This week, House Majority Leader Harry Reid hopes to finally bring the long awaited Cybersecurity Act of 2012 to the floor for debate. Senator Joe Lieberman and the four co-sponsors of the Cybersecurity Act introduced a revised version last week, which they indicate incorporates extensive negotiations with the bill’s opponents. The Hill’s Technology Blog reports that Senators Rockefeller and Feinstein are reaching out to key technology CEOs to help lend their support to the bill.
This is great, because if the bill doesn’t get voted on soon, it won’t happen this year. President Obama has weighed in as well. The President wrote a rare op-ed piece in the Wall Street Journal to boost support. He writes, “The American people deserve to know that companies running our critical infrastructure meet basic, commonsense cybersecurity standards, just as they already meet other security requirements.”
This is in response to the bill’s critics who have stated that they would be concerned about the costs to businesses that would be imposed by the new law. John McCain’s bill, in contrast, focuses on strengthening the government’s Cybersecurity, but stops short of mandating that businesses do the same.
All this should be read in light of the larger Cyber conflict that is currently going on. New York Times writer David Sanger wrote last month that an inside source had confirmed what many had suspected, that the Obama administration had ordered a cyber attack against Iranian enrichment facilities.
Maybe this was a good thing. There was no loss of life that we know of, compared to a conventional military strike against Iranian facilities. A Cyber retaliation from the Iranians or their allies would have also been limited to computer infrastructure.
But the new Cybersecurity bill needs to be read in light of the fact that the US government dropped the most sophisticated Cyberweapon on the world that we have ever seen. It’s been analyzed and perhaps reproduced by other countries. And unlike a physical war where proximity to a conflict means greater risk, businesses are on the front lines of a Cyber conflict. At a psychological level, most businesses don’t have the same outlook that a business in a war torn country might perceive their situation.
The reality of Cybersecurity in America is that it’s not just stolen identity that businesses need to worry about. in November of 2011, for the first time, Robert Bryant, U.S. National Counterintelligence Executive released a report naming China as the world’s leading source of economic espionage, with Russia coming in a close second. The reality is that by attacking an economy is the equivalent of holding a government hostage, as the Russians did against Georgian banks in 2008.
Cybersecurity laws need to play catch up to the current state of the world where a rogue nation like Iran or North Korea with nothing to lose economically could lanuch a terrorist like attack against small or medium sized businesses with very weak defenses and wreak havoc. Unfortunately, the news today indicates that the bill is being fought on mostly partisan lines despite months of compromise that went into the new bill. Senator McCain wants to delay the bill and Heritage Action, a conservative advocacy group related to the Heritage Foundation indicated it will track lawmakers votes on their key vote scorecard.
You should always expect to get a phishing message. Or at least that’s what we tell people. That is the solution to all our phishing