[Vision2020] A cyber risk to the U.S.

Mon Feb 13 08:27:23 PST 2012

Back to previous page
------------------------------
   A cyber risk to the U.S. By Editorial Board, Published: February 12

IN A RECENT briefing to Congress about worldwide
threats<http://www.informationweek.com/news/government/security/232600046>,
FBI Director Robert S. Mueller III said that the danger of cyberattacks
will equal or surpass the danger of terrorism “in the foreseeable future.”
What makes that assessment particularly alarming is that the United States
may be as unprepared to defend some of its critical computer systems as it
was to protect New York and Washington against al-Qaeda before Sept. 11,
2001.

Though the Pentagon has a
cybercommand<http://www.washingtonpost.com/world/national-security/cyber-defense-effort-is-mixed-study-finds/2012/01/11/gIQAAu0YtP_story.html>,
it does not cover the domestic civilian economy, including vital
infrastructure systems such as the electric power grid, water supplies and
the financial system. Many of the computers controlling those utilities lack
adequate security measures
<http://www.washingtonpost.com/politics/power-grid-updates-left-system-vulnerable-to-cyberattacks-auditors-say/2012/02/07/gIQAMxBVxQ_story.html>and
could be devastated by viruses launched by hostile states or even hackers.
As it is, U.S. companies, from defense contractors such as Lockheed Martin
to e-mail carriers such as Google, are under continual assault from China
and Russia, which seek to steal industrial or national security secrets and
probe for infrastructure weaknesses.

Congress and the Obama administration have at least recognized the problem:
Both have spent years studying it and have drawn up detailed proposals for
hardening U.S. cyberdefenses. Like so much in Washington, action has been
slowed by political gridlock; yet senior legislators in both parties have
committed themselves to passing legislation. In fact, cyberdefense could be
a signature achievement of this election year, if a few more senators can
set aside partisanship and special interest appeals.

The most important — or at least, the biggest — legislation is emerging in
the Senate under the sponsorship of Joseph I. Lieberman (I-Conn.), Susan
Collins (R-Maine), John D. Rockefeller IV (D-W.Va.) and Thomas R. Carper
(D-Del.). It is packed with provisions and updates to outdated legislation,
but its most important sections would provide for information sharing by
the government and private companies and mandate better security for
critical infrastructure. (A couple of overreaching provisions in earlier
legislation, such as authority for the president to shut down Internet
traffic in a crisis, have been dropped.)

Both areas are contentious. Fresh from blocking legislation on Internet
piracy, some net purists are denouncing provisions that would make it
easier for companies to tell each other, and the government, about security
breaches and ways to prevent them — and mandate reporting in the event of
breaches of critical infrastructure. While there are legitimate civil
liberty concerns, it is essential that companies are able to share
information about stolen data and other cyberattacks without compromising
individual privacy or exposing themselves to government sanctions.

Cooperation between the government and private companies is also badly
needed to ensure protection of power and water plants, banking networks,
and other infrastructure essential to modern society. The Senate
legislation rightly gives the Department of Homeland Security (DHS), rather
than the Pentagon, authority in this area and lays out an appropriately
narrow definition of computer systems to be supervised: those whose
interruption could cause “a mass casualty event”; “the interruption of
life-sustaining services;” “mass evacuations”; or “catastrophic economic
damage to the United States.”

Firms with such systems would be required to work with DHS on a security
plan and to submit, or submit to, an audit on its effectiveness; those that
fail to comply could be fined. The U.S. Chamber of Commerce and several
Republican senators have objected to such DHS authority, claiming it
amounts to unnecessary and costly regulation. But in the absence of
government supervision, critical systems have remained unprotected. To
accept the status quo would be an unacceptable risk to U.S. national
security.

The Washington Post Company

-- 
Art Deco (Wayne A. Fox)
art.deco.studios at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.fsr.com/pipermail/vision2020/attachments/20120213/a7dd3102/attachment-0001.html>