Rep. Frank Pallone (D-N.J.), ranking member of the Energy & Commerce Committee, had a bone to pick with the Republican leadership over the witness list for Tuesday's hearing on wireless broadband cybersecurity. He said the Democrats had tried to invite another cybersecurity expert to testify and help them better understand the threats to the country like the Russian hacking. But he said the Republicans "made up arbitrary and partisan reasons to effectively block us. These games have to stop because these issues are just too serious to be playing politics with our national security," he said.
Pallone said Democrats had also introduced three cybersecurity bills three months ago with no action from the majority on any of them.
But the subcommittee heard plenty from the witnesses that are "major vulnerabilities" in wireless security that "we have reason to be concerned about."
Symantec director of government affairs Bill Wright said that people need to start treating their smartphones like computers rather than phones, particularly in terms of protecting the information they contain.
He said that only a quarter of people even use the security functions they have on their smartphones. He said that if there is a way to steal and monetized data, hackers will find it.
Virginia Tech professor Charles Clancy said a social, mobile internet has fundamentally changed the nature of traffic over the internet, as well as the nature of the threat. He said the Internet of Things would be another "titanic shift" given that it could increase the number of devices connected to the internet by 20 billion. The Internet of Things was the subject of a nearly contemporaneous hearing in the Communications Subcommittee Tuesday.
Clancy said security components are being built into the new 5G infrastructure, learning from the mistakes of 4G and 3G.
Asked how susceptible IoT devices were to ransomware attacks, Clancy said they had done a research project where a smart TV was "hacked and ransomwared." One problem with IoT devices, he said, was that most could not be patched after they were distributed.
Kiersten Todt, managing partner of Liberty Group Ventures, said that mobile devices "are an attack vector that cannot be ignored."
But she said that mobility does not have to be at odds with security and essentially can't be since they are now the "access points" of both work and personal lives.
Todt said that the CIO of Intel said that they wanted "regulations and standards around IoT devices." She said the idea of building security in must be a priority. She said that industry and government need to collaborate on standards.
The witnesses agreed that the National Institute of Standards and Technology (NIST) cybersecurity framework is a good place to start for discussions around standards.
Rep. Anna Eshoo (D-Calif.), who represents Silicon Valley, says that the government needs to concentrate on prevention, which is cyber hygiene and consistent security management, saying she planned to introduce legislation addressing both of those. Eshoo said that while it was great to take steps after something has happened, it was better to prevent it, including a set of company best practices.
Rep. John Shimkus (R-Ill.) called it an arms race in which technology moves faster than they can regulate, "hence it [that technology] is very successful." He asked whether government standards might instead slow up the ability of expansion of applications and suggested security was a marketable value-added for the private sector, and something that could drive it in the marketplace.