Langevin Makes Another Go at Cybersecurity

Congressman Jim Langevin, who has made cybersecurity a signature issue, is making another go at reform. From DC publication The Hill:

Rep. Jim Langevin (D-R.I.) unveiled a comprehensive cybersecurity bill on Wednesday that would give the Department of Homeland Security the authority to regulate the security of private networks deemed part of the nation's critical infrastructure.

"Our nation sits at a crucial moment, where cyber attacks are common, but have not yet significantly impacted or endangered the American way of life," Langevin said. "As the Director of the CIA said at a hearing last month, 'This is the battleground for the future.'"

The bill would give DHS the authority to create an enforcement risk-based security standards for utility firms, financial institutions and other private networks deemed crucial to the nation's physical and economic security. The approach appears similar to the cybersecurity bill championed by the Senate Homeland Security Committee in recent years.

Langevin introduced his legislation the same day as a House Committee on Homeland Security hearing examining the cyber threat to the nation's economy. Obama administration officials and experts emphasized in their testimony the gravity of the threat facing U.S. networks. 

Center for Strategic and International Studies director James Lewis used his opening statement to outline a series of serious cybersecurity breaches impacting major institutions globally over the past year as evidence that information sharing, public-private partnerships and self-regulation have failed to achieve the necessary results.

"This is not a record of success. Whatever we are doing is not working," Lewis said.

"Cybersecurity is another of those situations in American history, ranging from Pearl Harbor to 9/11, where we knew there was risk and that we were unprepared, but assumed it would never happen because America is too powerful or too big to attack."

Lewis said the idea that a private sector partnership is essential for any cybersecurity plan is false, comparing the notion to putting private airlines in charge of defending the nation's skies instead of the Air Force. He said voluntary actions would simply not be enough to combat professional, state-supported hackers.

U.S. Cyber Command under the leadership of National Security Agency chief Gen. Keith Alexander is currently responsible for safeguarding the nation's military networks from cyber attacks. The White House's plan separates military and civilian cybersecurity, a structure Lewis called ineffective.

"This is a recipe for disaster. There is no other area of national security where we rely on voluntary action reinforced by incentives," Lewis said.

Instead, he said any effective national cybersecurity defense must be reinforced by all available military and intelliegence assets along with flexible regulation of critical infrastructures and Internet service providers.

"We have a real opportunity in the next two years to improve our cyber defense," Lewis said. "Doing this will require leaving old ideas behind, even though many will still advocate them, and moving to a new, comprehensive approach to cybersecurity that treats it as a major component of national defense and homeland security."

DHS deputy under secretary Phillip Reitinger outlined a series of collaborations between his agency and private firms aimed at boosting the security of critical infrastructure networks and argued DHS is the natural choice to oversee private sector cybersecurity.

"Within current legal authorities, DHS engages with the private sector on a voluntary basis," Reitinger said in his prepared remarks. The agency is currently working with private firms that actively seek the government's help and expertise.

Langevin's bill would give DHS the authority to compel private firms deemed part of the critical infrastructure to comply with federal security standards, though the agency would still seek to coordinate with private firms rather than mandate standards.

The approach could draw criticism from the House GOP, which has previously shown a preference for putting the military in charge of all cybersecurity matters.


| More

 Friends' Activity   Popular 
All Blogs
Follow the Phoenix
  • newsletter
  • twitter
  • facebook
  • youtube
  • rss
Latest Comments
Search Blogs
Not For Nothing Archives