Rep. Dan Lungren (R-CA), ranking member on the House Committee on Homeland Security subcommittee on cybersecurity threats, says the U.S. is not close to having a robust defense against cyber attacks, and that both the public and the private sector need to be enlisted in that effort.
"We all understand we have a long way to go on this," he said.
In an interview for C-SPAN's The Communicators, Lungren said it is a continuing threat that the public and Congress are only intermittently focused on.
Lungren said that the threat ranges from hackers to organized crime to nation states. "The very strength of the cyber world is its vulnerability," he said, adding that educating the country, business as well as the public, is key. "We need a cybersecurity Smokey the Bear," he said. Smokey is arguably the best known product of the Ad Council, the private, non-profit organization that matches ad industry talent with donated media time and space for a rang of public service campaigns.
He said the real challenge is to come up with a set of standards by which Congerss, suggests, and in some cases requires, the private sector to "involve themselves" in infratructure protections. He said most of the ideas will come from the private sector, but that the government needs to help them make those protections "part of the bottom line, perhaps as tax incentives, or a set of security standards that if they are met and still breached, the company could have immunity against civil liability. That would be a tremendous incentive," Lungren said.
"The challenge is, in some cases, that if the threat is small, that is we don't have good evidence that anyone is particualrly going after your buseinss or sector...but the potential consequence is great if they did, how do you get someone who is making decisions, knowing that they owe a fiduciary responsibility to the shareholders, make that part of the bottom line. In some cases government has to guide that."
But he also warned that government has to be careful not to say: "We know best," and impose a system that will be leapfrogged by technology, but instead find a way to get cooperation out of both the private and public sectors.
The National Cable 7 Telecommunications Association is on the same page. In comments to the FCC on the national broadband plan, NCTA said that the government needs to afford cable operators the flexibility to respond to threats. "Network providers widely agree that the ability to deploy innovative tools to combat cyber threats, as part of comprehensive, coordinated public/private sector efforts, is a critical part of securing and safeguarding the nation's broadband future, and should be incorporated into the commission's national broadband plan," NCTA said. NCTA President Kyle McSlarrow is a member of the President's National Security & Telecommunications Advisory Committee.
As part of the FCC's broadband plan, the commission proposed a number of cybersecurity measures, beginning with issuing a "roadmap" by this fall--in cooperation with the executive branch-- that identifies the five key threats, then coming up with a two-year plan for addressing them.
The FCC has also proposed a standards regime similar to the one Lungren was suggesting, creating a voluntary cybersecurity certification program that "creates market incentives for communications service providers to upgrade their network cybersecurity."