By Gautham Nagesh (The Hill)
The major telecom providers have done a good job securing their networks and don’t require further regulation by the government, experts testified Wednesday.
James Lewis, the director of the Center for Strategic and International Studies, said telecom companies have addressed cybersecurity on a level that other sectors have not.
“The [telecom] sector is already heavily regulated and it is in the business interests of major telecommunication’s companies to provide reliable service,” Lewis said during a hearing of the House Energy and Commerce subcommittee on Communications and Technology.
“Their business models makes them the only sector with the expertise and incentives to take cybersecurity seriously, but even then there are issues and problems were uncoordinated private action is inadequate and government intervention is needed,” he added.
“We may not need more regulation as much as we need insight to ensure that companies are performing at equivalent levels and to understand what threats they see.”
To view the original article please click here.
Internet Security Alliance President Larry Clinton was adamant that cost is the main barrier to firms bolstering their cybersecurity, not the absence of clear security guidelines or best practices. Clinton argued that reducing the cost of implementing security precautions would be more effective than establishing new federal regulations.
“This is not a technology issue. This is an enterprise-wide risk management issue,” Clinton said, arguing the incentives currently all favor the attackers. He said cyber attacks are cheap and easy, while defending them is difficult and expensive.
“You’re dealing with the invention of gunpowder. Mandating thicker armor isn’t going to work.”
Lewis admitted the voluntary approach has worked so far in the telecom sector, but said he believes responsibility for security is going to shift away from consumers toward providers, like wireless firms. Entrust President Bill Conner disagreed, arguing responsibility is moving the other way. But he said the FCC should have some role in increasing mobile device security.
Juniper Network vice president for government affairs Robert Dix and Clinton both praised an information bill from House Intelligence Committee Chairman Mike Rogers (R-Mich.), which passed the Intel Committee in December. That bill would make it easier for firms to share information with the government about attacks, without any new security mandates.
Clinton called passing the Rogers bill along with reform of the Federal Information Security Management Act a “historic and politically achievable goal.” Both measures are largely non-controversial, and likely to pass the House if they come up for a vote.
But the comprehensive cybersecurity plans offered by the Senate and White House both include some type of regulatory authority for the Department of Homeland Security over critical infrastructure providers, which has drawn resistance from industry.
Clinton argued that a different approach is needed, not “government control over what the private sector does.”