Cybersecurity Week Update

In my blog post on Sunday night I noted that this was going to be Cybersecurity Week in the House, but there were some holes in the details. I’d like to fill in some of those now. The witness list is now available for today’s ‘America is Under Cyber Attack’ hearing and the date has now been set for the Rules Committee hearing for HR 3523, CISPA.

Witness List

The witnesses scheduled to appear before the Subcommittee on Oversight, Investigations, and Management hearing today are:

• Mr. Shawn Henry; Former Executive Assistant Director; Criminal, Cyber, Response, and Services Branch; Federal Bureau of Investigation;

• Mr. James Lewis; Director and Senior Fellow; Technology and Public Policy Program; Center for Strategic and International Studies;

• Mr. Gregory C. Wilshusen; Director; Information Security Issues; Government Accountability Office;

• Mr. Stuart McClure; Chief Technology Officer: McAfee; and

• Dr. Stephen E. Flynn; Founding Co-Director; George J. Kostas Research Institute for Homeland Security; Northeastern University.

You’ll note that none of these witnesses are active members of the intelligence community so there is almost no chance that we are going to hear any information about any actual recent attacks on critical infrastructure. To be fair even if there were cybersecurity analysts from NSA, CIA and the FBI testifying such information would not be disclosed in an open hearing; that information is all classified.

No, this will be a ‘the house is on fire we have to do something’ hearing filled with anecdotal evidence or vague descriptions of not so recent attacks. I do suspect that we will hear at least one report about attacks on the electrical grid, which will be kind of silly because none of the bills to be considered this week address any control system security issues.

A real hearing on this issue; one attempting to understand the real nature of the threat; would have to be conducted behind closed doors. It certainly would not provide any real publicity for the passage the cybersecurity bills to be voted upon later this week. While legally unlikely, it would be nice, just once, to hear a witness, a CIO or cybersecurity officer from a private company, testify about a recent actual attack on their system and what it actually cost them in terms of time, money and reputation.

HR 3523 Rule Hearing

The House Rules Committee has set Wednesday afternoon at 3:00 pm EDT as the time for their hearing to approve the rule for the consideration of HR 3523, Cyber Intelligence Sharing and Protection Act. As I mentioned in Sunday’s blog post, amendments to be considered at the hearing will need to be submitted by this afternoon.

Two proposed amendments are already listed on the Committee web site. They are:

• Rep. Paulsen (R,MN), Would encourage international cooperation on cyber security where feasible; and

• Rep. Sanchez (D,CA), Would provide guidelines for any department or agency in the Federal government who are charged with border search and seizure of electronic devices.

I expect that we will see at least one amendment proposed by Rep. Thompson (D,MS) regarding protections of civil liberties. A large number of other amendments to this controversial yet popular bill are inevitable.