Experts urge prioritizing IT security, working with the private sector.
National security experts urged the House Armed Services Terrorism Subcommittee on Tuesday to push for heightened attention to cybersecurity vulnerabilities across the federal government and on the international front in the remaining months of the Bush administration and early in the next president's term.
Comment on this article in The Forum.Franklin Kramer, a research fellow at the National Defense University's Center for Technology and National Security Policy, told lawmakers that the White House should create a high-level organization, similar to the Council of Economic Advisers, which would examine cyber-threats while making recommendations for protections and working with the private sector.
In anticipation of the upcoming presidential transition, the Center for Strategic and International Studies established a nonpartisan commission to develop recommendations for the new administration, said James Lewis, who directs the think tank's Technology and Public Policy Program. He said much can be done by President Bush but "much will be left unfinished."
"Where we are on cyber is like where we were in the early 1970s with respect to the environment," Kramer said. The government knows there is a problem percolating but does not know how it should be handled.
He called for "a differentiated security approach" to high-tech threats. "Cyber isn't just national. It's national integrated into the international arena," he said.
To begin to truly protect government networks, officials must "do what you already know how to do" because many existing federal cybersecurity practices are not being utilized by agencies, said Seymour Goodman, who chaired a National Research Council cybersecurity committee. IT administrators can then learn how to be more secure, he said, noting that the effort will "require substantial and sustained investments in research."
Terrorism Subcommittee Chairman Adam Smith, D-Wash., said current cybersecurity efforts are not working because "networks throughout the military are violated on a daily basis." Sometimes those intrusions are harmless but sometimes they are not, he said. The challenge ahead is not just a technological one, Smith added. The U.S. military needs to figure out "how to get the best and brightest people working on our systems," he said.
A holistic approach to cybersecurity is critical, Terrorism Subcommittee ranking member Mac Thornberry, R-Texas, said. "Cyber issues are indicative of future issues we'll all face," and do not apply only to military operations. When it comes to securing government systems, "our job is to determine where we are, why it matters, what direction it's moving and what to do about it."