House Science and Technology Committee Starts Hearings on Cybersecurity

By David Bruggeman
June 11, 2009

On June 10 the Research and Science Education subcommittee of the House Science and Technology Committee held a hearing on cybersecurity. This is the first of three planned hearings prompted by the Obama Administration’s recent cybersecurity review. On June 16 the Research and Science Education subcommittee will hold a hearing with the Technology and Innovation subcommittee on the Administration’s review, and on June 25, the Technology and Innovation subcommittee will hold a hearing focusing on efforts at the Department of Homeland Security and the National Institute of Standards and Technology.

The witnesses for the June 10 hearing were:

    Seymour Goodman – professor of international affairs and computing, and co-director, Information Security Center and Center for International Strategy, Technology and Policy, Georgia Institute of Technology

    Liesyl Franz – vice president, Information Security and Global Public Policy, TechAmerica

    Anita D’Amico – director, Secure Decisions Division, Applied Visions

    Fred Schneider – professor of computer science, Department of Computer Science, Cornell University

    Timothy Brown – vice president and chief architect, CA Security Management

Both Drs. Goodman and Schneider are members of USACM.

You can access the webcast and related hearing materials. online.

The testimony focused almost exclusively on the social components of cybersecurity, including the need for new and different kinds of education for practitioners and consumers. In terms of educating practitioners, the Scholarship for Service program was singled out as especially helpful, and one Representative suggested that community colleges could be better used in training cybersecurity professionals. Other issues highlighted by the witnesses included the incentive structures needed to better share information with the public, as well as the transfer of knowledge and technology from the bench to the field. At least two of the witnesses explicitly mentioned using social science knowledge to better understand online behaviors and vulnerabilities. Taking in the testimony of the entire panel, along with the question and answer session, and it seems that all stakeholders involved could do more to communicate and share information with others.

One of the few technology-specific concerns addressed in this hearing was highlighted by Dr. Goodman. He expressed his concerns that the increasing use of telephony presents a new target for those who would exploit cybersecurity weaknesses. In other words, expect phishing schemes and viruses to target smartphones and other mobile devices as much, or more, than they currently do computers. Fortunately, the operating system environment for telephones is more diverse than in computing making it harder for attacks or bugs to spread to many devices.

In addition to this series of hearings and the 60-day cybersecurity review, there is legislation in the Senate on cybersecurity. As it’s not yet passed the Senate, it wasn’t a particular focus of this hearing. But the provisions of the bill, particularly those providing the government significant authority to intervene in the operation of the Internet, will likely influence further policy action in this area.