WASHINGTON, DC - The Subcommittee on Oversight and Investigations, chaired by Rep. Tim Murphy (R-PA), today held the first of a series of hearings on cybersecurity and the broader implications for businesses and consumers in today’s 21st Century economy. Today’s hearing provided an overview of the issue, focusing on the history, evolution, and future of cybersecurity.
“These are big, important issues, so it is imperative that we establish a clear understanding of the issues we face," said Chairman Murphy. “So, today, we are going to do something a little different. We are not here to examine a specific cybersecurity incident, policy issue or legislative proposal. Today, we are going to take a step back and explore some fundamental questions. Why does the cyber threat exist? Is it something that can be solved? And what does this mean for the future?"
Herbert Lin, Senior Research Scholar for the Hoover Institution at Stanford University, explained the fundamental challenges of cybersecurity, especially as society becomes more reliant on the Internet. “It’s true that over time we have gotten better at cybersecurity-that’s the bottom line. But the top line - how much we depend on cyberspace - has grown even faster, and with that growing dependence the threats have grown commensurately," said Lin. He argued that the only way to eliminate all cyber security problems is to stop using information technologies, noting, “Cybersecurity is a never-ending battle, and a permanently decisive solution to the problem will not be found in the foreseeable future. Thus, the public policy question is not how the cybersecurity problem can be solved, but rather how it can be managed at an acceptable cost in dollars and effort expended by the various stakeholder parties who have something to lose."
Richard Bejtlich, Chief Security Strategist at FireEye, provided insight into the breadth and scope of cyber risks and emerging threats and trends. “Serious intruders target more than government, defense, and financial victims. No sector is immune," said Bejtlich. FireEye recently published reports showing that 96 percent of the organizations observed suffered compromises during two six-month periods. “Criminal groups appear to steal data for financial gain, while nation-state hackers may steal data to improve the healthcare systems of their own countries, or to support national commercial champions," added Bejtlich.
Greg Shannon, Chief Scientist for the CERT Division at the Carnegie Mellon University Software Engineering Institute, described the future of cybersecurity, where technological innovation is headed and what actions society must take to create a secure foundation for future technology. “When discussing cyber security-past, present or future-it is important to understand the four mainstays of cyber technology and innovation: trust, people, efficiency, and measured outcomes. Innovation and the adoption of new technologies must take into account those four pillars," said Shannon. To maintain a strong 21st Century Internet economy over the long-term, Shannon asserted, “Our nation needs a coordinated and integrated cybersecurity strategy to build trust between public and private entities and thwart our capable cyber adversaries. Cyber innovation and research need to address the threat in a more holistic manner."
“As the Internet and information technology become increasingly entwined in our daily routines, cyberspace becomes a limitless and adaptive attack surface. The security challenges will be more diverse and harder predict. And the consequences will be more severe. We may not be able to secure cyberspace but it is our collective responsibility to understand the threat in order to minimize its effect on our privacy, civil liberties, national security and economic prosperity," added Murphy.
Full committee Chairman Fred Upton (R-MI) concluded, “Cyberspace has been, and will continue to be, an engine of economic, social, and cultural opportunity. We need to understand the nature and scope of the threat to the security of information in cyberspace, and develop an understanding of how to address these threats without jeopardizing the fundamental benefits that cyberspace provides. This hearing is just the beginning as our work continues."
