House Panel Gets Cybersecurity Lesson From Industry

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By George R. Lynch

Jan. 8 — Testifying on Capitol Hill, cybersecurity professionals Jan. 8 called for increased cybersecurity funding and stronger education efforts for policymakers.

The House Science, Space and Technology Subcommittee on Research and Technology held a hearing on what the federal government can learn from the private sector on cybersecurity. The answer it appears is more attention to the basics.

Cybersecurity Spending

“The government simply needs to spend more on cybersecurity,” Larry Clinton, president of the Internet and Security Alliance, said.

Clinton and John B. Wood, chief executive officer of Telos Corp., unfavorably compared the increased spending on cybersecurity of major U.S. banks to the federal government's level of spending.

“Private sector spending on cybersecurity is increasing about 24 percent next year, federal government spending is increasing by about 11 percent,” Clinton said. “Two banks have a combined cybersecurity budget of $1.25 billion, the Department of Homeland Security budget for cybersecurity next year is about $900 million: 75 percent of what two banks are spending by themselves.”

Cybersecurity Education

“We need an education program for senior government officials like we're doing for corporate boards,” Clinton said.

“We found that when we actually educated them about cybersecurity we got better policy, we got more investment, we got more risk management. We need to be doing that on the government side just like we're doing on the private sector side,” he said.

Ken Schneider, vice president of technology strategy for Symantec Corp., said that it is “the people on top that we have to make sure are adequately trained.” He then discussed education strategies, such as simulation platforms in order to understand what cybersecurity breaches look like and sending fake phishing e-mails sent to employees by companies.

Urgency to Enact Legislation

The panelists also urged the federal government to show more urgency on cybersecurity issues.

Clinton noted that “it took congress 6 years to pass a fairly modest information sharing bill,” referring to the Cybersecurity Information Sharing Act. Congress hasn't moved to develop a “menu of incentives” that the House GOP Task Force on Cybersecurity recommended in 2012, and the Obama Administration hasn't made any legislative proposals since the President's Executive Order on cybersecurity in February 2012, he said.

To contact the reporter on this story: George R. Lynch in Washington at

To contact the editor responsible for this story: Jimmy H. Koo at

For More Information 
Further information on the hearing, including links to prepared statements and an archived webcast of the hearing, is available at