Preventing a cyber Sept. 11

The Internet is a paradox. It is a manmade domain, yet we cannot fully predict how it will grow. It has spawned remarkable technological advances, while also creating new threats to the foundations of our society. These characteristics have presented considerable challenges for policymakers trying to protect our security while encouraging the Internet to grow. Unfortunately, our policies and laws have not kept pace with the circumstances that we face.

CIA Director Leon Panetta recently warned that the next Pearl Harbor could be a cyberattack. The consequences of our power grid failing, our financial system going down or sensitive information being compromised could devastate our economy and endanger our national security. Preventing disasters means moving swiftly to secure the critical pieces of our infrastructure as well as the confidential information of our government, military and citizens.

Cybersecurity proposals released recently by the White House represent significant progress; however, they are incomplete and Congress must strengthen them. 

Two important advances in the president’s plan are national data breach requirements that keep customers informed about hackers stealing and exploiting their private information, and increased penalties and definitions for cybercrime. These efforts go a long way in combating effects of the large-scale breaches making headlines every month.

In addition, the White House makes progress toward protecting critical power, water, telecommunications and financial infrastructure, which is mainly operated by private companies. I testified at a recent Energy and Commerce Committee hearing that I am fully convinced an attack on these systems presents the biggest national-security risk. Damage, such as adding dangerous chemicals to our water supply or shutting down our electric grid, could be carried out with only a few keystrokes thousands of miles away. The White House plan establishes a system for these entities to develop their own security standards, but ultimately we need to set strong requirements, just as we have robust safety rules for the airline industry to protect passengers.

Unfortunately, the White House omitted a key recommendation by the bipartisan Commission on Cybersecurity for the 44th Presidency, which I co-chaired. In our initial 2008 report, we called for the appointment of a single empowered director to lead our national strategy throughout government. The White House found a coordinator who has guided its efforts, but neglected to give him the budgetary oversight or interagency authorities needed to fully tackle this problem from a whole-of-government approach.

A White House director, confirmed by the Senate, would have the budgetary and policy authority to require government agencies to apply sufficient resources and appropriate tools to protect themselves. These investments in government IT would eliminate wasteful reporting, increase transparency and produce long-term savings while protecting our government networks and data. Furthermore, this director would work with entities in the private sector on which our way of life depends to better coordinate with government efforts and requirements.

As we attempt to address these issues, one persistent obstacle is the often-polarizing debate on the government’s role in the Internet. After the Egyptian leadership shut down its citizens’ Internet connections, Washington pundits pontificated that any effort to prepare for a cyber catastrophe represented a veiled attempt to authorize a “kill switch,” similar to methods used by Hosni Mubarak. To be clear, no proposal being offered attempts this, and the resiliency of America’s online connections, as well as constitutional protections, make shutting down the Internet effectively impossible. 

We need to overcome this concern by engaging the American people in a continuous dialogue about threats we face and steps taken to protect them. At the same time, we must take great care to preserve our privacy and civil liberties.

Many are frustrated with the pace of progress in cybersecurity, and they should be. Analysts and senior officials talk privately about a “cyber 9/11” scenario, reflecting a belief that our nation will be unable or unwilling to take meaningful action without the impetus of a tragic event.

But I see reason for hope. Many passionate and smart voices, inside and outside of government, are committed to seeing America remain strong and secure as the digital domain increasingly shapes our lives. We must take this opportunity to work in a bipartisan manner to bring our nation in line with the technological realities facing us online, before it’s too late.

Langevin (D-R.I.) co-founded the Congressional Cybersecurity Caucus and co-chaired the CSIS Commission on Cybersecurity for the 44th Presidency. He has introduced the Executive Cyberspace Coordination Act to carry out some of his recommendations.