A joint letter from some of Washington D.C.’s leading minds in the areas of defense and diplomacy is urging Congress to pass a cyber security bill in some form this year, saying that the U.S. is urgently in need of a new policy and ill-prepared for cyber attacks.
The letter, dated June 6, was addressed to Senate Majority Leader Harry Reid and Senate Minority Leader Mitch McConnell. In it, senior military officers and diplomats from both the George W. Bush Administration and the Obama Administrations urge the Senate leaders to bring cyber security legislation to the floor of Congress “as soon as possible,” calling it “critically necessary to protect our national and economic security.”
“We have spoken a number of times in recent months on the cyber threat – that it is imminent and that it represents one of the most serious challenges to our national security since the onset of the nuclear age sixty years ago,” the letter reads. “And yet we still await conclusive legislative action.”
Comprehensive legislation to reform the Federal government’s cyber security laws was given top priority for the 2012 legislative session. It was seen as one of the few issues on both Republicans and Democrats could reach agreement, in spite of a rancorous election-year political environment. A letter to Minority Leader McConnell in November, 2011, described a “crisis” facing the government and called for an urgent effort to forge new legislation.
“Every day Congress fails to strengthen the cyber security of the nation’s critical infrastructure is another day of unacceptable risk for our country. Hackers, criminals, and antagonistic foreign powers are maliciously probing our cyber defenses every day on an unprecedented scale, and it is no secret they have found our defenses to be vulnerable,” said the letter, which was signed by Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (ID-Conn), Ranking Member Susan Collins (R-Maine) and Federal Financial Management Subcommittee Chairman Tom Carper (D-Del).”
However, hopes for an easy path through Congress proved overly optimistic. The House of Representatives produced a bipartisan bill, the Cyber Intelligence Sharing and Protection Act (CISPA) that was deeply unpopular and passed largely on partisan lines. The bill amends the National Security Act of 1947 to make it easier for the private sector to share information about the online activities of U.S. citizens with the government.
Introduced in February, CISPA passed the House of Representatives on April 26, 2012, but stalled in a Senate controlled by the Democrats. Privacy advocates, including the Center for Democracy and Technology and the American Civil Liberties Union and technology companies, including Mozilla, worry that the bill, as written, will wipe away privacy- and civil liberties protections that have taken decades to establish. CISPA was originally scheduled for a vote before Memorial Day, but opposition to it has postponed that until later in June.
The gridlock prompted the latest warning letter to Senators Reid and McConnell, signed by a Who’s Who of Washington D.C.’s military and diplomatic establishment. Former U.S. Secretary of Homeland Security Michael Chertoff was a signatory, as were former U.S. Director of National Intelligence Mike McConnell and Paul Wolfowitz and William Lynn, both of whom served as Deputy Secretary of Defense. Two retired U.S. Generals signed the letter as well: Mike Hayden and James Cartwright.
Despite White House opposition to CISPA, the letter expresses support for the version of CISPA passed by the House of Representatives and urges the Senate to “keep the ball moving forward” by bringing CISPA up for a vote. And, despite Republican objections, the signatories call for a strong government role in security critical infrastructure. “Where market forces and existing regulations have failed to drive appropriate security, we believe that our government mus do what it can to ensure the protection of our critical infrastructure,” the letter reads.
The signatories are among Washington D.C.’s leading minds in the areas of cyber defense and diplomacy. They are also no strangers to controversy. Hayden, a four-star General and former CIA Director, has criticized the U.S. government for being too secretive and too ready to classify intelligence about software security holes, preventing them from being fixed in an expedient manner. As Deputy Secretary of Defense, Lynn famously went public with details of a 2008 attack that compromised the U.S. Military’s classified data network.
There have been countless reports of sophisticated attacks on U.S. government and military infrastructure, as well as the networks of civilian firms that do business with the government. In just the most recent, researchers in the last week identified a string of attacks, possibly linked to China, that targeted U.S. defense contractors and those with links to the government. Ironically (or not) a consulting firm owned by Michael Chertoff was among the organizations targeted by the sophisticated attacks.