There is no shortage of problems for President Obama and the new Congress to tackle as they settle into their offices in Washington, D.C., this week, and one of the topics that’s at the top of that list is cybersecurity. Earlier this week a group of Democratic senators introduced a new cybersecurity bill, and now Janet Napolitano, secretary of the Department of Homeland Security, is taking to the stump, saying that new legislation is required to prevent a “cyber 9/11.”
The potential for a major national-level incident caused by a cyber attack is something that politicians, security officials and others in Washington have been discussing for more than a decade, at least. Advisers to Bill Clinton discussed the idea in the 1990s, as did George W. Bush’s security team in the 2000s. The terms and syntax have changed somewhat over the years, but the message that a targeted cyber attack could have potentially disastrous effects in the real world has remained the same.
Richard Clarke, an adviser to both Clinton and Bush, often warned about the possibility of a digital Pearl Harbor, a phrase that has become something of a cliche in security circles. Now, Napolitano is picking up the baton, saying that better cybersecurity legislation is needed and that the United States’ critical infrastructure–utilities, air traffic control, financial systems–are vulnerable to major attacks.
“We shouldn’t wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage,” Napolitano said in a discussion on cybersecurity at the Wilson Center, according to Reuters.
One of the key touchstones in many of the discussions of this topic that have been taking place for years now is the need for better information sharing on threats and vulnerabilities. The government often looks for help from security experts in the private sector in responding to and analyzing new threats and attacks, and that’s often done on an informal basis. But the bill introduced in the Senate this week by Sen. John D. Rockefeller IV (D-WV), Chairman of the Senate Commerce, Science, and Transportation Committee, Sen. Tom Carper (D-DE), Chairman of the Senate Homeland Security and Governmental Affairs Committee, and Sen. Dianne Feinstein (D-CA), Chairman of the Senate Select Committee on Intelligence, is designed to formalize that information-sharing and research.
One of the goals in the bill is “developing a coherent public-private system to improve the capability of the United States to assess cyber risk and prevent, detect, and robustly respond to cyber attacks against United States critical infrastructure, such as the electric grid, the financial sector, and telecommunications networks.”
The measure also seeks to establish means for sharing threat data internationally. The goal is “enhancing United States diplomatic capacity and public-private international cooperation to respond to emerging cyber threats, including promoting security and freedom of access for communications and information networks around the world and battling global cyber crime through focused diplomacy.”
The various cybersecurity bills that have popped up in both the House and the Senate in the last couple of years often have included similar language, encouraging government agencies and private companies to put their collective heads together and share data and develop collaborative solutions. None of those bills has succeeded, but most of them have had other provisions that have drawn criticism. This latest bill is in the early stages and has a long road to travel before coming up for a vote.
Obama has spoken publicly about the need for better information sharing, as well, and reportedly may issue an executive order soon that would mandate such a system.
*Napolitano image via The National Guard‘s Flickr photostream, Creative Commons