We have been fortunate that up until this point, cyberattacks in our country have not caused a cataclysmic event that has brought physical harm to Americans. But that is not for a lack of effort on the part of those who mean to destroy our way of life — every day nations and “hacktivist” groups penetrate our public and private computer networks.
Beyond crimes that charge our credit cards and siphon our bank accounts, American citizens, corporations and government agencies are targets for espionage and worse. In some cases, this activity borders on what could be considered acts of cyber warfare. Our critical infrastructure — the things we depend on every day such as our Internet and phone networks, power grids, water supply, even our banking and air traffic control systems — are considered high-value targets.
Imagine if agents of a foreign government broke into the Pentagon and stole top-secret documents. It simply would not be tolerated. That is what happens every day in the virtual world. In fact, an October 2011 report to Congress on foreign economic collection and industrial espionage states it is part of China and Russia’s national policy to try to identify and take sensitive technology, which they need for their own development.
The degradation of our national security and intellectual property from cyber theft threatens to weaken us where we have been historically strong: in our ingenuity and creativity. Gen. Keith Alexander, director of the National Security Agency (NSA), said $1 trillion in intellectual property has been stolen by Russia and China, the biggest transfer of wealth in history. This cannot continue.
There’s another nefarious element of cyberattack that must be addressed: the bullying of those who disagree with cyber thugs. Taking down websites, breaking into email systems and interrupting business operations are the tools of cyber crooks who wish to silence or embarrass those with whom they disagree politically or philosophically. This type of intimidation not only threatens the First Amendment rights of all Americans, it seeks to scare police departments from conducting investigations, to embarrass democratically elected officials so they will refrain from advancing their causes and to tamp down on organizations that have a certain political point of view.
As co-chairman of the Center for Strategic and International Studies’s (CSIS) Commission on Cybersecurity for the 44th President, I helped draft recommendations for securing the country’s government networks and critical infrastructure. This week, the U.S. House of Representatives will take a historic step toward addressing the cyber threat as we vote on legislation that incorporates key recommendations from that report.
My bill before Congress, the Cybersecurity Enhancement Act, improves coordination within the government by giving the National Institute of Standards and Technology the authority to set security standards for federal computer systems and develop checklists for agencies to follow. It improves coordination outside government by creating a federal-university-private-sector task force to coordinate research and development. It establishes cybersecurity research and development grant programs and improves the quality of our cyber workforce by creating a scholarship program. It creates an education and awareness program for computer hygiene, which the NSA says would remedy the majority of vulnerabilities we face. Finally, it sets forth procurement standards for hardware and software that will minimize security risks. This will have a ripple effect in the private sector.
These, and other commonsense reforms such as intelligence-sharing, are a baseline of what we need to do to start to secure our infrastructure. We must take action before our economy and defenses have been weakened to the point of damaging our country irreparably.
One of the biggest heartbreaks after 9/11 was the knowledge that the attacks could have possibly been prevented with better intelligence, information-sharing and proactive measures. While we can’t change the past, we can use it as a lesson as we go forward in our modern, cyber world — a world in which our water supply, defense systems, nuclear power plants, electrical grid, banking system, Federal Aviation Administration and other critical infrastructure are vulnerable to cyber thieves and terrorists. We know what needs to be done. The time to act is now.
McCaul is chairman of the Homeland Security Oversight and Investigations subcommittee and co-chairs the House Cybersecurity Caucus.