Does a Cyber-9/11 Loom?
The longer Congress waits to gets its act together on cybersecurity, the longer the U.S. remains at risk of an attack by spies, terrorists, hackers or companies representing themselves or an entire rogue nation. Can Washington rise to the challenge without crushing civil liberties?
Wed, September 05, 2012
CIO — It should come as no surprise to anyone who follows the news in the U.S. that Congress hasn't moved on cybersecurity. Forces on both sides of the aisle watered down, and then eventually nixed, this summer's cybersecurity bill (also known as the Lieberman/Collins bill, sponsored by Senators Joe Lieberman, I-Conn. and Susan Collins, R-Maine). Sen. John McCain (R-Az.) and others proposed an alternative SECURE IT Act, which now languishes as Congress gears up for the November election.
For his part, President Barack Obama has been doing what he can to prepare the country for the possibility of an attack on our critical infrastructure. In July, he wrote an opinion piece in The Wall Street Journal calling for better exchange of information between government and industry in the event of a cyberattack.
It's also possible, in the likely event of Congressional inaction, that the President might issue an Executive Order calling for such information exchange. Such an order, however, comes with its own political risks, as some consider such a move to impinge on the purview of Congress. The end result of all this political maneuvering, therefore, may be little or no action by the U.S. government on cybersecurity, at least until sometime in 2013.
Parties United in Cybersecurity Bill Opposition
The obvious question is whether such legislation would simply be too little, too late. The unfortunate fact of the matter is that we are already in the midst of a cyberwar. Corporations as well as government agencies are under constant attack from a range of opponents, both economic and political. Furthermore, the 2010 Stuxnet attack on Iranian nuclear infrastructure and the more recent Gauss attack on the Lebanese banking system show that the U.S. (or parties aligned with U.S. interests, Israel in particular) are willing and able to take an offensive posture in this Cyberwar.
Analysis: Why Stuxnet is a Really Bad Weapon
The fact that the U.S. is willing to take such an offensive role raises the stakes for the defensive side of this battle. Not only do criminals continue to infiltrate our financial networks, as they have for years, but now we're courting retaliation from nations who might very well launch their own cyberattacks against us. Cyberwar is heating up—and instead of strengthening our defenses, Congress dawdles.
The appropriate course for Congress to take remains unclear, regardless of your political perspective. The right wing, in the form of the U.S. Chamber of Commerce, shot down the Lieberman/Collins bill, citing onerous regulation, an expansion of government and interference with the open market. But in a classic case of odd bedfellows, the left wing, in the person of Sen. Al Franken, D-Minn., also had issues with the cybersecurity bill, as it called for private industry and government to share potentially private information about US citizens, thus impinging on the civil rights of Americans.