By Kim Hart - 09/14/09 11:44 PM EDT
Lieberman, the chairman of the Senate Homeland Security and Governmental Affairs Committee, and ranking member Susan Collins (R-Maine) on Monday told Department of Homeland Security (DHS) officials and financial-services representatives at a hearing on the topic that the public and private sectors are not coordinating enough to prevent high-tech threats against critical networks.
The pair also said they were going to take a hard look at how effective Homeland Security officials have been at thwarting attacks across federal networks.
Senate Majority Leader Harry Reid (D-Nev.) has asked committee leaders with jurisdiction over any aspect of cybersecurity, including the Intelligence, Commerce, Judiciary and Armed Services committees, to consider legislation that would better address cyber threats.
Lieberman is paying particular attention to what the private industries should be doing. He asked witnesses at the hearing if it would make sense to “set minimum standards to require private-sector entities to follow to defend themselves against a cyber attack.”
“Too much of our critical infrastructure is in the private sector,” he continued, adding that one possible solution could be stronger encryption standards.
“What responsibility does government put on the private sector to take on the minimal actions to protect that infrastructure?”
Companies already examine cyber threats, said William B. Nelson, president and chief executive officer of the Financial Services Information Sharing and Analysis Center, a nonprofit consortium of banks, insurance companies and payment processors. But the industry could use federal funding to educate consumers and companies about how to prevent criminals from stealing valuable personal and financial information.
The biggest problem currently facing law enforcement officers may not be easily addressed by legislation. Michael P. Merritt, assistant director of the Secret Service’s Office of Investigations, said coordinating with international law enforcement agencies has become increasingly difficult.
“While cyber-criminals operate in a world without borders, the law enforcement community does not,” he said. “It is hard for Congress to implement that type of law overseas. It goes back to the personal and professional relationships we are able to establish with counterparts overseas.”
Collins said she is interested in finding out whether federal procurement standards should be updated to require private companies to incorporate better security into the technology systems they sell to the government.
She also expressed concern about the number of law enforcement entities with varying jurisdiction over cyber crimes — the FBI, state and local governments and the DHS, for example — leaving small and medium-sized businesses often not knowing where to turn for fast help.
Sometimes law enforcement agencies will not take a case because it does not meet a high enough loss threshold, Nelson agreed.
Senate Commerce Committee Chairman Jay Rockefeller (D-W.Va.) and Sen. Olympia Snowe (R-Maine) also introduced a cybersecurity bill this year that addresses how the government could interact with private networks in the case of a cyber attack. The senators have circulated a new draft of the bill, but no further action has yet been taken.