Ensuring cybersecurity doesn't mean giving up privacy or undermining Internet freedom, a Federal Communications Commission official told a House panel on Wednesday.
"Sacrificing privacy or Internet openness for security is a false choice," FCC Homeland Security bureau Chief James Barnett said in testimony before the House Energy and Commerce Communications and Technology Subcommittee. "We must insist on having all three, and we strongly believe that this is achievable."
Congressional debate has revolved around the varying abilities of government and industry to secure cyberspace while preserving basic rights and commercial innovation. The House is considering a string of bills designed to increase cybersecurity in government and private networks, including one introduced on Tuesday by Reps. Mary Bono Mack, R-Calif., and Marsha Blackburn, R-Tenn.
That bill takes a hands-off approach to cybersecurity in the private sector, and both Bono Mack and Blackburn used Wednesday’s hearing to highlight their arguments for more-flexible programs.
“There is no cookie-cutter approach,” Blackburn said. “The federal government needs to be leading by example.”
The FCC recently spearheaded a push to have Internet service providers commit to voluntary cyber codes of conduct to help secure their networks. That, Barnett said, should be the model “whenever it is possible and effective.” Still, in response to a question, Barnett voiced support for a Senate bill that includes increased government oversight.
Gregory Shannon, a researcher at Carnegie Mellon University, compared the federal government’s ideal role in cybersecurity to the role played by the Centers for Disease Control and Prevention, which monitors, detects, and investigates threats to public health and collaborates with private organizations.
“Imagine a similar approach dedicated to the cyberhealth of the nation—and the potential to tell the same story about the next Conficker or Stuxnet,” Shannon said.
Lawmakers are divided over the need for more government oversight. In addition to encouraging voluntary measures and information sharing, a Senate bill backed by the White House would give homeland security officials more authority to oversee networks that control critical infrastructure like power grids or water systems.
But subcommittee Chairman Greg Walden, R-Ore., who has formed a task force to develop ideas for cyber-related legislation, said government efforts are only part of the answer.
“The work being done by these government agencies to help address cybersecurity is just the tip of the iceberg of what we can achieve when our private-sector innovation and public-sector resources are put to a common task,” he said at the hearing.
Other witnesses at the hearing included officials from the Homeland Security Department and the National Telecommunications and Information Administration, and a researcher from Sandia National Laboratories.