This week, House Majority Leader Harry Reid hopes to finally bring the long awaited Cybersecurity Act of 2012 to the floor for debate. Senator Joe Lieberman and the four co-sponsors of the Cybersecurity Act introduced a revised version last week, which they indicate incorporates extensive negotiations with the bill’s opponents. The Hill’s Technology Blog reports that Senators Rockefeller and Feinstein are reaching out to key technology CEOs to help lend their support to the bill.
This is great, because if the bill doesn’t get voted on soon, it
won’t happen this year. President Obama has weighed in as well. The President wrote a rare op-ed piece in the Wall Street Journal
to boost support. He writes, “The American people deserve to know that
companies running our critical infrastructure meet basic, commonsense
cybersecurity standards, just as they already meet other security
This is in response to the bill’s critics who have stated that they
would be concerned about the costs to businesses that would be imposed
by the new law. John McCain’s bill, in contrast, focuses on
strengthening the government’s Cybersecurity, but stops short of
mandating that businesses do the same.
All this should be read in light of the larger Cyber conflict that is currently going on. New York Times writer David Sanger wrote last month
that an inside source had confirmed what many had suspected, that the
Obama administration had ordered a cyber attack against Iranian
Maybe this was a good thing. There was no loss of life that we know
of, compared to a conventional military strike against Iranian
facilities. A Cyber retaliation from the Iranians or their allies would
have also been limited to computer infrastructure.
But the new Cybersecurity bill needs to be read in light of the fact
that the US government dropped the most sophisticated Cyberweapon on the
world that we have ever seen. It’s been analyzed and perhaps
reproduced by other countries. And unlike a physical war where
proximity to a conflict means greater risk, businesses are on the front
lines of a Cyber conflict. At a psychological level, most businesses
don’t have the same outlook that a business in a war torn country might
perceive their situation.
The reality of Cybersecurity in America is that it’s not just stolen
identity that businesses need to worry about. in November of 2011, for
the first time, Robert Bryant, U.S. National Counterintelligence
Executive released a report naming China as the world’s leading source of economic espionage,
with Russia coming in a close second. The reality is that by attacking
an economy is the equivalent of holding a government hostage, as the Russians did against Georgian banks in 2008.
Cybersecurity laws need to play catch up to the current state of the
world where a rogue nation like Iran or North Korea with nothing to lose
economically could lanuch a terrorist like attack against small or
medium sized businesses with very weak defenses and wreak havoc.
Unfortunately, the news today indicates that the bill is being fought on
mostly partisan lines despite months of compromise that went into the
new bill. Senator McCain wants to delay the bill and Heritage
Action, a conservative advocacy group related to the Heritage
Foundation indicated it will track lawmakers votes on their key vote