Agencies are "inadequately implementing" of the Presidential Directive 63, proposed by the former Clinton administration in an effort to begin protecting critical infrastructure system from potential cyber-based attacks, NASA Inspector General Roberta Gross acknowledged the Senate Government Affairs Committee.
Gross said federal agencies often do not prioritize critical infrastructure protection programs and often misinterpret the intent of such programs. She added that such programs often are not adequately funded.
Joel Willemssen, managing director of information technology issues for the General Accounting Office, said the private sector is often unwilling to share security information in fear that they could be held liable for any problems. But Willemssen said that such information exchange could help prevent the spread of cyberattacks such as a denial of service attacks that could threaten infrastructure such as transportation.
Chairman Joseph Lieberman, D-Conn., and Sens. Robert Bennett, R-Iowa, and Thomas Carper, D-Del., indicated during the hearing that they intend to pursue policy remedies that would increase the quality and quantity of security information-sharing between the public and private sectors as well as to give law enforcement added rules to prosecute hackers.
Gross said legislation was needed to update laws to aid law enforcement. "There is no 'anti-trespass act,'" she said. It is a "crippling omission for law enforcement to be able to detect and prosecute" hackers.
"Would it be a bill for Sen. Bennett, Sen. Lieberman and Sen. Carper to introduce?," Carper asked rhetorically. Lieberman signaled his support.
Gross said "government oversight is a real key tool," and Congress should monitor the lead agency for the sectors that are lagging in developing plans of action to confront tragedies similar to Tuesday's event. In particular, the public health and transportation sectors are at the bottom of the list in terms of their anti-terrorism efforts, Willemssen noted.
"Among the most critical issues is clearly identifying roles and responsibilities of the all the players," and defining "who exactly is in charge," said Willemssen. He applauded a bill introduced by Lieberman and Ranking Member Fred Thompson, R-Tenn., that would establish a federal chief information officer as well as other initiatives to promote electronic government.
Bennett said, "It's too early to tell" how the events in New York, Pennsylvania and Washington, D.C., would affect the landscape for such legislation. He added that his measure, that would promote computer and information security sharing with few risks and liabilities for private business, is "very close to being ready" and he "will find the right time" to introduce it soon.