“We are intricately tied together in this.”
Chairman Meehan Talks about the Cyber Threats Facing America and Why it is Critical that Government and Business Collaborate to Prevent Future Attacks
WASHINGTON, D.C. – With the threat of a devastating cyber attack increasing with each passing day, Congressman Pat Meehan (PA-7) appeared before a breakfast meeting of The Ripon Society last Wednesday morning to discuss his role as Chairman of the subcommittee that is working to meet this threat and prevent such an attack.
“What you see going on in New York with denial of service attacks on the major banks is driven by Iran,” stated Meehan, a former prosecutor in Philadelphia who now serves as Chairman of the Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies. “What we have is a very, very serious environment.”
“One of the things we’ve got to realize is this is no longer a situation where it’s just the government and everyone else, and the question is what’s government going to do? We are intricately tied together in this. When I say we, I mean the government needs to be completely part of a public-private partnership where we work together in what is a shared challenge. This will not be something in which the government sits back and says we’re going to tell you guys what to do. Industry is in many ways way ahead of where the government is. Ninety percent of the capacity of the Internet is situated in private industry. We need a level of collaboration that reflects that.
“How do you look at the magnitude of this challenge and not be overwhelmed? One of the ways is to recognize the 80-15-5 principle. Eighty percent of the issues we’re dealing with could be handled with what is called simple ‘cyber hygiene.’ That means that all of us have a responsibility for doing things that protects the systems that we deal with. The next 15 percent are somewhat serious. The Anonymous attacks, where they come in and put their banner some place on a computer – that’s been described to me as a bug on a windshield. It gets a little more serious when you start talking about organized crime in Eastern European countries and things like that. But that’s also where a lot of the collaboration is taking place and great work is being done.
“The last five percent was described to me just the other day. In the words of the military, that’s when you have serious actions – by state-sponsored groups and others – and they’ve gotten ‘inside the wire.’ That is when we’ve got the kind of potential threat in which you’ve got very serious players who are sophisticated and have found a way to pierce multiple levels of security. You’re concerned about what they’re doing, what they know, and what they’re stealing. That is when we need the ability for real-time information sharing using the best of the capacities we have in government – the FBI, the NSA, Homeland Security – working side-by-side with industry and others.”
Citing concerns many have expressed about liability protection and the sharing of proprietary information, Meehan – who took the reins of the Cybersecurity Subcommittee in January -- stated that one of his goals since becoming Chairman has been to discuss these concerns with the private sector in a way that not only strengthens the public-private partnership, but to do so in a way that builds trust and encourages information sharing between government and industry.
“One of the things we have done on my committee is spent a lot of time just listening,” the Pennsylvania lawmaker stated. “We’ve had – my staffers and others on the committee – 195 outreach meetings talking with people in various industries trying to work through in advance some of the issues we face. There are not going to be perfect solutions, but if we begin to at least recognize these things upfront, we’ll go a long way toward legislation that will enable us to accomplish what we need to do with the least amount of interference.”
“When you’re dealing with something that’s changing constantly, you’ve got to be careful about creating check-the-box routines that make you feel like you’re accomplishing something when in fact you’re not. So what we’re going to be working on is a series of things that will deal with putting into place the critical structure that is needed to allow us to work effectively together. As you saw with the President’s Directive, everything we’ve been doing has been put together by a hodgepodge of initiatives. We have not codified into law the critical pieces we need to set this up.”
Meehan then outlined three priorities his subcommittee is working on that would help do just that. “We’re really focusing on what we call a national cyber center,” he said. “A Cybersecurity and Communications Integration Center – putting it in the Homeland Security Department, where all the information can flow in and out of. Having a civilian agency perform that role is critical.
“The second thing is working with the industries on the creation of what we call Sector Coordinating Councils. The industries are broken into 16 different sectors, from energy to telecommunications to finance. We will be working on creating some kind of codification of these relationships. It’s going to be important because it is in that place that the industries themselves will play a critical role in defining the policies and the standards, and therefore be the place where you have the ability to work with the government, as opposed to some outside role.
“The last thing we’re going to be working on is clarifying a lot of the regulatory relationships and hopefully getting this right, so that among these sectors, we clarify who it is that has oversight. The fear is that you have five or six different agencies that are all saying you’ve got to answer to me. You will find businesses which spend their entire time doing nothing but trying to be responsive to inquiries coming from Members of Congress and from agencies. We want to do the best we can to streamline the authority that exists between the oversight agencies and the agencies themselves, and clarify it in a way that protects against over-intrusion.”
“There’s more work that’s gone into this than any other thing I’ve certainly been associated with in my short time in Congress. This is not something that’s going to be a ‘one-and-done issue.’ This collaboration is going to be with us for the foreseeable future, and it may create a new sort of paradigm for how the government and private sector work together well into the future.”
The Ripon Society is a public policy organization that was founded in 1962 and
takes its name from the town where the Republican Party was born in 1854 –
Ripon, Wisconsin. One of the main goals of The Ripon Society is to promote the
ideas and principles that have made America great and contributed to the GOP’s
success. These ideas include keeping our nation secure, keeping taxes low and
having a federal government that is smaller, smarter and more accountable to the