Pressure Mounts For Cybersecurity Bill As Negotiations Stall

A joint letter from some of Washington D.C.’s leading minds in the areas of defense and diplomacy is urging Congress to pass a cyber security bill in some form this year, saying that the U.S. is urgently in need of a new policy and ill-prepared for cyber attacks.

A joint letter from some of Washington D.C.’s leading minds in the areas of defense and diplomacy is urging Congress to pass a cyber security bill in some form this year, saying that the U.S. is urgently in need of a new policy and ill-prepared for cyber attacks.

The letter, dated June 6, was addressed to Senate Majority Leader Harry Reid and Senate Minority Leader Mitch McConnell. In it, senior military officers and diplomats from both the George W. Bush Administration and the Obama Administrations urge the Senate leaders to bring cyber security legislation to the floor of Congress “as soon as possible,” calling it “critically necessary to protect our national and economic security.”

“We have spoken a number of times in recent months on the cyber threat – that it is imminent and that it represents one of the most serious challenges to our national security since the onset of the nuclear age sixty years ago,” the letter reads. “And yet we still await conclusive legislative action.”

Comprehensive legislation to reform the Federal government’s cyber security laws was given top priority for the 2012 legislative session. It was seen as one of the few issues on both Republicans and Democrats could reach agreement, in spite of a rancorous election-year political environment. A letter to Minority Leader McConnell in November, 2011, described a “crisis” facing the government and called for an urgent effort to forge new legislation.

“Every day Congress fails to strengthen the cyber security of the nation’s critical infrastructure is another day of unacceptable risk for our country. Hackers, criminals, and antagonistic foreign powers are maliciously probing our cyber defenses every day on an unprecedented scale, and it is no secret they have found our defenses to be vulnerable,” said the letter, which was signed by Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (ID-Conn), Ranking Member Susan Collins (R-Maine) and Federal Financial Management Subcommittee Chairman Tom Carper (D-Del).”

However, hopes for an easy path through Congress proved overly optimistic. The House of Representatives produced a bipartisan bill, the Cyber Intelligence Sharing and Protection Act (CISPA) that was deeply unpopular and passed largely on partisan lines. The bill amends the National Security Act of 1947 to make it easier for the private sector to share information about the online activities of U.S. citizens with the government.

Introduced in February, CISPA passed the House of Representatives on April 26, 2012, but stalled in a Senate controlled by the Democrats. Privacy advocates, including the Center for Democracy and Technology and the American Civil Liberties Union and technology companies, including Mozilla, worry that the bill, as written, will wipe away privacy- and civil liberties protections that have taken decades to establish. CISPA was originally scheduled for a vote before Memorial Day, but opposition to it has postponed that until later in June.

The gridlock prompted the latest warning letter to Senators Reid and McConnell, signed by a Who’s Who of Washington D.C.’s military and diplomatic establishment. Former U.S. Secretary of Homeland Security Michael Chertoff was a signatory, as were former U.S. Director of National Intelligence Mike McConnell and Paul Wolfowitz and William Lynn, both of whom served as Deputy Secretary of Defense. Two retired U.S. Generals signed the letter as well: Mike Hayden and James Cartwright.

Despite White House opposition to CISPA, the letter expresses support for the version of CISPA passed by the House of Representatives and urges the Senate to “keep the ball moving forward” by bringing CISPA up for a vote. And, despite Republican objections, the signatories call for a strong government role in security critical infrastructure. “Where market forces and existing regulations have failed to drive appropriate security, we believe that our government mus do what it can to ensure the protection of our critical infrastructure,” the letter reads.

The signatories are among Washington D.C.’s leading minds in the areas of cyber defense and diplomacy. They are also no strangers to controversy. Hayden, a four-star General and former CIA Director, has criticized the U.S. government for being too secretive and too ready to classify intelligence about software security holes, preventing them from being fixed in an expedient manner. As Deputy Secretary of Defense, Lynn famously went public with details of a 2008 attack that compromised the U.S. Military’s classified data network
There have been countless reports of sophisticated attacks on U.S. government and military infrastructure, as well as the networks of civilian firms that do business with the government. In just the most recent, researchers in the last week identified a string of attacks, possibly linked to China, that targeted U.S. defense contractors and those with links to the government. Ironically (or not) a consulting firm owned by Michael Chertoff was among the organizations targeted by the sophisticated attacks.

Suggested articles

plugX malware loader TA416

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.

Discussion

  • Anonymous on

    These people are PAID to think negatively.  wake up! Privacy is much more important.  And unless you have reason to believe an individual is attacking USA assets, there should be no abilty to investigate them.  There already exists a very simple ability to trace IP adresses.  If an individual's comptuer becomes a bot for another, then that is sufficient reason to scan that IP adress for continuing issues untill those issues disapear.  Then it must be left alone and the users not investigated for anything other than the malicious packets expected to or from it.  Using profiles on all us citizens at once, is unacceptable.  The only information that should be able to be passed from one agency to another is those packets that are damaging to USA assets.  Search terms in google and anything of information gathering/ exploring the internet chatting with other people should never ever be investigated unless there is undeniable proof that they are involved in a crime.  Desire is not sufficient reason to investigate.  Starting to procure assets needed to commit a crime is. 

    Any time you have your systems open to attacks you invite them.  Any device that should be secure, must only have one way to enter.  And only allow entry if very strict protocol is met. 

  • Anonymous on

    The bill needs to be revised, at the very least it's too general and give way to much unchecked power. Do you really think that the NSA, CIA and FBI don't do "illegal" wire taps daily? In the name of national security I dont mind if they ever sidestep the red tape, but to give more branches this level of power lawfully is just too much! The goverment can't manage its finances or our (social security), healthcare, budgets, etc et. I recently read report that was talking about the Government Network being so big that although each Network Engineer might know there section the collection knowedgle of the bigger picture is lacking. So maybe we looking to solve problems effectly like this then to try an add a law CISPA which will not resolve the root of any of our problems. One of few steps in the right direction I have seen so far is that the Goverment is making it's security professionals and contractors all be Security+ certified but a certain date if I recall correctly. There has also been talks of building new more secure operating systems fromt he ground up. Well with the potential risk being comparing it to the cold war why not spend the money to better protect us just like we did physcially when preparing for war?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.