By Gautham Nagesh - 03/16/11 06:55 PM EDT
"This is not a record of success. Whatever we are doing is not working," Lewis said.
"Cybersecurity is another of those situations in American history, ranging from Pearl Harbor to 9/11, where we knew there was risk and that we were unprepared, but assumed it would never happen because America is too powerful or too big to attack."
Lewis said the idea that a private sector partnership is essential for any cybersecurity plan is false, comparing the notion to putting private airlines in charge of defending the nation's skies instead of the Air Force. He said voluntary actions would simply not be enough to combat professional, state-supported hackers.
U.S. Cyber Command under the leadership of National Security Agency chief Gen. Keith Alexander is currently responsible for safeguarding the nation's military networks from cyber attacks. The White House's plan separates military and civilian cybersecurity, a structure Lewis called ineffective.
"This is a recipe for disaster. There is no other area of national security where we rely on voluntary action reinforced by incentives," Lewis said.
Instead, he said any effective national cybersecurity defense must be reinforced by all available military and intelliegence assets along with flexible regulation of critical infrastructures and Internet service providers.
"We have a real opportunity in the next two years to improve our cyber defense," Lewis said. "Doing this will require leaving old ideas behind, even though many will still advocate them, and moving to a new, comprehensive approach to cybersecurity that treats it as a major component of national defense and homeland security."
DHS deputy under secretary Phillip Reitinger outlined a series of collaborations between his agency and private firms aimed at boosting the security of critical infrastructure networks and argued DHS is the natural choice to oversee private sector cybersecurity.
"Within current legal authorities, DHS engages with the private sector on a voluntary basis," Reitinger said in his prepared remarks. The agency is currently working with private firms that actively seek the government's help and expertise.
Langevin's bill would give DHS the authority to compel private firms deemed part of the critical infrastructure to comply with federal security standards, though the agency would still seek to coordinate with private firms rather than mandate standards.
The approach could draw criticism from the House GOP, which has previously shown a preference for putting the military in charge of all cybersecurity matters.
-- This post was updated at 7:12pm