Hearing Report - Joint Hearing Senate Homeland Security Committee & Commerce, Science & Transportation The Cyber Security Partnership Between the Private Sector and Our Government: Protecting Our National and Economic Security - 3/7/13
Opening Statement - Senate Homeland Security Committee Chairman Thomas Carper
Opening Statement - Senate Commerce, Science & Transportation Committee Chairman John (Jay) Rockefeller
Witness Testimony - The Honorable Janet Napolitano, Secretary, U.S. Department of Homeland Security
Witness Testimony - Patrick D. Gallagher, Under Secretary for Standards and Technology, U.S. Department of Commerce
Witness Testimony - Gregory Wilshusen, Director, Information Security Issues, United States Government Accountability Office
Witness Testimony - David Kepler, Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President, Dow Chemical Company
The Cyber Security Partnership Between the Private Sector and Our Government: Protecting our National and Economic Security
Senators at the hearing:
Rockefeller, Coburn, Warner, Cowan, Warner, Thune, Ayotte, Carper, Johnson, (WI), Blumenthal, Nelson, Schatz, Klobuchar, Fischer, Baldwin, and Pryor.
The joint Commerce and Homeland Security and Governmental Affairs hearing explored the recent Executive Order and the gaps needed to be filled for an effective comprehensive cyber security program. Sen. Rockefeller, Commerce Committee chairman, wants the Senate to draft and enact comprehensive cyber security legislation this Congress. He said, “the Executive Order (EO) takes important steps but not enough because it needs law to strengthen its effect. Sen. Carper, HSGAC chairman, described the “growing threat we face” from “cyber thieves,” who are stealing intellectual property. Theft that Sen. Coburn estimated, (HSGAC ranking) at “$400 billion annually in intellectual property loss.” Sen. Thune, Commerce Committee ranking), said that intellectual property theft cannot be left unchecked, and that “we must strengthen the partnership between the private sector and the government.”
There was little disagreement among the Senators. Sen. Coburn was critical of OMB’s failure to release a report on the Federal Information Security Management Act (FISMA) before today’s hearing. He believes the report would show that the federal government does not do a good job with information sharing, one of the key features of the EO and a central issue at today’s hearing.
Sec. Napolitano highlighted the central tenets of the EO, but said comprehensive legislation is needed as well. Particularly, to protect privacy and civil liberties, assist in real time information sharing, and to give DHS a higher authority equivalent to that at NSA. Under Secretary Gallagher described the EO’s cyber framework provision and the National Institute of Standards and Technology (NIST) role as convener to bring the private sector and government together to lead development of cyber practices to reduce cyber risks to critical infrastructure.
As for the nuclear industry’s concern with cyber legislation creating a dual regulatory regime with NRC and DHS, Sen. Thune’s line of questioning addressed DHS’s role to set “performance goals” as directed by the EO, and asked how DHS would ensure those goals are “reasonably attainable?” Sec. Napolitano answered that “we already do this, our aim is to set performance goals and NIST will determine how those goals are reached.” Under Secretary Gallagher said that the starting point is that industry and the critical infrastructure sector put the cyber security framework together themselves. Sen. Thune asked Gallagher, what’s the threshold for sufficient input from the private sector for this framework, and he answered “we anticipate an enormous in surge of participation.