House Should Create Committee on Cybersecurity

Posted December 2, 2009 at 3:24pm

Recently, I sent a letter to Speaker Nancy Pelosi (D-Calif.) and House Minority Leader John Boehner (R-Ohio) asking that Congress establish a new Select Committee on Cybersecurity. While it’s a problem we’d rather not think about or deal with, a significant cyber-incident could pose a major threat to our country by disrupting commerce and our ability to defend ourselves. Indeed, experts from the military and the private sector agree that we are not doing enough to prevent a cyber-9/11.

Part of the problem preventing Congress from addressing this issue is that multiple Congressional committees currently have jurisdiction over cybersecurity. This diffusion of responsibility prevents Congress from taking effective action. Establishing a new Select Committee on Cybersecurity will make it easier to address the complex problems associated with cybersecurity.

A cyber-attack could very easily collapse Wall Street, destroy the electrical grid of the Northeast, and/or have a cascading impact on our banking system. Cybercriminals and cyberterrorists are getting smarter and stronger by the day, and their methods are increasingly more sophisticated. Adequate protections are not yet in place to safeguard our nation, so it is imperative Congress address this problem in a comprehensive manner.

Let’s examine some facts that demonstrate the magnitude of the problem:

• More than 32,000 suspected cyber-attacks occur in the U.S. every day.

• In 2008, the Department of Defense experienced an estimated 80,000 detrimental attacks on its networks.

• According to the FBI, more than 10 million Americans are the victims of identity theft each year.

• A 28-year-old masterminded a scheme that caused the data breach of more then 40 million credit card numbers, costing one company more than $200 million.

• Utilities, which control our electrical grid, are targets of malicious attacks and are hit more than 1,000 times a year.

• In April of 2007, Estonia was struck by a Russian-based cyber-attack that tied up telephone exchanges, government ministries and banks.

• Al-Qaida’s Internet logs mark a terrorist browser’s path through the Internet on sites that offer programming instructions for digital switches, running power, water, transport and communication grids.

In this post-9/11 world, we should know that preparation is the only way to avoid disaster. But when you consider that most of the major authorizing committees and the Appropriations Committee have jurisdiction over some aspects of cybersecurity, you begin to understand that we have a problem.

The House committees with jurisdiction over this issue include the Energy and Commerce Committee, the Armed Services Committee, the Oversight and Government Reform Committee, the Judiciary Committee, the Homeland Security Committee, the Science and Technology Committee and of course, the panel I once led, the Appropriations Committee. Yet each of these only examines cybersecurity from the vantage point of their committee’s jurisdiction. This fragmentation does not allow for any of the committees to have a comprehensive understanding of the problem and is a deterrent to effective legislative action.

Congress needs to do more to safeguard the American public in this area. A Select Committee on Cybersecurity should be established to recommend a unified course of action with respect to the new laws that are needed to govern cyberspace. The select committee should not be permanent or need legislative authority. A Select Committee on Cybersecurity would augment, not replace, the existing Congressional committee structure. It should, however, be directed to make recommendations for legislation.

The term cybersecurity is so broad that it encompasses matters ranging from online banking safety to war-fighting capabilities. Beyond the national security implications, there are also important civil liberty and economic considerations. As a nation, we lose tens of billions of dollars each year in valuable intellectual property.

Thus, to maximize its effectiveness, the select committee should have two subcommittees: the first dealing with issues involving national security and intelligence and the second focused on matters such as online crime, critical infrastructure protection and other commercial sector activities. The senior members of the Armed Services and Intelligence committees should serve on the subcommittee involved in these issues, while the chairmen and ranking members of the major authorizing committees should serve on the domestic subcommittee dealing with the “.gov— and “.com— worlds.

The establishment of a Select Committee on Cybersecurity would be an important tool for Congress to better address this growing threat to our nation. Fighting cybercriminals and cyberterrorists requires a higher degree of vigilance and urgency. Cyberspace has no boundaries, and we must do everything possible to protect our country from cyberthreats.

The establishment of a Select Committee on Cybersecurity would be a signal that the Congressional leadership of this country understands the nature and seriousness of this threat.

Former Rep. Bob Livingston (R-La.) is founder and partner of the Livingston Group.