Defense Secretary Leon E. Panetta’s recent warning of a “cyber Pearl Harbor” has renewed attention to the Internet threats facing America. However, his call for Congress to act must include assurances that any legislation will be effective in keeping America safe while protecting the country’s fundamental rights.
Panetta warned of a possible onslaught of cyber crime on an unprecedented scale involving “an attack that would cause physical destruction and a loss of life, paralyze and shock the nation …”
According to Panetta, there is not a moment to waste in securing this country’s cyber borders. In his speech to a New York business group a couple of weeks ago, he talked about increasing cyber attacks and counterattacks between the United States and Iran.
Those include recent cyber attacks against some large U.S. financial institutions, among them JP Morgan Chase & Co. and Citigroup. These so-called distributed denial of service attacks disrupted service on customer websites. Those attacks generated mostly inconvenience, but they show how vulnerable our institutions are. Much more alarming was an attack two months ago using a sophisticated virus called Shamoon, which wreaked havoc on computers in the Saudi Arabian state oil company Aramco.
But concerns by privacy advocates over the lack of transparency and the loss of basic freedoms in this country are spot on, especially where security discussions involve sharing information between the government and the private sector. It is very difficult to walk the tightrope between the need to increase defenses against 21st century Internet security breaches while ensuring that freedom of information and privacy rights are maintained. But it must be done.
Proposed congressional legislation may be the worst of both worlds – failing to do enough to protect the nation’s critical information systems while eroding safeguards for personal information. Giving the government access to personal information about a company’s employees or customers without strict limits on how that information can be shared is asking for trouble.
What shouldn’t happen, as Panetta suggested as an alternative to the stalled legislation, is a presidential order to deal with cyber security. The issue needs a thorough airing and is too important for Congress not to act.
The government is taking steps to boost security by paying students to pursue graduate work in cyber security in return for a commitment to work for a federal agency. Local colleges – the University at Buffalo, Hilbert College and Canisius College among them – have wisely taken advantage of the federal grants and are providing such training. The students would become the “skilled cyber warriors” Panetta said are so desperately needed.
Panetta is correct that Congress must take action against these cyber threats, but that legislation has to walk that narrow line between security and our freedoms.