The cybersecurity chief named to battle Internet viruses and larger challenges facing the information technology networks used by U.S. companies and national defense should be based in the White House, experts told a congressional panel on Friday.
Cybersecurity is important enough to warrant a White House staffer with real authority and a real budget, said Larry Clinton, president of the Internet Security Alliance and one of those who made recommendations to the Obama team.
“It can’t be just a figurehead,” he told an Energy and Commerce subcommittee. “We tend to think it should be somewhere in the White House structure.”
No date has been set for when, or if, such an appointment would be made.
Gregory Nojeim, senior counsel for the Center for Democracy and Technology, said his group had urged that the task of ensuring cybersecurity be given to the Department of Homeland Security, not the National Security Agency, or NSA, which is responsible for breaking codes and electronic spying.
The NSA, he argued, was ill-suited for the job of ensuring that the lightly regulated Internet was kept up and running. “I think it’s a very difficult thing for them to handle,” he said.
Rep. Anthony Weiner, a New York Democrat, noted that no witnesses from the Obama administration attended the hearing. “The obvious reason is I don’t think they know yet what their policies are,” he said.
A White House team prepared a still-secret study on cybersecurity for President Barack Obama which was completed last month.
The study addressed problems ranging from cyberspying to fighting hackers organized enough to break into 130 automated teller machines worldwide in 30 minutes last November.
The cybersecurity review, led by Melissa Hathaway, a top advisor to the former director of national intelligence, was ordered by the White House in early February.
The report’s importance was driven home earlier this month when the Wall Street Journal reported that cyberspies had penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system.
A current concern is the worm Conficker, whose authors appear to have used it to spread another worm, Waledac, which offers fake anti-spyware for sale. Purchasers lose their money and download software that turns their computer into a spam machine.
Conficker seems to be spreading Waledac but for two weeks only, said Rodney Joffe, a technology expert with Neustar.
The Conficker virus was also found on 300 critical medical devices from a single manufacturer, Joffe told the panel. The devices, whose manufacturer was not named, were used for tasks like viewing MRIs.
The United States for several years has accused the Chinese and Russians, among others, of using cyberattacks to try to steal American trade and military secrets.