Modernizing Authentication — What It Takes to Transform Secure Access
Date: 12/14/2017 @ 1 p.m. ET
A House subcommittee did something about cybersecurity Wednesday: it issued a new organizational chart. On it, responsibility for protecting the nation's electronic infrastructure gets a promotion at the Department of Homeland Security (DHS).
The panel also said there wasn't a lot it could do beyond that.
"The majority of our nation's critical technology infrastructure is outside of federal control," Rep. Dan Lungren (R-Calif.) said, noting in a statement that 85 percent of the system is in private hands.
What the government can do, he said, is elevate the importance of cybersecurity by giving it equal billing with physical security at the DHS. To that end, the panel approved legislation to create an assistant secretary of cybersecurity post at the DHS.
Under the Cybersecurity Enhancement Act of 2005 (H.R. 285), the assistant secretary will have authority for all cybersecurity-related critical infrastructure protection programs of the DHS. The bill now goes to the House Homeland Security Committee.
Currently, cybersecurity is coordinated at DHS by the director of the National Cyber Security Division, which resides in the department's Infrastructure Protection Directorate.
"America needs an Assistant Secretary leading the cybersecurity charge to meet the growing public administration, resource and policy challenges related to cybersecurity, Harris Miller, president of the Information Technology Association of America, told the panel.
Miller added, "The owners and operators of [networks] must be able to look to a single senior individual within the government, with effective influence and budget authority, to coordinate collaborative efforts across sectors and with state and local governments."
Lungren, chairman of the Subcommittee on Economic Security, Infrastructure Protection and Cybersecurity, also said determining the likelihood or potential costs of hostile digital attacks is difficult.
"There are no standard methodologies for cost measurement," he said.
Lungren said 2003 loss estimates from worms and viruses reached $13 billion and ranged up to $226 billion for all forms of overt attacks.
"Although accidental, the blackout of August 2003 may have cost about $6 [billion] to $10 billion for the entire U.S. economy alone," Lungren said. "An attack on the financial services sector or the stock market could have incalculable long-term economic repercussions for our nation's financial security."
The Cybersecurity Enhancement Act is the second attempt by the House to create an assistant secretary position at the DHS. Last year, the House authorized the same legislation in an intelligence reform bill, but it failed to make the final cut approved by Congress and signed by President Bush.