The Cyber Security Debate

April 26, 2012

This afternoon, in the wake of yesterday’s veto threat from the White House, the House of Representatives is set to open debate on controversial cyber security legislation. Cyber security is a serious challenge and threat to America’s economy and national security, and a comprehensive approach is needed. A successful approach will balance the commercial needs of our businesses, the security of our people and institutions, and the privacy rights that the Constitution provides every citizen.

The threat from cyber is real and serious. In their multi-volume report on cyber security, Kristin M. Lord and Travis Sharp of the Center for a New American Security explain, “Cyber threats imperil America, now and for the foreseeable future. They endanger the enormous economic, social and military advances enabled by cyberspace, not only for the United States but also for the world. While a ‘cyber Armageddon’ does not appear imminent, cyber attacks are more than a nuisance and more than criminal activity. They constitute a serious challenge to U.S. national security and demand greater attention from American leaders.”

Top government officials have expressed their concern about the threat. Secretary of Defense Leon Panetta recently said, “I think the capabilities are available in cyber to virtually cripple this nation, to bring down the power grid system, to impact on our governmental systems, to impact on Wall Street on our financial systems, and literally to paralyze this country… So the one thing that I worry about the most right now is knowing that this is possible, and feeling we have not taken all necessary steps to protect this country from that possibility.” And John Brennan, President Obama’s senior adviser on counterterrorism and homeland security, similarly stated, “The consequences of a successful attack against our critical infrastructure would be enormous. A sophisticated cyberattack on our power grid could cause disruptions on par with the Northeast Blackout of 2003, which brought thousands of businesses to a halt and cost our nation more than $6 billion. The disruption of police, fire and other emergency services, as we’ve seen during destructive hurricanes, would endanger the lives of countless Americans. And the cyberthreat is growing; our intelligence community estimates that other nations and transnational organizations could soon acquire the capability to disrupt or damage vital elements of our critical infrastructure. FBI Director Robert Mueller warned last month that ‘in the not too distant future, we anticipate that the cyberthreat will pose the number-one threat to our country.’” [Kristin Lord and Travis Sharp, 6/11. Leon Panetta via Stars and Stripes, 3/1/12. John Brennan, 4/15/12]

The Obama administration has taken robust actions to combat the cyber threat, but more work remains. As Nina Hachigian of the Center for American Progress and Jacob Stokes of the National Security Network write, “Upon taking office the Obama administration initiated a comprehensive 60-day, ‘clean slate’ review to assess U.S. policies and structures for cybersecurity. That review stated, ‘Cybersecurity risks pose some of the most serious economic and national security challenges of the 21st century.’ The National Security Strategy, released in May 2010, noted, ‘Cybersecurity threats represent one of the most serious national security, public safety, and economic challenges we face as a nation.’ The Obama administration has put unprecedented effort and resources into building the infrastructure to protect against cyberthreats. In June 2009 then-Secretary of Defense Robert Gates directed U.S. Strategic Command to establish the U.S. Cyber Command. USCYBERCOM, as the office is known, opened in May 2010 and was running at ‘full operational capacity’ by October of that year. The Department of Defense also released its first cybersecurity strategy in July 2011.” [Nina Hachigian and Jacob Stokes, 3/12]

Experts agree a comprehensive approach must balance commerce, security and privacy.  Lord and Sharp write in the CNAS report, “An effective cyber security strategy requires American policymakers to balance competing interests and values in a way that defends the nation without subverting what it stands for. The United States should protect its national security interests in cyberspace by combating cyber crime and lowlevel security threats, countering violent extremism that metastasizes online and maintaining a strong defensive posture against potential adversaries. The United States also should uphold important values in cyberspace that are less directly related to its national security but are fundamental to its political identity, such as freedom of expression, the protection of innocent civilians, privacy and anonymity, freedom of assembly, and open access to information, ideas and opportunities.” [Kristin M. Lord and Travis Sharp, 6/11]

House proposal fails test of balance.  The LA Times writes in a recent editorial, “while the online security threats are serious, encouraging private industry to funnel information to the government poses its own set of problems.” The Times specifically cited the House bill taken up this week “that would allow companies and the government to share more cyber security tips and techniques. The noncontroversial part of the proposal would let federal intelligence agencies disclose sensitive information about cyber threats to utilities, ISPs and corporate network operators. The controversial part would encourage private industry to monitor any and all activity on their networks for cyber security problems and share even potentially sensitive personal information they collect with the feds.”  The bill “would waive wiretapping rules, privacy regulations and all other laws to let companies use vaguely defined ‘cyber security systems’ to obtain information about cyber threats and share it with anyone, including the Department of Homeland Security.”

As a result of this and other concerns, the White House issued a veto threat yesterday, saying it “strongly opposes” the bill “in its current form.” The bill sets standards for protecting privacy and ensuring industry action too low, as columnist Jon Healy sums up: “the administration wants the measure to require companies to minimize personally identifiable information before sharing it with the government and each other. It also warns that by giving a key role to the National Security Agency, ‘H.R. 3523 effectively treats domestic cybersecurity as an intelligence activity.’ A third complaint is that the bill ignores the administration’s main cyber security proposal: requiring operators of ‘critical infrastructure’ (such as power grids and electronic payment systems) to meet industry standards for securing their networks.” [LA Times, 4/23/12. Jon Healy, 4/25/12]

What We’re Reading

An international court convicted former Liberian President Charles Taylor of war crimes and crimes against humanity for supporting rebels in neighboring Sierra Leone.

China maintains that it is inclined to improve ties with major parties of Colombia and increasingly cooperate with the Colombian parliament.

UN Secretary-General Ban Ki-moon flew to India to meet with government officials and business leaders.

Russian media reports reveal that Ukraine is preparing to finalize one of its biggest defense deals for air-to-air missiles with India.

A military rocket attack killed more than 70 people in the Syrian city of Hama, compelling the Syrian opposition to request the U.N. Security Council to hold an emergency session.

China welcomed the president of South Sudan and agreed to provide bank loans and humanitarian aid, but did not move ahead with plan for an oil pipeline.

The White House granted the CIA and the Pentagon greater authority to carry out drone strikes in Yemen against terrorists it determines threaten  the United States.

South Africa condemned the UN Security Council powers of failing to address human rights abuses in the Western Sahara.

Attacks in restive central Nigeria killed five people in a village and another died in the city of Jos.

Costa Rica plans to begin negotiating free trade agreements with Colombia and South Korea this year.

Commentary of the Day

Rie Ishiguro maintains that the Bank of Japan has made significant progress towards ending deflation.

Richard Cohen suggests that the United States should help rally the Syrian opposition and demonstrate that America is allied with the protesters.

Jacob Stokes explains how the American election might affect U.S.-China relations.

Bookmark and Share