Even in regulated environments, however, owners and operators are solely responsible for blocking malicious traffic and attacks against their systems, regardless of the skill of the adversary. As one might expect, owners and operators have had a difficult time stopping skilled hackers from exploiting their systems.
According to news reports last year, “cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system.” This presents a difficult policy question: should the Federal government use its cybersecurity capabilities for private infrastructure protection; or do we continue to rely on the voluntary, best efforts of the private sector to provide appropriate defenses against bad actors?
The debate over these questions continues to simmer in Washington. Through my efforts as Chairwoman of the House Homeland Security Emerging Threats, Cybersecurity, Science and Technology Subcommittee, I am bringing together key stakeholders from the public and private sectors to tackle this important problem head-on. Government, private industry, and academia must work together to identify solutions before a catastrophic cyber event on our critical infrastructure brings this debate to boil.