At a U.S. Senate committee hearing held Thursday, government officials debated which government body should take the lead in protecting the nation’s critical IT infrastructure, while members of the technology industry stressed willingness to get involved, with some conditions.
The terrorist acts of Sept. 11 have awoken Congress to the fact that the country is vulnerable to cyberattacks, particularly because the U.S. government, commerce, economy, and communications have become so dependent on information technology and the Internet. With that has come the realization that protecting the nation’s IT infrastructure involves so many government agencies – and the private sector, since that’s where much of the dependency on and expertise in technology lies – that no one really knows who is accountable.
“Do we have a lead dog in the federal government that leads the war against cyberterrorism?” asked Sen. Max Cleland, a Democrat from Georgia, during the hearing held by the Senate Committee on Governmental Affairs.
The hearing’s first panel of witnesses, comprised of representatives from the U.S. Federal Bureau of Investigation’s National Infrastructure Protection Center (NIPC), the U.S. Department of Commerce’s Critical Infrastructure Assurance Office (CIAO), and the U.S. General Services Administration’s Federal Computer Incident Response Center, all said that person is Richard Clarke, national coordinator for security, infrastructure protection, and counter-terrorism with the U.S. National Security Council.
However, CIAO director John Tritak said that is likely to change under the current administration and in light of the importance now placed on homeland security.
“No matter who’s in charge, the key to success is building interagency cooperation that includes the private sector,” added Ronald Dick, director of the NIPC.
That theme ran through the hearing as senators polled industry representatives for their input regarding infrastructure protection. Joseph Nacchio, chairman and chief executive officer (CEO) of Qwest Communications International Inc., suggested that the government establish security benchmarks and best-practice requirements for industries and increase penalties associated with cybercrimes such as hacking.
Most importantly, Nacchio said that the government must remove the threat of companies violating antitrust laws when they come together to share information in the name of protecting critical infrastructure.
“Congress should remove the perceived barriers to information sharing (so that companies can) collaborate without the threat of antitrust,” he said.
Another witness, Senior Policy Analyst Frank Cilluffo from the Center for Strategic and International Studies, added that curtailing use of the Freedom of Information Act would help companies share with the government proprietary information regarding security without the threat of exposing competitive information.
Technology companies have a lot of experience defending their own critical infrastructure, since they must keep their businesses running in order to meet their customer and shareholder demands. Given the right protection, companies could pool their experience for the greater good of national security.
“In the private sector we take care of ourselves… we’re kind of a nation-state defending our cyber and physical infrastructure,” Nacchio said. “We’re willing to share that, as long as it doesn’t get into the hands of the bad guys.”
The Senate Committee on Governmental Affairs is at http://www.house.gov/~gov-affairs/.