WASHINGTON–The United States government and private sector are unprepared for a major cyber attack on the country’s critical infrastructure, a former Congressman said, thanks to a divided, risk-averse Congress and an inability for agencies and other organizations to share information effectively.
Tom Davis, a former longtime representative from Virginia, said Tuesday that there are a number of challenges that the federal government and organizations that run the critical infrastructure must overcome in order to respond to a serious attack on a target such as the electrical grid, a power plant or the financial system. One of the major issues Davis said is the lack of movement in Congress on cybersecurity and the lack of leadership on the issue.
“Congress is pretty dysfunctional, Washington right now is dysfunctional. It’s risk-averse and nothing much is going on,” Davis said in a keynote speech at the Kaspersky Government Cybersecurity Forum here.
The lack of leadership has become particularly evident during the current election cycle, Davis said, as millions of dollars are spent on campaign ads and cybersecurity gets no attention as a key issue from the candidates.
“Congress fights over everything. Issues that are critical to national security aren’t getting the attention they need to close the gap,” he said. “Millions of dollars are going to these campaign ads and cybersecurity doesn’t get a footnote. If the political leaders won’t address it, who will?”
Davis said that a successful attack on the country’s critical infrastructure could have a cascading effect that would make the U.S. vulnerable to further attacks, whether electronic or kinetic.
“Our enemies would become empowered. It emboldens them to try things they might never have done if this doesn’t get fixed very, very quickly,” Davis said. “The consequences of such a cyber attack are so deep and devastating that having a good response is a pale substitute for preventing it in the first place. There’s no comfort factor that we have the technology, the procedures or the plans in place to prevent such a cyber attack.”
Another facet of the problem, Davis said, is that the information that government agencies and private sector organizations need to detect and analyze emerging threats is being stockpiled rather than shared. In Washington, much of that reticence comes from fear of litigation or other reprisals.
“We need Congress to address this issue if we’re going to have meaningful information sharing,” he said. “The end result is you have a lot of good people spending a lot of time on this but nothing happens. And if nothing happens, then that makes these scenarios much more likely. This shouldn’t be complicated in the scheme of things.”