Up next in 10
Join us as we delve into the House Homeland Security Committee hearing on CISA reauthorization and the evolving cyber warfare landscape. We explore potential improvements, information sharing strategies, and how to protect our networks from future threats. Let's stay ahead of the curve together! #CISA #CyberSecurity #CISA #CyberSecurity #HomelandSecurity #CyberWarfare #InformationSharing #JCDC #DataProtection #Privacy #CyberThreats #Government
Show More Show Less View Video Transcript
0:00
yields back. I now recognize gentleman
0:02
from Tennessee, Mr. Ogles, for five
0:03
minutes of questions. Thank you, Mr.
0:05
Chairman, and uh thank you to the
0:06
witnesses. I think by and large, we all
0:09
agree that SISA should be reauthorized.
0:12
Um so then the question becomes, how do
0:14
we make it better? You know, there's
0:16
been some calls, let's do a clean reoff,
0:18
uh and just get it out the door quickly.
0:20
But, you know, as we look at the
0:21
landscape as we go forward, uh,
0:24
obviously, you know, in battlefield
0:25
terms, you know, as warfare has changed,
0:28
I would argue that, you know, one of
0:29
those battlefields is in the cyber
0:31
realm. So, Mr. Miller, I know you've
0:34
you've had some suggestions in
0:35
particular some of the definitions as it
0:37
pertains to SISA. Can you any thoughts
0:40
on how we can improve as we go into
0:43
reauthorization to make it better,
0:45
stronger, more robust?
0:48
Uh thank thank you for the question,
0:50
Congressman. Um yeah, you know, I I I
0:53
did include some some recommendations uh
0:56
in in my statement. I I mean, I do think
0:59
in general, the the approach that we
1:00
should be taking if if we're looking at
1:03
changes is to, you know, just ask a
1:05
pretty simple question.
1:07
Um hey, what's changed in the past 10
1:10
years from a threat standpoint, from a
1:11
technology standpoint? are the very very
1:14
technical definitions that we have of
1:16
cyber threat indicator and defensive
1:18
measures in the bill. Um do they really
1:21
account for all the different types of
1:23
uh attacks that companies are are um
1:26
experiencing today and are we sharing
1:28
the types of threat information that we
1:30
need to counteract those threats? uh you
1:33
know I think one one example of a
1:35
relatively novel type of attack that's
1:38
grown to prominence I mean someone
1:39
mentioned Solar Winds earlier right you
1:41
know supply chain attacks software
1:43
supply chain attacks uh you know right
1:46
now if if a company knows that there is
1:49
a suspect supplier in its supply chain
1:53
it doesn't get the type of liability
1:55
protections that SISA provides to share
1:58
that sort of information right so if you
2:00
were thinking about making surgical
2:03
precise um you know edits uh or changes
2:06
to to the bill. Again, I I would not
2:09
open it up entirely, but you could look
2:10
at things like the definition of cyber
2:12
threat indicator, which has I don't know
2:14
seven or eight subp parts, and you could
2:16
perhaps add something like derogatory
2:19
information about a supplier in your
2:21
supply chain or something like that. And
2:23
that's just an example, but but I mean
2:24
that's the the general type of approach
2:26
I would take rather than making
2:28
wholesale changes to update the law.
2:30
Well, kind of going back to uh Mr.
2:32
Menz's point, you know, like I think one
2:34
of the the thing uh things we need to
2:36
look at is better information sharing,
2:39
broadening the scope of who might be
2:41
included, but then with that, you
2:42
probably need to to your point the
2:44
liability protections uh to protect
2:47
someone if as they're sharing
2:48
information that otherwise might be, you
2:51
know, uh so what about the JCDC? What
2:54
role might they play uh as we go
2:57
forward?
2:58
Yeah, I I mean, you know, as as as
3:00
others have have have testified to, uh,
3:02
you know, the the the JCDC is is is a
3:05
very valuable uh, you know, newer
3:08
partnership that that that SISA has led.
3:11
Obviously, um, you know, it's really
3:14
focused on operational collaboration as
3:16
opposed to to simply sharing
3:18
information, right? And that and that's
3:20
really what what what this is all about.
3:22
Um, you know, I I will say um it is my
3:25
understanding that you really could not
3:27
have
3:29
JCDC still, you know, without the
3:32
liability protections that exist in CIS
3:34
of 15 though, right? I mean, there areUs
3:37
that companies that participate in JCDC
3:39
sign. But that really deals more with
3:42
information dissemination and adhering
3:44
to pretty strict uh traffic light
3:46
protocols. It doesn't have anything to
3:47
do with the fundamental liability
3:49
protections and authorizations that SISA
3:51
provides for sharing the threat
3:53
information in the first place which at
3:55
the end of the day is what underpins
3:56
JCDC. I would Mr. Ronaldo you you
3:59
touched on China in rather stark terms.
4:02
you just want to give us a quick brief
4:03
of are we adequately protecting
4:05
ourselves with SISA and the
4:07
reauthorization as it returns in you
4:10
know terms of China and obviously their
4:13
bad actions as it in terms of AB
4:15
absolutely and when we were doing our
4:17
factf finding mission as we were
4:18
drafting the legislation one thing that
4:21
was very abundantly clear is that more
4:24
than 90% of our networks are held by the
4:26
private sector so what can we do as a
4:28
government to help u protect the private
4:31
sector
4:32
So the idea of information sharing and
4:34
the importance of government to business
4:36
and I think you know to your question to
4:38
John how do we improve um the transport
4:41
of information from the government to
4:43
business and I would say that was one
4:44
part that's uh lacking today and not
4:46
necessarily need you don't need a a
4:49
congressional change to make that happen
4:51
just oversight how could we you know
4:52
stay on top of the agencies to make sure
4:54
that they're pushing out information and
4:56
then I would also say security
4:57
clearances is a big issue um you may
4:59
have people that can get clearance, go
5:01
into a room, hear the information, but
5:04
do you have the engineers that can
5:05
actually um act on it? So, that's an
5:07
important aspect as well. Mr. Chairman,
5:09
I know I'm out of time, but I would just
5:10
say uh to all the witnesses, if you have
5:13
any suggestions or recommendations that
5:15
might be specific as to how we make it
5:16
better, now would be the time to provide
5:19
that input. So if you would like to send
5:20
that to my office or of course to anyone
5:22
on the committee the chairman happy to
5:25
take a look look at that incorporate it
5:27
because obviously is again as we look to
5:29
the future as we look to the future of
5:30
warfare this is one of those
5:33
battlefronts and we need to be ready we
5:35
need to be proactive we need to be ahead
5:37
of the AI curve. Mr. Chairman I yield
5:39
back. Thank you for your graciousness.
5:40
Gentleman yields back. guys.
#Computer Security
#Network Security