Five Questions With: James R. Langevin
With Kimberley Donoghue
Providence Business News - Published November 2, 2011
U.S. Rep. James R. Langevin has represented Rhode Island’s second congressional district since 2001. In his time in office, he has made cybersecurity one of his marquee issues. The Democrat helped co-found the House Cybersecurity Caucus, which he currently co-chairs.
PBN: Cybersecurity is an important issue to you. How did you become interested in the topic?
LANGEVIN: I first began to work closely on this issue in 2007 when selected to chair the Homeland Security Subcommittee with jurisdiction over cybersecurity policy. I have always had a passion for technology and examining the latest advances, so the subject fit me naturally. Our oversight soon discovered the lax approach taken by many public and private sector entities that provide vital services to the American people. I took over the subcommittee around the time of a test by U.S. Department of Energy scientists that found hackers could destroy major power generators because of vulnerabilities in the electric grid’s computer networks. We called the utilities' representatives to testify and they told us the threat was being addressed. It turns out they weren’t changing anything.
The dangers go beyond the electric grid to additional areas of critical infrastructure, like water and sewage treatment plants. We have found that other sectors also take a lax approach to cybersecurity. They may not want to bear the cost of upgrading their systems, but in certain cases, the potential widespread physical and economic damage of an attack means we must find a way to compel these updates.
Providing for our overall cybersecurity, however, cannot be only a government effort. We must educate individuals and businesses across the country to take safety precautions and guard their private information to prevent crimes like identity theft and intellectual property theft, which result in enormous costs to companies. As our understanding of the risks of weak cybersecurity has grown, I have become more determined to ensure we work to raise public awareness and close our vulnerabilities as much as possible.
PBN: This summer, you announced the Rhode Island Cyber Disruption Team. What is this team and how does it compare to other states’ cyber force? div>
LANGEVIN: Operating under the R.I. Emergency Management Agency, the team brings together state agencies, law enforcement, universities and businesses to prevent and respond to local cybersecurity events and defend the security of the state’s critical infrastructure. Importantly, the members understand that we cannot stop every threat and they are developing the capabilities to help key entities, ranging from utilities to government agencies, banks and hospitals, recover as quickly as possible after an incident occurs.
The partnership also goes beyond the disruption team to address long-term cybersecurity challenges, particularly by creating opportunities for those coming into or reentering the workforce to have a wide range of employment opportunities in the cyber career field. The field’s demand is outpacing our personnel, which is a serious concern, but also a chance to build a new industry that will have sustainable job growth in Rhode Island.
I am proud that our state is setting a national example and I have enjoyed the chance to play a role in the progress of this effort. Only a few other states have taken on similar projects and leaders of our team recently joined me at a cybersecurity workforce workshop I organized in Washington with the Departments of Defense and Homeland Security. The Rhode Island representatives provided attendees guidance on how to best use the resources offered by state and local authorities to institute the strongest possible protections for our networks nationwide.
PBN: You talk a lot about how the U.S. needs more skilled tech/cyber workers to defend against hackers, terrorists, etc., but how does the U.S. compare to other countries’ cyber defense force?
LANGEVIN: I have no doubt that enough American citizens can excel in cyberspace; however we have not kept pace with the rest of the world in harnessing our talent because we have not put a high enough priority on developing the necessary capabilities in our workforce. The National Journal recently noted a few key examples of other nations recognizing the importance of cybersecurity, reporting that China recently established a military unit to combat cyber attacks and “Beijing has thousands of cooperative ‘cybermilitia’ programs spread between the military, technology companies, and universities.” In addition, North and South Korea have created entities similar to our U.S. Cyber Command.
It is also not good enough for us to just keep up. As a global leader in research and development, as well as military prowess, we arguably have the most to lose from cyber threats and when you consider all of the different nations and other groups that want to benefit from mining our data or creating economic problems for the U.S., anything less than the very best cyber workforce is inadequate, particularly to protect our defense, government and critical infrastructure. div>
PBN: A lot of Rhode Island-based tech employers complain they can’t find people with the necessary skills to employ them. Atrion Networking, for example, just recently set up its own inhouse “apprenticeship” program in order to train its workers at a $12,000 to $15,000 investment each.
How could we improve this situation in the short term? What do local government/educators need to do in order to have a better-prepared work force in the next five years? div>
Become a fan of Jim
LANGEVIN: Cybersecurity provides a perfect example of the need to close the skills gap in Rhode Island and across the country. This industry, like others in high-tech, high-skill fields, has the potential for tremendous expansion and job growth, but it is severely lacking in top professionals and we have not prepared our workforce with the required skills. Experts have estimated that the U.S. has fewer than 1,000 people with the advanced security skills to effectively compete in cyberspace, but the reality is that we need 20,000-30,000. We must grow the right knowledge, skills and abilities for cybersecurity in our national work force through targeted education, stronger hiring practices and a better understanding of what training makes a quality cyber expert.
We can start to address the problem in cybersecurity and other areas immediately through better collaboration between our business, education and labor communities. Schools must understand the needs of industry to shape their curriculum most effectively. Earlier this year, I brought these sectors in Rhode Island together for a Pathways to Prosperity Summit, and we are currently fleshing out ideas from that event to improve training programs.
In the long term, the high school Cyber Foundations Competition provides a model for developing young talent in expanding fields. I helped launch the contest in Rhode Island with many great partners like Tech Collective, the state Department of Education, the Science and Technology Advisory Council, and the New England Institute of Technology. This effort among government and non-government organizations, which has also involved private businesses, should be replicated in other industries. In general, we need to encourage better integration of academics with career and technical education and workplace experience in areas of interest beginning in secondary school to provide a curriculum that is relevant to all of our students and exposes them to potential careers that excite them. I have introduced bipartisan federal legislation with some of my colleagues on the Career and Technical Education Caucus to support this approach.
PBN: Many worry that cybersecurity legislation using the term “critical infrastructure” – under the same meaning as defined in the Homeland Security Act of 2002 and includes telecommunications, energy, financial services, water and transportation – is too broad.
Why should the government be able to regulate these areas in the name of preventing cyber attacks?
LANGEVIN: Let’s be clear that Congress should not be telling a power plant how to configure its router; however, certain parts of our infrastructure require special attention and increased federal oversight. We know computer viruses exist that could devastate parts of key industries, mainly the electric grid, water and sewage plants, and the financial and telecommunications systems. Already, we have seen interest among the hacking community in the massive and often shocking vulnerabilities and lax mindset that plague our power, water, transportation and other utilities. It used to take a sophisticated hacker to pull off a distributed denial of service attack; now all you need is an internet connection, easily accessible tools and an angry mob. div>
« Return to News & Events
A major incident could leave a significant portion of the country without power for an extended period of time or with undrinkable water, as demonstrated by a security expert who figured out how to control the chemicals at a southern California water system. These types of problems would result in enormous costs, borne in large part by the taxpayer, to repair the damage.
The status quo of voluntary security upgrades has not worked. It’s time for a new take on the public-private partnership, with government issuing standards and guidance for the protection of critical utilities and infrastructure. I introduced a bill earlier this year that echoed the White House model for establishing frameworks for various critical infrastructures, while ensuring regulations are not overly prescriptive and are guided by best practices developed by the industries in question. If we cannot convince policymakers and the private sector that security must be a priority, then we will suffer the consequences.
« Return to News & Events