The information revolution launched by the Internet has reached into every corner of our lives, from communication and entertainment to commerce and government. But this crown jewel of modernity also comes with deep and dangerous flaws that leave us vulnerable to a variety of threats that are overwhelming our capacity to defend.
Cybercriminals and cyberspies look at the World Wide Web and see digital connections that lead directly into everything from our personal bank accounts to government and industrial secrets.
The threats of cyberwar and cyberterror also loom large with potentially devastating consequences. For example, an adversary could take down our electrical grid or financial infrastructure from across the ocean with just a series of keystrokes.
These dangers are not theoretical.
Last year, Google and 30 other companies in the technology, finance, media and chemical sectors — most of them global Fortune 500 companies — were the targets of highly sophisticated attacks allegedly emanating from China in what appears to have been a massive attempt at industrial espionage.
In 2007 and 2009, Estonia and Georgia were subjected to devastating cyber-attacks that paralyzed government operations, financial institutions and other critical infrastructure.
In a report by McAfee, a computer security company, about 54 percent of the executives of critical infrastructure companies surveyed said their companies had been the victims of denial of service attacks as well as network infiltration from organized crime groups, terrorists and other nation-states. The downtime to recover from these attacks can cost $6 million to $8 million a day, the executives said.
To address these threats, we have introduced the bipartisan Protecting Cyberspace as a National Asset Act (S. 3480). Our bill would improve the security and resilience of federal government systems and transition Federal Information Security Management Act compliance from a paper-based exercise to real-time situational awareness of threats against government systems. The bill also would establish a public/private partnership to help set national cybersecurity priorities and improve our private-sector cyberdefenses, including the security of our nation’s most critical cybernetworks.
The legislation — approved by our committee by unanimous voice vote on June 24 — would create a Senate-confirmed White House adviser whose job will be to take a broad view of all federal cybersecurity policy, develop a national strategy to protect cyberspace, give policy advice to the president and resolve interagency disputes.
The bill also would establish a National Center for Cybersecurity and Communications within the Department of Homeland Security to oversee the security of the federal government’s civilian computer networks, as well as to identify vulnerabilities, and help secure key private networks — such as utilities and communications systems — that could cause extensive fatalities or cripple our economy if attacked or commandeered by a foreign power or cyberterrorists.
If the government knew an attack that could have catastrophic consequences for Americans or our economy was imminent or under way, this legislation would give the president the authority to implement emergency measures protecting a select group of the most important networks and assets needed to maintain our way of life, while still respecting the civil liberties of our citizens.
These emergency measures would have to be the “least disruptive means feasible” and would automatically expire within 30 days. The president could renew the 30-day emergency measures up to three times for a maximum of only 120 days, and after that Congress would have to approve any extension. The owners and operators of these critical systems and assets also could propose alternative security measures to defend their networks and implement them in lieu of directed emergency measures with the approval of the NCCC. The bill does not authorize any new surveillance authorities or permit the government to “take over” private networks.
Our legislation is an improvement over existing law and provides the president with targeted remedies, rather than resorting to the broad authority he currently has to shut down “wire communications” during a “state or threat of war.”
While the focus of the cybersecurity challenge is often on these large-scale attacks, Americans on an almost daily basis hear horror stories of personal information being either lost, stolen or at risk of being stolen because of cybervulnerabilities.
This too must stop.
Our bill would address these challenges as well. The NCCC will produce and share useful threat information with the private sector and collaborate with the private sector to develop best practices for cybersecurity. By developing and promoting best practices, the NCCC will help improve cybersecurity across the nation. By increasing the security and resiliency of our cybernetworks, our legislation will help reduce their frequently exploited vulnerabilities. In addition, our legislation takes key steps to recognize privacy protections while increasing security, including the creation of a full-time privacy officer to consult on cybersecurity matters within the Department of Homeland Security and developing specific guidelines to protect the privacy and civil liberties of people living in the United States.
The Internet age began quietly one autumn evening in 1969, when, on the second try, the word “login” was passed between computers at UCLA and Stanford. What started with two isolated computers has now exploded in a vibrant global community with an estimated 700 million hosts serving a plugged-in population of 1.8 billion users — and growing.
An asset this vital to our national and economic security must not be left undefended, which is why it is critical we move forward quickly with our comprehensive legislation to better protect our country’s networks.
Sen. Joe Lieberman (ID-Conn.) is chairman of the Homeland Security and Governmental Affairs Committee and Sen. Susan Collins (R-Maine) is the committee’s ranking member. Sen. Tom Carper (D-Del.) is chairman of the panel’s Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security.