Chief Operating Officer of 21CT, a small technology company; and Ms. Terry Benzel, Deputy Director of Cyber Networks and Cybersecurity at the University of Southern California Information Sciences Institute. The hearing also reviewed H.R. 756, the Cybersecurity Enhancement Act of 2013.
Ranking Member of the Research Subcommittee Dan Lipinski (D-IL) said, “Cybercrime threatens our national security, our critical infrastructure, businesses of all sizes, and every single American. As such, reducing our risk and improving the security of cyberspace will take the collective effort of the federal government and the private sector, as well as scientists, engineers, and the general public.”
H.R. 756 is identical to the Cybersecurity Act of 2012 which passed the House by a vote of 395-10 and similar to the Cybersecurity Act of 2010 which passed the House by a vote of 422-5. Neither bill was taken up by the Senate. H.R. 756 would, among other things, require federal agencies to create a strategic plan guiding the overall direction of federal cybersecurity research and development (R&D); reauthorize cybersecurity research at the National Science Foundation (NSF) and the National Institute of Standards and Technology (NIST) ; authorize scholarships for students in the cybersecurity field in exchange for federal government service; require NIST to coordinate an interagency cybersecurity awareness and education program; and require the creation of a university-industry task force to increase collaboration between the public and private sectors on cybersecurity R&D.
Witnesses and Democratic Members emphasized the important role that the federal government plays in cybersecurity R&D. They also discussed the importance of public-private partnerships in transitioning technologies from the lab to the marketplace, the need to educate and train the next generation of cybersecurity professionals, and the significance of developing metrics and other measures to characterize the risk of cybersecurity as well as the progress being made to increase the security of the nation’s networks and critical infrastructure.
Mr. Lipinski defended the role of social science research has in cybersecurity. He said, “People are perhaps the most significant part of our IT infrastructure, but they are also the ‘weakest link.’ Many cyber attacks are successful because of human error – bad cyber hygiene – such as unwittingly opening a malicious email. Having the most sophisticated security systems available won’t make any difference if users don’t change factory-set default passwords or they set easy to crack passwords. Understanding the human element and educating users to practice good cyber hygiene is necessary to combating threats and reducing risk.”
Democratic Members also emphasized the negative impact sequestration will have on the federal government’s cybersecurity efforts.
Ranking Member of the Technology Subcommittee Frederica Wilson (D-FL) said, “In a letter to appropriators, the National Science Foundation indicated that ‘vital investments in research and development would be jeopardized’ and that one of the areas that could be impacted by sequestration is research into advances in cybersecurity. The Department of Homeland Security’s Science and Technology Directorate also plays a large role in the development and deployment of cybersecurity technologies. The Directorate has indicated that under sequestration they will have to cut their cybersecurity research by 30 percent, eliminating research in data privacy, identity management, cybersecurity forensics, and security for cloud based systems. The need to invest in research and development is critical as cyber threats continue to grow and evolve. I hope we will not let sequestration delay and derail these essential investments.”
Related Content
Next Article Previous Article