Testimony of Bill Conner, President and CEO of Entrust

Before the Subcommittee on Communications and Technology
of the Energy and Commerce Committee
U.S. House of Representatives

Part 10

Action Items

With all of this in mind, and recognizing that this is not a legislative hearing on specific remedies, there are still three key points that Washington should keep in mind.

First, cyber security legislation must ensure there is proper corporate governance within an organization to ensure someone with appropriate authority is responsible for overseeing the cybersecurity program. It must require and recognize that cybersecurity is not a one-time fix, as was Y2K, but requires continued vigilance since threats continue to evolve rapidly.

Second, the Federal government needs to work more closely with the private sector to exchange critical information about the threats that each experiences. A perfect example of the problems that face the government and protecting itself came to light via the hacking of a well-known security company that resulted in the compromise of three Department of Defense contractors and potentially critical DOD intelligence. All three attacks leveraged the security information gained in the hack of the cybersecurity product company.

This kind of situation is persistent and we have been asking the appropriate agencies to work with us to deter further damaging breaches. Congress needs to direct the government’s intelligence community to work more closely with cybersecurity companies and to share vital information on evolving threats, attack methods and how to defend against threats.

Third, the private sector would also benefit from an education or awareness campaign. While large enterprises have information security personnel, many small and medium businesses do not. The same cybersecurity companies mentioned above could work with the Department of Commerce and the Small Business Administration to make this information available to these smaller enterprises via webinars, online guidance and checklists. The weakest link in a chain remains a real threat in the cyber world and helping educate smaller entities is a vitally important part of the puzzle.

Thank you again for this opportunity to testify and look forward to any questions you may have.