CybersecurityNapolitano testifies on cybersecurity executive order

Two Senate panels questioned DHS Secretary Janet Napolitano yesterday at a hearing on President Obama’s cybersecurity executive order and what issues need to be addressed in cyber legislation.

Cybersecurity has become a hot topic recently, as information emerged about a series of cyber attacks by  on U.S. Banks, Microsoft, theNew York Times, the Wall Street Journal, Bloomberg, and many other companies. A detailed expert report confirmed that these attacks, and others, were the work of operatives working for china’s military intelligence services (see “Chinese government orchestrates cyberattacks on U.S.: experts,” HSNW, 19 February 2013).

The Hill reports that these attacks now have lawmakers concerned about a more destructive attacks on water systems, financial institutions, transportation, utilities, and other critical infrastructure.

Senate Homeland Security Committee chairman Tom Carper (D-Delaware) said that “a true partnership” between Congress, the federal government, and the cyber industry will be needed in order for a broad cybersecurity legislation to be passed this year..

“While I commend the president for issuing this very important order [Obama’s 16 February cybersecurity executive order] , there was only so much he could do using the authorities granted to him under existing law. Those authorities are simply not enough to get the job done,” Carper told theHill. “Now is the time to begin the process of gathering input from the administration and a broad array of stakeholders in order to ascertain what Congress needs to do to build on the executive order that the president has promulgated.”

The Hill notes that yesterday’s hearing is just one of the  steps Carper is taking in the process of examining  how the country can protect itself from cyber attacks. In addition to questioning Napolitano, Carper wants to find out more about what the executive order entails and what Congress can do to support the order’s measures.

Patrick Gallagher, under secretary of commerce for standards andtTechnology, also testified before the committees, describing how the executive order instructs the Commerce Department’s National Institute of Standards and Technology (NIST) in  drafting a framework of cybersecurity practices for important infrastructure (see “RFI for cybersecurity framework for critical infrastructure,” HSNW, 1 March 2013).

“The cybersecurity challenge facing critical infrastructure is greater than it ever has been. The president’s executive order reflects this reality, and lays out an ambitious agenda founded on active collaboration between the public and private sectors,” Gallagher said in his  testimony. “NIST is mindful of the weighty responsibilities with which we have been charged by President Obama, and we are committed to listening to, and working actively with, critical infrastructure owners and operators to develop a cybersecurity framework.”

Senate Commerce Committee chairman Jay Rockefeller (D-West Virginia) said in a statement that the threat of a cyber attack is higher than ever, especially since the Congress failed to pass any cybersecurity legislation last year. “We simply cannot afford to wait any longer to adequately protect ourselves.” Rockefeller said in his statement.

Gregory Wilshusen, director of information security issues at the Government Accountability Office, and Dow Chemical Company Chief Information Security Officer David Kepler, also testified.