U.S. Rep. Michael McCaul, R-Texas, who serves as chairman of the House Committee on Homeland Security, called out some of the challenges facing the cybersecurity sector during a speech on Feb. 14 at RSA Conference 2017.
“We are in the fight of our digital lives," McCaul said, "and we are not winning."
Behind what was portrayed as an uphill battle, McCaul cited five overarching impediments. The first, he said, was the sheer volume of threats and cyberattacks being launched. With resources stretched, the lawmaker said there are simply “too many outlaws and not enough sheriffs.”
The speed of technological evolution also poses a threat to individuals and agencies tasked with securing private and public networks. McCaul said these challenges are further compounded by a lack of cohesive data-sharing between public- and private-sector organizations.
He compared the gaps in threat-sharing intelligence with that of the intelligence gathered pre-9/11. This leads to many attacks going unreported and endangering other networks.
“We all had the information we needed to keep terrorists from attacking on that fateful day, but we did not connect the dots,” he said. “We are in the same place with cyber. Between your companies, government agencies and U.S. allies, we have the threat data to stop many of these intrusions.”
But even when intrusions are stopped, making sure attempts are not repeated from a legal standpoint remains a difficult barrier to overcome in the cybersecurity and prevention space, McCaul argued.
“In the cyber-realm, we have to show that there will be consequences and that intruders will be brought to justice. Unfortunately we still do not have clear, proportionate response policies for striking back against nation states, cybercriminals and others, …” he said. “And we certainly don’t have the manpower, the corporate legal structure and global cooperation to take down suspects as fast as we need to.”
Another challenge McCaul said is facing the cybersecurity space is the paradox between data privacy and national security. While he contends that actions like building in backdoors to devices would be a “huge mistake,” other alternatives must be identified to meet both of these objectives.
As for what the representative sees as the solution to these challenges? “Federal agencies are not necessarily the answer to cybersecurity,” he said, calling on the private sector to innovate and develop “leading-edge” solutions.
On the government side of the conversation, McCaul said he sees the role of public-sector agencies as one of coordination. He proposes a stronger cybersecurity agency within the Department of Homeland Security to assist in this effort.