Top DOD intel official calls for cyber bill

Because effective cybersecurity requires public and private enterprises to work together, “I think we need legislation in this area,” said Michael Vickers, the Defense Department’s (DOD) top civilian military intelligence official.

“Cybersecurity is a job for everybody,” he said a Defense One event Wednesday.

ADVERTISEMENT

Industry groups and intelligence officials have been strongly advocating for a bill to allow the government and private sector to share cyber threat information.

Without this exchange of information, they argue, both sides are left weakened and vulnerable to the growing number of cyber threats.

“Adversaries can use [cyber attacks] as a tool of warfare, use this to gain economic advantage and erode our economic advantage over a long time without fighting a war,” said Vickers, DOD’s under secretary of defense for intelligence.  

“That’s why protecting the networks part is really critical for us, it’s critical for the private sector,” he added.

There is broad backing for cyber information sharing, although some advocates of the concept have taken issue with specific bills offered in Congress.

The most prominent measure currently is the Cybersecurity Information Sharing Act (CISA), which would enable the private sector to share cyber threat info with the National Security Agency (NSA).

Privacy advocates are worried CISA doesn’t have proper protections to keep the NSA from using this exchange to gather personal data on individuals.

Others, including the White House and privacy groups, believe NSA authority must be reined in before any CISA-like bill can pass. An NSA reform bill that would accomplish just that died in a Tuesday night Senate vote.

Lawmakers have been hung up on NSA reform since former government contractor Edward Snowden disclosed a number of U.S. surveillance programs that collected data on Americans.

Cybersecurity must remain a top priority, Vickers said.

“The threat of a terrorist attack on Americans and cyber are right up there as clear and present dangers,” he said.

And absent a major cyber attack, Vickers explained, private companies are left to deal with the “day-to-day economic espionage” on their own.

“A lot of damage can be done to the private sector without it reaching the point where the military would be called upon to defend,” he said.

“This is something we will have to come together as a country to solve,” he added.