February 24th, 2012
01:00 AM ET

Partisanship jeopardizes U.S. cyber defense

Editor’s Note: Katrina Timlin is a Research Assistant for the Technology and Public Policy Program at the Center for Strategic and International Studies.

By Katrina Timlin – Special to CNN

Few would argue against the need to improve U.S. cybersecurity, but the current partisan divide on how to accomplish this goal threatens to stall much-needed legislation in this area. On February 14th, Sen. Joseph Lieberman (I-CT) and Sen. Susan Collins (R-ME) introduced the Cybersecurity Act of 2012, a bill that aims to improve US cyber defense, clarify responsible government oversight authorities, raise issue awareness, and promote information sharing between the private sector and the government. Citing the rapidity  with which this bill was brought to the floor and its “prescriptive regulations,” seven GOP senators are seeking to delay this bill and will propose their own cybersecurity legislation on February 21st. The legislative progress on cyber defense is now stalled, and further delays could prove damaging to U.S. economic and national security.

The main impetus for cyber legislation is not some future “Cyber Pearl Harbor”, but the current proliferation of espionage and hacking that erodes U.S. economic and military competitiveness. In an opening statement before the Senate Homeland Security and Government Affairs Committee discussing this cyber legislation, Senator McCain cited a report that claimed attacks on government agencies have risen over 650 percent over the past five years. There is bipartisan consensus about the frequency, growth, and severity of cyber breaches.

Although private sector statistics of cyber incidents are difficult to obtain, it is safe to assume most multinational corporations are similarly threatened by cyber attacks. Even the most technologically advanced U.S. companies, such as Google and RSA, a network security company, have been hacked and lost valuable information.

These breaches show that no one is immune: the current cybersecurity infrastructure, based on voluntary security measures and marginal incentives, is woefully inadequate. The sum of exploitable vulnerabilities in U.S. critical infrastructure, financial, and defense contracting companies undermines U.S. national economic competitiveness. This is not a hypothetical or apoplectic assertion - weak cybersecurity has enabled U.S. adversaries to pilfer sensitive military technology and obtain information in advance of global summits, eroding America’s economic, political, and military strength.

Weak cybersecurity renders America less secure on a global strategic level. Around seventy countries are building cyber capabilities for their military or national defense infrastructure. Among the most capable countries are Russia and China, historical competitors with America. Although they are unlikely to launch a spontaneous cyber attack, it is understandable they are probing our vulnerabilities and testing the limits of cyber espionage. America’s competitors have clear incentives to seek economic and military advantage through these ‘illicit’ means, and America’s inability to properly defend its cyber infrastructure is only facilitating this nefarious behavior.

Greater economic and national security will not come from voluntary measures as the status quo idealistically hopes, nor should this be a reasonable expectation of narrowly self-interested firms. Companies are tasked by their shareholders to make a profit - not to assume the mantle of national security.

As James Lewis, Senior Fellow at the Center for Strategic and International Studies in Washington, D.C., remarked: “continuing to use voluntary, market-driven approaches to this new national security concern is irresponsible and guarantees a successful attack against our nation.” It is the role of the government to mandate better cybersecurity measures that help the public good, not to hope that companies will increase their IT expenditures own their own.

These cybersecurity regulations are contentious, as Republicans and some industry leaders have come out against what they view as onerous regulations that will stifle economic growth and innovation. Instead, they call for further-information sharing and risk-based assessments of critical infrastructure to counter the cyber threat. This would be an ineffective defense. Auto safety did not improve by sharing information about the effectiveness of airbags and seatbelts as opposed to mandating their use.

Certain regulations must simply be enacted to provide greater national security.  America needs a higher bar of mandatory industry best practices and improved information sharing that will be applied to a broad range of technology companies.  These regulations might impose higher costs, but as a result U.S. companies will be able to better safeguard their intellectual property and minimize the aggregate effect of a cyber-attack. Additionally, these costs pale in comparison to the cost of recovering from a major cyber attack - in 2008 it took the Pentagon 14 months to re-secure their networks after a severe breach.

Ultimately, it is the task of our legislators to weigh industry concerns against the greater public good and create a foundation for better cyber security. Let’s hope that this Congress is up to the task and does not postpone this important legislation.

The views expressed in this article are solely those of Katrina Timlin.

Post by:
Topics: Internet

soundoff (9 Responses)

    It seems, we are afraid to address clearly who the real treators are. Rather, we keep implemented Rules over Rules. We are almost being surrounded by Thousands of Rules, that non of US perfectly or partially to obey.
    Instead, why not eliminate or closing the One door that is very wide opened, for everyone?! Aha, wait a Minute; who is playing and make a mess on my backyard?? Well, ChiRussia are the serious treat of my diplomacy with the Middle-East. They are messing/gambling by my expenses on my table. So..., what should I do??

    Currently, Russia keeps going around Middle-East to convince and to get access in Arabian Politics.

    February 24, 2012 at 1:25 am | Reply
  2. j. von hettlingen

    The concern for cyber security has grown the last 10 years. It looks as if an armed conflict or an apocalyptic destruction of a country in the future will no longer require any actual, physical involvement.

    February 24, 2012 at 4:53 am | Reply
    • George Patton

      It is we Americans who initiated these current cyber wars by hacking into Russian and Chinese computer systems first and now we're going to spend billions upon billions to keep this war going! This needs to end and soon!!!

      February 24, 2012 at 10:17 am | Reply
  3. thelastindependent

    Congress and politics ruin anything they touch and putting the nation in a dangerous position? Tell me something that's new.

    February 24, 2012 at 9:15 am | Reply
  4. Bob M

    It seems to me the Industry itself should get itself together and form a Security Unit to research and provide protection to the industry. They should form a Cyber Research and Protection Company for the North American branch of the industry, fund it themselves and pool there resources to protect all who use their platforms. Leave the government out of it, other than to review the authenticity or licensing. Who better to protect themselves than Apple, Microsoft, Facebook, and all others?

    February 24, 2012 at 11:36 am | Reply

Post a comment


CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.