NACCHIO URGES SENATE COMMITTEE TO FOCUS ON TELECOM SECURITY

Telecom networks could better withstand physical and cyberattacks if Congress and Administration instituted more stringent standards and encouraged more information sharing among networks, Qwest CEO Joseph Nacchio told Senate Governmental Affairs Committee at hearing Thurs. Nacchio, who also is vice chmn. of National Security Telecom Advisory Committee (NSTAC)composed of executives of telecom and information technology industries, recommended that NSTAC and National Security Council develop benchmarks and requirements for information security best practices in telecom industry. NSTAC provides advice to President on security and emergency preparedness.

Committee members and panelists cited NSTAC as model for efficient industry-govt. collaboration in protection of critical infrastructure. And while Nacchio said telecom industry had done well in protecting against physical attacks, industry and its customers could do better to defend against cyberattacks. “We're all connected in cyberspace and a weak link in one place can affect everyone,” he said. Nacchio said Qwest had implemented comprehensive security program that would be recommended for adoption by all NSTAC industry members. Committee held hearing to examine whether there was need for leadership role to oversee infrastructure protection and whether such position should have direct responsibility to President. Also testifying were representatives of govt. agencies such as GSA, FBI, Dept. of Commerce.

Nacchio told reporters before hearing that NSTAC would make recommendations in 3 areas: (1) Establishing standards for telecom companies “so there is no weak link in the chain.” (2) Adjusting laws that impede information sharing among telecom companies, for example antitrust laws and Freedom of Information Act. Finding fixes for computer viruses isn’t productive if networks can’t share them without giving the information to hackers, he said. (3) Instituting laws -- or adjusting current laws -- to prevent cyberterrorism. There must be “real penalties” for disrupting the Internet so hacking no longer would be seen as “interesting hobby,” he said. In addition, law enforcement agencies should have greater latitude to investigate and prosecute cyberattacks, he said. Interestingly, all of those issues involve both telecom companies and Internet because 2 technologies have melded, he told reporters.

Other witnesses said at hearing that newly created “homeland security” cabinet post could become involved with cybersecurity issues. Committee members expressed concern about who had overall responsibility for infrastructure protection. “Nobody’s quite sure who’s in charge,” Sen. Collins (R-Me.) said. “What specific responsibilities and resources are needed and at what level?” Sen. Cleland (D-Ga.) asked: “Do we have a lead dog?” Panelists answered that Richard Clarke of National Security Council was highest ranking official for infrastructure security. But Cleland said such appointed position wasn’t confirmed by Congress and thus wasn’t fully accountable. Sen. Thompson (R-Tenn.) said there wouldn’t be an effective solution to problems and confusions within infrastructure protection network until there was “leadership at the top and accountability when it doesn’t work.” An expected presidential Executive Order could clarify chain of critical infrastructure protection command, members and panelists said.

While many committee members commented on how Sept. 11 attacks had bolstered the need and resolve for improved cybersecurity, Sen. Bennett (R-Utah) said traditional attacks still were very effective for terrorists while cyberattacks were more realistic tool for hostile nation states. Bennett said “fed wire” financial information network would be optimal target for attack because shutting it down would “grind the economy to a halt.” Other panelists suggested cyberattack could accompany physical attack to slow response time and create confusion. “We want to think about the possibility of a combined attack,” said Frank Cilluffo, senior policy analyst, Center for Strategic and International Studies. He used as example potential attack on 911 telephone service during detonation. Bennett questioned whether cyberattacks could disrupt military’s ability to communicate after attack.

Sept. 11 attacks have raised level of awareness of cybersecurity, panelists said. It was clear from testimony that govt. sought more collaboration from private industry to aid threat assessment, but many in industry worried that Freedom of Information Act (FOIA) could allow release of proprietary information and that companies that collaborated for cybersecurity could face antitrust scrutiny. Bennett has introduced legislation, the Critical Infrastructure Information Security Act of 2001 (S-1456), that he said would resolve those concerns.

At press breakfast before hearing, Nacchio told reporters he would be talking with FCC officials on Qwest’s Sec. 271 plans while he was in Washington. As he told Goldman Sachs investors’ conference in N.Y. Wed. (CD Oct 4 p5), he said Qwest would move quickly to submit Sec. 271 applications in packages, “probably 6 or 7 in one clip.” Nacchio described Qwest as distancing itself from being described as Bell company. “We're not an RBOC, we're a company that bought a Bell,” he said. That’s why Qwest left USTA, he said, and why it diverged from other Bells on reciprocal compensation issues last year. Nonetheless, he said he supported lessening restrictions on broadband deployment by ILECs. Regulators and Congress “ought to bite the bullet” and accept fact that it wasn’t necessary to have “army of technicians micromanaging” competition, Nacchio said. “This idea -- that if you only can redistribute the pie you will have competition -- doesn’t work,” he said. Wireless competition is thriving without regulatory intervention because that’s way it’s supposed to happen, through natural market forces, he said.