 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Creating the Department of Homeland Security: Consideration of the Administration's Proposal
Subcommittee on Oversight and Investigations
Mr. William Smith
Mr.
Chairman and Members of the Subcommittee. [Good morning/afternoon.]
My name is Bill Smith and I am Chief Technology Officer for
BellSouth Corporation. I appreciate
the opportunity to appear before you today to discuss a vital national security
issue - information sharing between the government and the private
sector and the role of the proposed Department of Homeland Security. Virtually every crucial
economic and social function in our society depends on the secure and reliable
operation of infrastructures. Indeed,
they have enabled our country to achieve levels of productivity and a standard
of living that is the benchmark for the rest of the world. However, these benefits have come at the cost of increased
complexity, interdependency and risk. Critical infrastructures such as energy,
banking and finance and transportation depend on the robustness of our
telecommunications networks, while the explosive growth of the Internet's
ability to interconnect computer networks, and our digital economy have
increased the demand for reliable and disturbance-free communications. As
a major telecommunications network operator, the challenge we face is
maintaining the reliability, security and robustness of critical national and
international infrastructures. And,
we need a comprehensive strategy flexible enough to prepare for, and respond to,
an evolving spectrum of threats. Such
a strategy should both increase protection of vital industry assets and ensure
public safety. Because of increased reliance and interdependency, the potential for infrastructure disruption may come from multiple sources, including system complexity, rapid growth, regulation, deregulation, terrorism, and natural disturbances such as hurricanes and earthquakes. Telecommunications systems constitute a fundamental infrastructure of modern society, and a successful terrorist attempt to disrupt them could have devastating effects on national security, the economy, and every citizen's life. At BellSouth, we continue to improve the security of our telecommunications systems, but our widely dispersed physical assets, unfortunately, can never be defended absolutely against a determined attack. It
is clear to all that the telecommunications industry is facing some of the
greatest challenges in our economy today. Fierce competition, eroding market
shares and tenuous market conditions compromise the environment in which we
operate. Despite these challenges, BellSouth continues to support the numerous infrastructure protection initiatives formed pursuant to Presidential Decision Directive 63 (PDD 63), but like others in our industry, find that there are many duplicative efforts underway, all competing for the same scarce resources. In
the wake of the September 11th terrorist attacks, our industry, as
well as those supporting other infrastructures, have seen dramatic increases in
the number of requests to participate in these efforts. In addition, we have
received numerous requests for sensitive information -- such as lists of
critical facilities -- from federal, state and local authorities.
From the perspective of a corporation such as BellSouth, these requests
are troubling because if such a list were released publicly, whether through a
FOIA request or through accidental disclosure, it could provide terrorists with
a road map directing them to our most critical locations. Therefore,
we would support efforts of a Department of Homeland Security to,
among things, serve as a focal point to coordinate these efforts, and allow
us to make the best use of our expertise and resources such as in the National
Coordinating Center (NCC) for Telecommunications. In
the current environment, we have the following concerns about information
sharing:
With
respect to FOIA, many companies are hesitant to voluntarily share sensitive
information with the government because of the possible release of this
information to the public. BellSouth currently shares cyber-related intrusion
information with the Telecom Information Sharing and Analysis Center -- the
Telecom ISAC -- located within the NCC. However,
because of the concerns just noted, the information sharing is done on a limited
basis, within trusted circles, and strictly within a fashion that will eliminate
any liability or harm from FOIA requests for BellSouth information. This is
neither maximally efficient nor effective. This
is not to say that the ISACs do not provide value.
BellSouth and the other ISAC participants have benefited from advance
warnings of worms and viruses. For
example, the ISAC provided us our first notification of the NIMDA worm in a
clear and timely manner that enabled us to successfully defend our networks.
In turn, BellSouth was the first company to notify the Telecom ISAC of
problems associated with the simple network management protocol (SNMP).
Eventually,
all of the Nation's critical infrastructures will have ISACs, and their level
of success will depend on several factors.
First, information must be shared voluntarily in a trusted forum.
PDD-63 and the National Plan (Version 1.0 for Information Systems
Protection) clearly state that critical infrastructure protection must be a
public/private partnership. Legislating
or regulating information sharing will not foster the type of cooperation that
is needed to address these critical issues.
Second, but of equal concern, is
the need to improve information sharing and communication within and amongst
governmental agencies. As
an owner and operator of a significant portion of the Nation's critical
infrastructure, BellSouth assumes a proactive stance regarding critical
infrastructure protection. For this
reason, we routinely monitor legislation addressing these issues.
Although the House recently passed H.R. 4598, the "Homeland Security
Information Sharing Act," BellSouth hopes it is refined further as it moves
through the legislative process. Specifically,
it is not enough to share classified or sensitive information with select
individuals as cited in the legislation. What
is important is that that information be "actionable" -- that is, recipients
of such information must have the flexibility to act on that information by
passing it on to other appropriate parties.
With respect to H.R. 5005, the "Homeland Security Act of 2002," we
support this legislation and believe that Section 201(5) will best be
implemented through a public-private sector partnership, rather than through an
expansion of regulatory authority and the imposition of new regulation.
We also support Section 204 which provides an important FOIA exemption
for information regarding infrastructure and other vulnerabilities that is
provided voluntarily. Finally, we
support the FOIA and antitrust protections embodied in H.R. 2435, the "Cyber
Security Information Act. " In closing, I would like to reaffirm BellSouth's commitment to protecting our Nation's critical infrastructures. Thank you for the opportunity to appear here today. And I look forward to answering any questions you may have.
|
|||||||||||
|
