From: Politico
By: Joe Lieberman
It’s nearly impossible to miss the endless barrage of media reports about new cyberattacks. In fact, the media can’t miss them either — multiple outlets, including NBC and The New York Times were victims of recent cyberattacks. While these attacks were not aimed at our most critical infrastructure — water, power, communications and transportation systems — make no mistake, our adversaries are probing these systems at an alarming rate.
Last year, I joined a bipartisan group of senators and offered legislation that would better secure government systems and protect our nation’s most critical infrastructure against cyberattack. Though the Senate failed to pass legislation — the need for action has only increased. That is why I was pleased to see the president’s executive order on Improving Critical Infrastructure Cybersecurity, which adopted many of the concepts put forward in the bipartisan bill.
The executive order takes steps that will help protect the country’s critical infrastructure from cyberattacks in the near term and will help build a stronger public-private partnership in the future. But, as the White House has acknowledged, the executive order is only a first step. Congress must act to build on the initiatives established in the executive order and pass urgently needed legislation this year.
In a recent op-ed in POLITICO (“In Cyberwar, We’re Our Own Worst Enemy,” Feb. 25), former Homeland Security Secretary Tom Ridge and former White House chief cybersecurity adviser Howard Schmidt claim that the legislative debate has already picked up where it left off — mired in entrenchment and intransigence. I disagree. Whether the Chamber of Commerce likes it or not, the executive order has changed the conversation. The reality is that the private sector and the government now must work together to develop basic security standards. Rather than rehash old talking points about the threat of “cyber regulation,” Congress should debate how best to codify a framework that ensures close private-sector involvement and provides real incentives to encourage critical infrastructure companies to enhance cybersecurity.
A recent report by the security company Mandiant exposed China’s systematic and bureaucratized cyber espionage activities against the U.S. From a 12-story building on the outskirts of Shanghai, a detachment of the People’s Liberation Army is suspected of launching a large percentage of cyberattacks on U.S. infrastructure. That may be just the tip of the iceberg.
However, adversaries like Iran, who have less capability and wherewithal than China, are far more likely to use destructive cyber weapons against U.S. critical infrastructure. Look no further than last year’s attack against the Saudi Arabian oil giant Aramco that destroyed more than 30,000 computers. Though Saudi Arabian infrastructure was attacked, the message to the U.S. was clear — as each computer was gutted, a burning American flag illuminated the screen.
Just as our adversaries are dedicating considerable resources to cyberattack capabilities, we must harness the expertise of our government agencies and the private sector to protect our most precious resources. Because these critical systems and assets overwhelmingly reside in the private sector, strong public-private partnerships are essential. To this end, the Department of Homeland Security, which has developed a unique capability to help the private sector better protect its networks, is establishing an Integrated Task Force to ensure close coordination with critical infrastructure owners and operators as it implements the executive order.
The president has bought us some time, but not much. Congress should seize this opportunity to complement the steps he’s taken and act quickly to pass legislation that provides meaningful incentives to encourage the private sector to adopt basic cybersecurity practices. In addition, Congress must pass legislation that enables greater cyberthreat information sharing with adequate privacy protections, and gives the Department of Homeland Security the authority it needs to protect government systems and cultivate a first-rate cyber workforce for the future. Legislation should also enhance penalties for cyber crimes, including crimes against our critical infrastructure systems.
Just as cyber threats change rapidly, so too must politics and policymaking. The executive branch is working to develop best practices with the private sector. Rather than fall into baseless arguments about overregulation, Congress should have an open and honest debate about how it can build on and improve what the executive order has started and what other measures are still needed to protect the nation.
Former Sen. Joe Lieberman served as an independent from Connecticut and is the former chairman of the Senate Homeland Security and Governmental Affairs Committee.
Leave a Reply