The House Energy and Commerce Committee has updated their hearing web site with additional information about tomorrow’s hearing on Cyber Threats and Security Solutions. Copies of witness testimony have been posted to the site.
The testimony of Dave McCurdy, President and CEO, American Gas Association, will be of particular interest to the cybersecurity community and the pipeline security community. He provides an interesting summary of the various programs that help the pipeline industry identify cybersecurity issues and techniques for dealing with those issues. Since a great deal of the industry’s cyber portfolio deals with control systems over hundreds of thousands of miles of pipelines, McCurdy’s testimony is mainly about control system security issues.
You would expect that the testimony from a former head of the CIA, R. James Woolsey, would focus on intelligence issues related to cyber security. Unfortunately, Woolsey’s testimony is a one-trick-pony-show about the threat of electromagnetic pulse (EMP) attacks. I’ll admit that the consequences of an EMP event (natural or man-made) is a potentially catastrophic cyber-problem on a very large scale, but this does not seem to be the place to do more than mention the threat in passing.
Former Directory of National Intelligence (DNI) McConnell does address intelligence and information sharing issues in his testimony. He introduces a new and very scary term “suicide cyber attacks”, fortunately he doesn’t provide a definition of the term that lives up to the scare value of its source term, suicide bomber. How you get the blind acceptance of a sure death linked up with the intellectual curiosity necessary for cyber-attacks is completely ignored.
It looks like the remainder of the nine-member witness panel will be dealing with IT security issues. I’m not belittling those concerns, there are very many more IT computers out there, but I will leave coverage of their testimony for other bloggers.