It’s Time to Reboot Cyber-Debate, Renew Security Push | Commentary
As members of the Senate Intelligence Committee, we are keenly aware — thanks to our nation’s law enforcement and intelligence communities — of the potential damage a cyberattack on our nation’s critical infrastructure could cause.
News of Chinese military officers hacking into American nuclear, steel and solar companies to steal trade secrets is just the latest symptom of our growing vulnerability and the most recent example of the consequences of inaction. Cybersecurity breaches also hit close to our homes in recent months, as public universities in Indiana and Maryland were attacked, potentially exposing data of thousands of students. AOL’s 120 million users and eBay’s 148 million active accounts were hit in April and May, respectively, demonstrating that even pioneers of the Internet era are not immune to harm.
Fortunately, the discussion about cybersecurity in corporate boardrooms and around kitchen tables alike is evolving. With the recent data breach of 70 million customers at Target, the nation’s second largest discount retailer, the American people recognize the importance of cybersecurity and, consequently, expect serious action by Congress.
Given this growing threat, Congress must renew its commitment to address the wide range of issues posed by the cyber-threat through targeted legislation.
This is a bipartisan issue that captures the interest and attention of the leadership of all the relevant committees. The ability of our enemies to threaten many different sectors of our economy, let alone their willingness to act, makes cybersecurity a true cross-cutting issue. If there is one issue a divided Congress can agree on in an election year, it is the need to improve the security of our networks by encouraging information sharing between and among the private sector and the government.
As members of the Appropriations Committee, we also believe we owe the American people a clear and comprehensive approach to funding cybersecurity across the U.S. government. Together, we hope to economize and optimize budgets and capabilities in the fiscal 2015 budget.
The national security reasons for action are clear. James B. Comey, the director of the FBI, agrees. He recently told our committee that “one of the critical parts of responding to cyber criminals is information sharing.” And according to the director of National Intelligence, the solution must include “a partnership between the government and the private sector.”
We agree, both on substance and urgency.
We agree with private industry, the executive branch and the American public that our nation is extremely vulnerable to cyber-threats now, and we must take collective action to secure our networks, both public and private. This can and must be done while respecting privacy and avoiding data misuse by government or businesses.
We agree that the threats we face at home require a dedicated and responsive partnership between government and business across all sectors — our enemies would be glad to take down an airplane or a computer network associated with a nuclear power plant, our water supply or financial markets. Literally anyone could be hit at any time.
We agree that an environment where private industry focuses on compliance over security, or regulation over innovation, will condition businesses to react to and recover from incidents rather than prevent cyberattacks in the first place.
Smart information-sharing is one step in prevention, or at least enabling rapid response to an attack.
After Sept. 11, 2001, we broke down barriers to information sharing between our intelligence and law enforcement professionals to give them the tools they need to “connect the dots” and keep us safe, in keeping with the Constitution. Today, we must break down similar barriers that exist in cybersecurity before a “cyber 9/11” strikes. Next year may be too late.
The number of cyberattacks against private companies and the federal government are increasing, both in sophistication and frequency.
Congress will pass legislation on cybersecurity. The question is whether it comes before a major attack, when prudence rules the day, or immediately after when we will likely overreact, overspend, over-regulate and over-legislate.
The time to act is now and the surest and quickest way to improve cybersecurity is to bring business and government together to better share information, reduce stovepipes and focus on the threat.
Sens. Barbara A. Mikulski, D-Md., and Dan Coats, R-Ind., are members of the Senate Intelligence Committee.