Senior Pentagon leaders are increasingly warning about cyber attacks as the Senate prepares to resume debate on controversial cybersecurity legislation as soon as next month.
Army Gen. Keith Alexander, head of Cyber Command and the National Security Agency, told business executives Wednesday night that industry shares in the responsibility of protecting the cyber domain. His comments follow Defense Secretary Leon Panetta’s recent warning about a cyber attack and lament that companies are not investing enough in cybersecurity, as well as the Senate leader’s pledge to resume debate on related legislation opposed by businesses.
“We’re the country that made all this technology…(and) it has had a significant positive impact on our country and the world,” Alexander said Wednesday night at a National Cyber Security Hall of Fame dinner in Baltimore, according to the Pentagon. “We’re the first to create it, (so) we ought to be the first to secure it.”
The government cannot protect the nation’s cyber investment alone, Alexander said. Cyber Command, the NSA, the Department of Homeland Security, and the Federal Bureau of Investigation, as a government team, he said, needs the help of U.S. allies, academia, and, unavoidably, industry.
Panetta delivered a dire warning about the threat of a crippling cyber attack on the United States during an Oct. 11 speech to the Business Executives for National Security in New York City (Defense Daily, Oct. 15).
The defense secretary said “foreign cyber actors” are currently probing–and in some cases have accessed–U.S. critical-infrastructure networks. His assertion that the nation is at risk because Congress has not passed legislation–intended to ensure critical-infrastructure providers better protect their networks–prompted Senate Majority Leader Harry Reid’s (D-Nev.) call for the renewed Senate debate.
“Secretary Panetta has made clear that inaction is not an option,” Reid said Oct. 13 in a statement. The Senate leader supports the Cybersecurity Act of 2012, a comprehensive bill that would create cyber-security standards for critical-infrastructure providers.
“I will bring cybersecurity legislation back to the Senate floor when Congress returns in November,” Reid said. “My colleagues who profess to understand the urgency of the threat will have one more chance to back their words with action, and work with us to pass this bill.”
The Senate’s Cybersecurity Act of 2012 is supported by the White House and sponsored by senators including Joseph Lieberman (I/D-Conn.) and Susan Collins (R-Maine). Prominent Senate Republicans and the U.S. Chamber of Commerce opposed the bill, arguing the voluntary critical-infrastructure standards would lead to unnecessary regulation and force costs on businesses.
Democratic lawmakers including Rep. Jim Moran (D-Va.) during the current congressional recess have criticized the Chamber of Commerce for its opposition to the legislation.
Sen. John McCain (R-Ariz.) is among the Republican supporters of an alternate cybersecurity bill, the Secure IT Act, which would create no new federal regulations and instead focuses on removing legal barriers to government and businesses sharing information about cyber attacks. It is similar to the Cyber Intelligence Sharing and Protection Act (CISPA), which the Republican-led House passed and the White House said President Barack Obama could veto.
Rep. Mike Rogers (R-Mich.), chairman of House Permanent Select Committee on Intelligence, has been touting CISPA during speeches during the congressional recess. He argued on Oct. 4 that a seemingly new threat to U.S. computer networks is so pressing it may prompt the House and Senate to agree to pass CISPA this year and return to broader legislation next year (Defense Daily, Oct. 5).
Panetta voiced support last week for the Lieberman-Collins bill, arguing: “We’ve got to work with the business community to develop baseline standards for our most critical private-sector infrastructure, our power plants, our water treatment facilities, our gas pipelines. This would help ensure that companies take proactive measures to secure themselves against sophisticated threats, but also take common-sense steps against basic threats. Although awareness is growing, the reality is that too few companies have invested in even basic cybersecurity.”
Obama’s administration also has drafted an executive order that would go around Congress and could create cyber-security standards for critical-infrastructure providers.
Reid said that he believes cybersecurity “is an issue that should be handled by Congress,” but considering Republicans’ opposition, he said “President Obama is right to examine all means at his disposal for confronting this urgent national-security threat.”