Twitter Facebook Google RSS
 
National Defense > Blog > Posts > Legislation to Counter Dangerous Cyber-Attacks Stalled
Legislation to Counter Dangerous Cyber-Attacks Stalled
By Yasmin Tadjdeh



Legislation to facilitate information sharing about cyber-attacks between the government and the private sector has stalled in Congress and one House leader is blaming the Senate.

"What we need to have happen is real-time sharing, so that you [the private sector] share with the government, 'Hey, I got hit with this malicious source code. It's really ugly,' in real time,” said Rep. Michael Rogers, R-Mich., chairman of the House Intelligence Committee.

The Senate doesn't quite understand the importance of cybersecurity and is holding up the passage of the Cyber Intelligence Sharing and Protection Act, he said at the U.S. Chamber of Commerce's Cybersecurity Summit on Sept. 25. Some form of the bill needs to pass in order to protect Americans and their assets, he added.

The government is not prepared to deal with major attacks. When one-sixth of the economy is facilitated through the Internet, and the country's security is not up to par, that’s a problem, Rogers said. 

CISPA was originally introduced in 2011 and was meant to provide information sharing between the private and public sectors. Critics said it would degrade civil liberties, while proponents said it would encourage industries to share details about dangerous cyber-attacks. The bill cleared the House of Representatives, but failed to pass the Senate in 2012. The bill has since stalled after being reintroduced this session.

One of the biggest issues currently holding CISPA back is widespread misinformation. Better education is needed to prove that the act would not infringe on civil liberties, as critics have claimed, said Rogers. Jokingly, he added that cybersecurity needs a campaign akin to Smokey the Bear, who could perhaps be called "Freddy the Firewall."

“It seems really simple, but we've made this as complicated — and I say 'we' as in the United States of America, our debate in Congress — as complicated as we possibly can,” he said.

The recent National Security Agency wiretapping scandal has only worsened the chances of passing CISPA, Rogers said. American citizens have reservations that the government is spying on them, and that is not true, he said.

The NSA does not care about the everyday workings of the average American, Rogers said. What the agency is looking for is indications of a potential terrorist attack, he said.

“Someone [is always] filling the canister of flamethrower fear about the ‘Government is watching you and only you.’ I got really bad news; this may hurt some people's feelings here today. The government really doesn't care about what you are talking about on your email. I know that's shocking. They really don't care about what you are posting on your Facebook,” said Rogers.

The scandal has taken away valuable time from congressional and government agency officials who now have to contend with constant questions about the nature of NSA snooping when there are much bigger issues to deal with, Rogers said.

"We're getting attacked by the Chinese, the Russians, the Iranians [and] now the North Koreans are thinking they would like to get in the game of cyber," said Rogers. "And we're spending all our time in this country talking about how bad the people who are trying to stop those people are. We better wake up and we better shake ourselves out of it, or we are going to be in real trouble."

While Congress fights over the details of the bill, threats are growing, said Kevin Mandia, CEO of Mandiant Corporation, a Washington, D.C.-based cybersecurity company.

Earlier this year, Mandiant released a report that blamed Unit 61398 of China’s People’s Liberation Army for numerous cyber-attacks. The unit, which is based in Shanghai, has stolen hundreds of terabytes of data from at least 141 organizations, according to the report.

Both the private and public sector face an asymmetrical landscape when it comes to stopping these types of attacks, Mandia said.

“One bad guy needs to break into one system, and one good guy needs to protect 400,000 machines. That's not fair,” said Mandia.

But the private sector doesn't have to wait for CISPA, or some version of it to pass, he said. Companies need to start voluntarily sharing information now, then if CISPA does pass, it will have the architecture already built.

Finding a solution to the network security problem is essential, said retired Adm. Thad Allen, former commandant of the Coast Guard. During a keynote speech at the summit, he quoted former Defense Department Secretary Leon Panetta's fears of a “cyber Pearl Harbor” event. Allen said he is not afraid of such an event because Pearl Harbor was a surprise, and in this case, there is no question that a major attack will happen eventually.

"In my view, I don't lay awake at night thinking about a cyber Pearl Harbor. I do worry about a cyber Desert One,” said Allen.

Desert One, or Operation Eagle Claw, was a 1980 mission to rescue 52 hostages during the Iranian hostage crisis. The event was a failure, with a number of servicemen dying in a helicopter crash. It resulted in humiliation for the then-Jimmy Carter administration and was the catalyst for a number of reforms in the Defense Department.

But Michael Leiter, former director at the National Counterterrorism Center, said a cyber Pearl Harbor is already here, it just doesn't look like people thought it would.

"We're having a Pearl Harbor today. It just happens to be a Pearl Harbor of slow-moving deadly gas rather than things blowing up,” said Leiter.

Photo Credit: Thinkstock

Comments

There are no comments yet for this post.
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *

Title

Attachments

Name: *


eMail *


Comment *


 

Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *

  

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 

 

Bookmark and Share