Funding still an issue when it comes to cybersecurity

Industry experts are concerned that the federal government does not have the resources to combat cyberthreats.

"Most of these agencies are really underfunded, particularly when you compare them to their commercial counterparts," Telos CEO John Wood told FCW after testifying at a hearing held by two subcommittees of the House Science, Space and Technology Committee on Jan. 8.

Rep. Barbara Comstock (R-Va.), chairwoman of the Research and Technology Subcommittee, told FCW that she wants to explore ways to improve, but it will take time.

"You have to innovate or die on this field," she said. "So we have to constantly be innovating. That means we'll also have to be adapting our legislation."

Congress included the Cybersecurity Information Sharing Act of 2015 in the omnibus appropriations package passed late last year. Under the act, companies are expected to share more cyberthreat information with law enforcement agencies. The law also includes provisions to improve the security of federal networks and information systems.

During the hearing, participants agreed that the government's information-sharing culture has changed for the better, but much work remains, including better educating the public and lawmakers. In addition, some experts question whether the cybersecurity act is enough to deal with the current threat environment.

Larry Clinton, president and CEO of the Internet Security Alliance, told lawmakers that the government must invest more in cybersecurity and act with greater urgency.

"Government needs to follow the private sector's lead," he said, adding that top policymakers must be better educated about cybersecurity. "Now more and more, the senior administration officials are understanding that cybersecurity is not just for the IT department."

The panelists' other recommendations included stimulating the cyber insurance market, providing benefits and opportunities for smaller companies, fostering a "zero trust" computing environment, and developing innovative workforce development programs.

"We can't protect against all [cyberattacks], so what systems do we have in place to quickly innovate and change and attack any new threats that we see?" Comstock asked. She added that she expects to hold more discussions on the topic this year.