by Constantine von Hoffman

Cybersecurity Bill Dies; Presidential Directive Lives; Press Overreacts

Nov 15, 20124 mins

A number of news publications launched "Pearl Harbor" levels of hyperbole this week after the U.S. Senate did exactly as expected and killed the latest cybersecurity bill. Meanwhile, Obama signed a piece of paper that's designed to protect America from Evil Hackers and other Bad Guys.

Fortunately for us all, the solons in Washington have decided to take time off from being outraged over: A) what Gen. Petreaus did with another consulting adult; and B) our ambassador to the U.N. reading the scripts she was handed.


Finding themselves with spare time on their hands, these people decided to take up legislation previously ignored out of fear it might upset someone in the electorate.

While legislating is part of their jobs, it is only occasionally in the public interest. This time it resulted in the news that:

“Senate Republicans today killed cybersecurity legislation backed by President Barack Obama, heading off Democratic calls for action this year on a law to guard against computer attacks.”

Thus confirming P.J. O’Rourke:

“The Democrats are the party that says government will make you smarter, taller, richer, and remove the crabgrass on your lawn. The Republicans are the party that says government doesn’t work and then they get elected and prove it.”

The fact that the Senate bill would die had not gone unnoticed by the media, which immediately began inundating readers with calm and carefully considered reporting on the topic, like “Political Gridlock Leaves U.S. Facing Cyber Pearl Harbor.” It begins with all the subtlety of a Roland “Day After Tomorrow” Emmerich movie:

“There’s almost universal agreement that the U.S. faces a catastrophic threat from cyber attacks by terrorists, hackers and spies.”

This sentence makes perfect sense as long as you don’t stop to think about it. The phrase “almost universal agreement” is of course rhetorically and factually absurd. This is the United States. We can’t even almost universally agree that it’s okay to teach science in schools.

Very few of the many, many people in the industry I have spoken to on this subject think we are at risk of a “catastrophic threat from cyber attacks.” They (and I) believe we have a serious problem that could do some damage to parts of our nation, and therefore, it needs to be addressed. So I guess we are the “almost.”

The phrase “almost universal agreement” is a beautiful piece of marketing/propaganda that applies the classic bandwagon technique to make readers assume there are no other viable opinions.

I also love the phrase “catastrophic threat from cyber attacks.” It is a piece of hyperbole that says nothing, but implies quite a lot.

Fortunately, the executive arm of our government took action to protect us all well before the legislative branch and the fourth estate could continue to do nothing. Just yesterday the Washington Post reported that Obama signed a secret directive to help thwart cyberattacks. (Shouldn’t it say “formerly secret”?)

Last month, the president signed Presidential Policy Directive 20, which:

“enables the military to act more aggressively to thwart cyber­attacks on the nation’s web of government and private computer networks. [The directive] establishes a broad and strict set of standards to guide the operations of federal agencies in confronting threats in cyberspace, according to several U.S. officials who have seen the classified document and are not authorized to speak on the record.” (Even though they were told it was okay to talk to the press.)

It is worth noting that despite what the Post says in the headline and opening of this article the directive doesn’t do anything to “thwart” cyberattacks. This fact is acknowledged, albeit belatedly, later in the article:

“For the first time, the directive explicitly makes a distinction between network defense and cyber-operations to guide officials charged with making often-rapid decisions when confronted with threats.”

In other words, it tries to define the difference between offensive and defensive operations and when they can be used. That will certainly thwart the malware that threatens to bring on our catastrophic cyber Pearl Harbor. (Well, it will probably thwart such an attack just as well as anything else the government has come up with so far.)