By Greg Slabodkin
For years, top Pentagon brass have testified before Congress about our nation’s vulnerabilities to cyberthreats and the need to better defend military networks and train cyberwarriors to protect this country from an “electronic Pearl Harbor.” However, for the first time, a U.S. secretary of defense has given a major speech specifically addressing the growing danger to America from cyberspace.
No country is more dependent on computer systems and, therefore, more vulnerable to cyber attack than the United States. Earlier this month, Defense Secretary Leon Panetta warned business executives about cyber threats from China, Iran, Russia and terrorist organizations that threaten our national and economic security. At risk, Panetta said, is our infrastructure, our economy and human life.
According to Panetta, foreign cyber “actors” are constantly probing America’s critical infrastructure, targeting access to the computer control systems that operate chemical, electricity and water plants, as well as transportation. If they were to be successful, he said, they could derail passenger trains or trains loaded with lethal chemicals, contaminate the water supply in major cities or shut down the power grid, and possibly disable or degrade vital military systems and communications.
To protect from these unprecedented threats, what is needed is a coordinated cybersecurity policy to safeguard U.S. networks, public and private, from attack. The Cybersecurity Act of 2012 would have established a collaborative public-private partnership that facilitated cyber-risk assessments of critical national infrastructure, required sharing of information between businesses and the federal government, and developed mandatory standards and best practices for companies to implement.
However, in August, this proposed legislation failed to secure the 60 votes required to bring the measure up for a vote in the Senate. Republican opponents argued that the act would have imposed burdensome and unnecessary government regulations on companies.
In order to circumvent a legislative process plagued by partisan bickering, President Obama needs to issue an executive order that would make national cybersecurity a concern of the private sector, not just the government.
While an executive order would not provide the same protection from liability for private companies as Congress could ensure with legislation, the president could issue cybersecurity standards and provide technical assistance to companies in an effort to strengthen their network defenses.
The cyberthreats to our nation’s networks are too dire to wait for cybersecurity legislation from a do-nothing Congress that continues to be hamstrung by political gridlock.
Greg Slabodkin of Kenmore writes about information security and defense issues.