In his recentAnnual Threat Assessmentof the U.S. Intelligence Community, the Director of National Intelligence Dennis Blair began his analysis of threats against the U.S. by highlighting the threats against America’s economy, way of life, and government in cyberspace.
From 2003 to 2004, I served as the Chairman of the House Homeland Security Select Subcommittee on Cybersecurity, Science, and Research and Development. My work on the subcommittee culminated in a 2004 report on cybersecurity gaps and two pieces of legislation intended to strengthen the government's ability to defend our computer networks. I believe that the same cybersecurity problems we uncovered in 2004 still plague the United States today.
We have witnessed recent, bold cyberattacks against Google, large financial institutions, the Pentagon, congressional computer systems, and major weapons systems like the F-35 Joint Strike Fighter. Operating in cyberspace must remain a top priority for the United States, and so must defending our computer networks and other technological assets.
The federal government should work in partnership with the private sector to do a better job protecting its cybersecurity without creating regulations that would strangle businesses and complicate life for most Americans. Partnerships between businesses and the government, not heavy-handed laws and rules, is the key to keeping America’s cyberspace secure for our people, businesses, and government.
Congressman Thornberry Discusses Cybersecurity on Washington Journal
on the Eleventh Anniversary of September 11, 2001.
Cyber is deeply ingrained in virtually every facet of our lives. We are very dependent upon it, which means that we are very vulnerable to disruptions and attacks. Cyber threats pose a significant risk to our national security as well as to our economy and jobs.
At least 85 percent of what must be protected is owned and operated by the private sector. Government must tread carefully in this area or risk damaging one of our greatest strengths — dynamic, innovate companies and businesses that are the key to our economy and to cybersecurity advances.
House Speaker John Boehner asked me at the start of the 112th Congress to lead an initiative on cybersecurity to focus the efforts of Congress to combat the growing national security and economic threat.
The Task Force represented a broad cross-section of the House Republican Conference and the committees of jurisdiction on the issue of cybersecurity. In addition to myself, Members serving in the group included Reps. Robert Aderholt (R-AL), Jason Chaffetz (R-UT), Mike Coffman (R-CO), Bob Goodlatte (R-VA), Robert Hurt (R-VA), Bob Latta (R-OH), Dan Lungren (R-CA), Mike McCaul (R-TX), Tim Murphy (R-PA), Steve Stivers (R-OH), and Lee Terry (R-NE).
The Task Force formally delivered its report to the Speaker and Majority Leader in October of 2011. The report was an agreement between nine House committees with jurisdiction over cybersecurity issues that could serve as a framework for moving forward with cybersecurity legislation in the House.
During the week of April 23rd, 2012, the House passed four cyber bills by strong majorities, thanks to work by Members on both sides of the aisle. These bills do not solve all of the problems in cyberspace, and they are not intended to. They are, however, important first steps toward making the country more secure.
H.R. 2096 - Cybersecurity Enhancement Act of 2011- Improves cybersecurity research and development at the National Science Foundation (NSF) and the National Institute of Standards and Technology (NIST). The bill also promotes improved cybersecurity awareness and education through NIST.
H.R. 4257 - Federal Information Security Amendments Act of 2012 - Updates the Federal Information Security Management Act of 2002 to increase the protection of federal networks. Moves the focus of FISMA from a checklist exercise to an increased focus on automated and continuous monitoring of agency information systems.
H.R. 3523 - Cyber Intelligence Sharing and Protection Act - Increases needed information sharing by allowing the federal government to provide classified intelligence information to private entities to use to protect their own networks. The bill also allows the private sector to voluntarily share cybersecurity threat information with other private entities and/or voluntarily share with the federal government.