Prepared
Witness Testimony The Committee on Energy and Commerce W.J. "Billy" Tauzin, Chairman Computer Viruses: The Disease, the Detection, and the Prescription for Protection Mr. Robert W. Holleyman II
Good morning. Chairman Upton, Congressman Markey, Members of the
Subcommittee, thank you for the opportunity to provide testimony on this
important and timely subject: computer viruses. My name is Robert Holleyman and
I am President and CEO of the Business Software Alliance (BSA). BSA represents the world's leading developers of software, hardware and
Internet technologies. We are headquartered in Washington, D.C. We also have
offices in Europe and Asia and are active in more than 65 countries.
* * * Today I'd like to focus my remarks on laying out a prescription for
prevention of cyber attacks and the three critical areas where technology
companies and governments need to make progress in order to make our information
networks safer:
But before I talk about some of these crucial steps that the high-tech
industry and governments around the world need to take to mitigate our risks,
let me begin by giving you a prognosis for the disease. As the National Strategy to Secure Cyber Space has clearly articulated, the
threats are real, and the solutions are not simple. At the Business Software Alliance, we have focused much of the last several
years on working with businesses and governments to assist them in preparing
against potential cyber attacks, and to institute - through both industry-led
best practices and legislative reforms - sound policies to help eliminate some
of this confusion and maximize our collective cyber preparedness. Our efforts have encompassed a wide array of topics - from encouraging
industry leadership in best information security practices, to opposing
technology-specific government standards that would stymie the dynamic evolution
of security and anti-virus tools. Indeed, the software industry has redoubled its own efforts to build better,
more reliable, and more secure products. I can tell you with complete certainty
that security is the top priority for each and every CEO in our industry.
Clearly, our industry has a critical responsibility to make the most secure
products possible, and we are stepping up to the plate. At the same time, there are three areas where we, as a nation, must
collectively turn our focus. *****
INFORMATION SECURITY MANAGEMENT
First, it is imperative that cyber security become a senior management priority
for every company. We need to fundamentally recognize that information security
is not solely a technical issue, but a corporate management challenge that must
be treated as such to make progress. That's why the BSA has created a CEO Task
Force on this issue, which is working to elevate cyber security to the level of
senior management. We must remember, after all, that the private sector owns
nearly 90 percent of the nation's information networks. We are doing more than just preaching this message, however. The BSA task
force recently released a preliminary Framework for Action that outlines
specific roles for business unit heads, senior managers, CIOs, and the CEOs
themselves. This whitepaper distilled the lessons contained in other policy
reports, legislation, and guidelines and found broad consensus on what needs to
be done. The more we do together to promote awareness of information security among
corporate executives and accelerate adoption of effective security strategies,
the more secure our nation will be.
********
EFFECTIVE LAW ENFORCEMENT ACTIONS
The second area that needs immediate attention is law enforcement in cyber
space. Determined, innovative hackers, virus writers and cyber criminals are
constantly working to develop new ways to break into systems - just as criminals
in the real world are continually inventing new types of fraud and finding new
ways to break into cars or homes. But many cyber crimes are not yet perceived as
real crimes. As a result, there is insufficient deterrence for these cyber
criminals and potential cyber terrorists. Let me highlight three areas for further progress: * * * * *
That brings me to my third and final point: INTERNATIONAL COOPERATION.
Our cooperative efforts need to extend far beyond law enforcement. Indeed,
strong relationships are necessary with Europe and the still small number of
countries around the globe that are taking a lead on these issues. I was in Brussels in June for a major forum that BSA co-organized with
leading members of the European Parliament to discuss cyber security, and,
specifically, the European Commission's proposed Network and Information
Security Agency. It is crucial that the technology industry - and the U.S.
government - work closely with the EU to ensure that the structure of this new
agency - and any others that are ultimately created around the world - is
flexible enough to provide rapid responses to ever-changing security threats. It
also needs to be technology-neutral - relying on performance guidelines and best
practices rather than technology-limiting standards. The U.S. has a unique opportunity to build new global partnerships and set
baseline standards that reinforce the importance of technology neutrality and
private sector leadership.
* * * * *
In closing, let me affirm BSA's belief that successful, constructive partnership
by both government and industry is necessary to effectively meet the global
information security challenge. While today's hearing is about making progress in defending against computer
viruses and worms, it is really about how we can build faith in our information
networks to make them more valuable and effective. To do this, we need a shared
commitment to reducing risks and increasing cooperation between businesses,
network operators, law enforcement agencies and governments as a whole. The BSA
stands committed to playing our part in helping ensure that the nation has a
prescription, not just for immunizing ourselves against viruses and worms, but
for enabling a safe and healthy digital world that fosters innovation, unleashes
human potential, and spurs economic growth. Thank you and I look forward to your questions. The
Committee on Energy and Commerce |
NEWSLETTER
|
Join the GlobalSecurity.org mailing list |
|
|