This testimony explores the cybersecurity threat to the U.S. and discusses how to avoid cybersecurity measures that would infringe on privacy or innovation or unintentionally undermine security itself. CDT believes that private network operators, not the government, should monitor and secure private sector systems, while the Department of Defense secures military systems and the Department of Homeland Security secures civilian government systems. To the extent that DOD entities have information and expertise that would help private sector operators and DHS with their cybersecurity activities, mechanisms must be developed to permit DOD to share that information and expertise. Also discussed here are some incremental changes in the law that may enhance information sharing without eroding privacy. Finally, this testimony discusses the role that identity and authentication measures, if properly designed and deployed, can play in enhancing security while also protecting privacy.
The testimony was provided to the House Subcommittee on Emerging Threats and Capabilities.