Washington, D.C. –The Research and Technology Subcommittee and Oversight Subcommittee today held a joint hearing to discuss industry best practices for cybersecurity, share lessons learned from the private sector and inform how innovative private sector security practices can be applied to government agencies.

Cybersecurity breaches at OPM last year exposed the personal information of more than 20 million Americans and highlighted the growing challenges we face. Members today on both sides of the aisle stressed that protecting Americans’ sensitive information should be a top priority for both the public and private sectors.

Research and Technology Subcommittee Chairwoman Barbara Comstock (R-Va.): “The OPM breach highlighted the growing challenge and need for more innovative, agile and aggressive strategies for preventing and responding to cyber threats for both the public and private sectors. The private sector has been at the forefront of dealing with these threats for some time, as both the target of many of these attacks and as the leaders in developing the technology and workforce necessary to counter cyber threats. We appreciated hearing from these industry leaders today.”

Chairman Lamar Smith (R-Texas) today asked the witnesses about potential security concerns if a senior executive branch official requests a company set up a private email account and server for conducting both official and personal business. One witness, Mr. John Wood, CEO of the cybersecurity-focused Telos Corporation, responded that such a server would expose classified data and would be illegal.

Chairman Smith: “What does it say to federal employees, not to mention our adversaries, when cabinet secretaries don’t take cybersecurity seriously and fail to follow the most basic e-mail security practices involving our country’s classified information? In the private sector, those who neglect their duty to keep the information of their customers secure are usually fired.  In the federal government, it seems the only people penalized are the millions of innocent Americans who have their personal information exposed.”

Oversight Subcommittee Chairman Barry Loudermilk (R-Ga.) asked the witnesses about the security of Americans’ personal data collected and stored by the federal government through the website HealthCare.gov. 

Chairman Loudermilk: “This administration has not sufficiently explained why it was ever necessary to indefinitely store Americans’ personal data they submitted when logging into the HealthCare.gov website – particularly those who did not end up enrolling.  If cybersecurity is one of the most serious challenges that this government faces, why on earth would the government ever consider storing all of this personal information – indefinitely - in a data warehouse?”

A number of federal agencies that guard America’s cybersecurity interests are under the jurisdiction of the Science, Space, and Technology Committee, including the National Science Foundation, the National Institute of Standards and Technology, the Department of Homeland Security’s Science and Technology Directorate, and the Department of Energy. These agencies support important research and development to promote cybersecurity and set federal standards.

The following witnesses testified today:
Mr. John B. Wood, Chief Executive Officer and Chairman, Telos Corporation
Dr. Martin Casado, Senior Vice President and General Manager, Networking and Security Business Unit, VMWare
Mr. Ken Schneider, Vice President of Technology Strategy, Symantec Corporation
Mr. Larry Clinton, President and Chief Executive Officer, Internet Security Alliance

For more information about today’s hearing, including witness testimony and the hearing webcast, please visit the Committee’s website.