Cybersecurity underfunded, industry tells Congress
- By Aisha Chowdhry
- Jan 12, 2016
Agency IT managers who believe they do not have the resources to adequately fight cybersecurity threats got some backing from industry experts who voiced the same concerns to Congress.
At a Jan. 8 hearing held by two subcommittees of the House Science, Space and Technology Committee, Larry Clinton, president and CEO of the Internet Security Alliance, told lawmakers that the government must invest more in cybersecurity and act with greater urgency.
"Government needs to follow the private sector's lead," he said, adding that top policymakers must be better educated about cybersecurity. "Now more and more, the senior administration officials are understanding that cybersecurity is not just for the IT department."
"Most of these agencies are really underfunded, particularly when you compare them to their commercial counterparts," said Telos CEO John Wood in a post-hearing interview.
Rep. Barbara Comstock (R-Va.), chairwoman of the Research and Technology Subcommittee, said she wants to explore ways to improve, but it will take time.
"You have to innovate or die on this field," she said. "So we have to constantly be innovating. That means we'll also have to be adapting our legislation."
Congress included the Cybersecurity Information Sharing Act of 2015 in the omnibus appropriations package passed late last year. Under the act, companies are expected to share more cyberthreat information with law enforcement agencies. The law also includes provisions to improve the security of federal networks and information systems.
During the hearing, participants agreed that the government's information-sharing culture has changed for the better, but much work remains, including better educating the public and lawmakers. In addition, some experts question whether the cybersecurity act is enough to deal with the current threat environment.
The panelists' other recommendations included stimulating the cyber insurance market, providing benefits and opportunities for smaller companies, fostering a "zero trust" computing environment and developing innovative workforce development programs.
"We can't protect against all [cyberattacks], so what systems do we have in place to quickly innovate and change and attack any new threats that we see?" Comstock asked. She added that she expects to hold more discussions on the topic this year.
This article originally appeared on FCW, a sister site to GCN.
Aisha Chowdhry is a former staff writer for FCW.