As the Department of Homeland Security prepares to announce its first assistant secretary of cyber-security, lawmakers are growing increasingly vocal about the safety of the computer networks underpinning the countrys critical infrastructure.
The private sector, for its part, has begun a concerted lobbying effort to ward off any new federal mandates that members of Congress might have in the works.
“Virtual Katrina is possible. It is a profound kind of thing that we must pay attention to,” said Bill Owens, CEO and vice chairman of Nortel Networks Inc., based in Brampton, Ontario. “We believe, at Nortel, that the solution is in the network.”
At a forum Tuesday sponsored by Nortel, industry representatives called on Congress to make cyber-security a priority through research and development funding or through incentives, such as tax breaks, but not through new obligations on corporations.
Without barring the possibility of new regulations, Rep. Dan Lungren, R-Calif., said he is interested in developing incentives to promote better cyber-security.
“How do we enhance the atmosphere that will allow people to take some risks in creating the best cyber-security they can?” said Lungren, who is chairman of the Economic Security, Infrastructure Protection and Cyber-Security Subcommittee.
In addition to possible tax credits, insurance-based incentives are under consideration on Capitol Hill. Companies complain that they are reluctant to pursue new network security options for fear that they could face liability in a cyber-breach down the road. Lungren said he is looking at ways to address the private sectors liability concerns.
Nortel, which has 35,000 employees and does business in approximately 150 countries, is preparing for greater threats to the networks once cell phones and other handheld devices operate on Internet Protocol, Owens said.
“I can tell you I am frightened as hell about this issue of cyber-security, because I see it in spades around the world,” Owens said.
While companies like Nortel say they do not want Congress to mandate new cyber-security requirements, they say they would like to see legislation giving them greater protection against liability and greater secrecy for their own data.
The fear that information about network threats or breaches could become public is a disincentive to sharing that information with the government, said Dave McCurdy, president of the Electronic Industries Alliance in Washington.
“Its not enough for the government to ask the private sector for information,” McCurdy said, adding that the government needs to reciprocate in the information-sharing exercise.
Andy Purdy, acting director of the National Cyber-Security Division at the DHS, said his organization is working not only to improve information-sharing between the public and private sectors, but also to improve the overall quality of software made in the private sector.
“Were trying to promote a message of shared responsibility,” Purdy said. “We have to raise the bar on the development of new software. We have to make sure software doesnt do things its not supposed to do.”
The National Cyber R&D Plan is expected to be released shortly, Purdy said.