From: The Coalfire Blog
Rick Dakin
Every October, the National Cyber Security Alliance sponsors National Cyber Security Awareness Month, and a growing number of businesses and institutions are joining the chorus. The White House got in on the act, too, with this Presidential Proclamation.
To celebrate the month, Coalfire will be blogging on topics of interest to our customers and business partners, and we invite you to join the discussion. This first post is an update on cyber legislation.
In late July, the national cybersecurity bill sponsored by Senators Joseph Lieberman and Susan Collins was blocked in the Senate by a filibuster, with a vote of 56-42. This White House-backed bill would have regulated and protected privately owned critical infrastructures such as water systems, public utilities and chemical plants.
The U.S. Chamber of Commerce is vehemently opposed to this legislation and have stated they believe it’s too much government interference for the free market. Conversely, several major corporations supported the adoption of this legislation including Cisco, EMC, Microsoft, Symantec and the Silicon Valley Leadership Group. Senator Lieberman has publicly stated he plans to press this legislation forward — and we hope that he does.
Why does this matter? As leaders in the IT GRC industry, we believe there needs to be a national set of cybersecurity guidelines to protect America’s critical infrastructure from malignant threats. While this legislation may not be perfect, it’s important that we start somewhere, however, and we expect this heated debate to continue. The Senate has already received letters in support of this legislation from General Keith Alexander, the chief of the United States Cyber Command and the director of the National Security Agency as well as Martin E. Dempsey, the Chairman of the Joint Chiefs of Staff.
It is easy to see why these informed cyber warriors would be pressing for increased protection of our critical infrastructure. As I asked my friends in the US Cyber Command what they are protecting, the response was suprising. They responded with, “who said anything about defense?” Let there be no mistake, the art of war has shifted to cyber space. We do not yet have a cyber Pearl Harbor but the capabilities are being developed and some early indications are that cyber warfare is effective. We can just ask our friends in Iran how a piece of malware called Stuxnet derailed their plans to enrich uranium for use in nuclear warheads. The response by Iran and others was immediate. They each started their own offensive cyber warfare units. With both capability and intent, the United States should carefully consider the impact of targeted cyber attacks as part of a broader tool for foreign policy.
On September 18, Senators Coons and Blumenthal called upon President Obama to convene an inter-agency group to develop private sector voluntary digital safeguards to protect our critical infrastructure. At Coalfire, we support this measure and believe this would be a solid step forward until legislation is achieved.
We need to move beyond the shortsighted old line industry barriers and help our economy move forward into a new generation of Cloud-based services. The United States is well positioned to lead this migration into mobile applications for entertainment, business, and government. If we act quickly to secure our critical infrastructure, the Unites States will become the only “safe” place to host online commerce and government communications. We can either invest in the type of projects that led to the Interstate Highway System or let our early technology lead be squandered. If our electric grid is disrupted or our transportation systems becoming inoperable, our ability to host new mobile services is greatly diminished.
Can you imagine China hosting our Electronic Health Records or India becoming the home for mobile commerce services? If we act now, we will accelerate our lead in secure online services and protection of critical infrastructure that provides a wave of opportunity to the next generation of entrepreneurs and enables those entrepreneurs to innovate on an infrastructure that is truly reliable and for the first time truly protected form cyber attack. This is not just a Cybersecurity bill; it is a JOBS bill.
Leave a Reply