With the invention of the Internet, humanity stepped into a bold new frontier called cyberspace.
At the beginning, few pioneers could have imagined the way in which the Internet would dramatically reshape and revolutionize daily activity. The seismic shift was so powerful that it altered commerce, medicine, media, entertainment, and civic connections.
The World Wide Web has produced wondrous changes. But as an evolving frontier, it also is becoming more vulnerable to exploitation and attack. Those vulnerabilities increase each day, as more and more activity finds its way onto cyber platforms.
These dangers pose serious threats. Hackers could attack critical civilian infrastructures, such as electrical grids, transportation systems, and communications, affecting whole communities. Our military assets are at risk, too. In fact, military officials now describe cyberspace as the fifth domain of war ¬¬– following land, sea, air, and space. They note that cyberspace is unique because it is the only battlefield to be invented by humans.
“We have invented this, and it cuts across those other four," retired Air Force Lt. Gen. Harry Raduege, who ran the Defense Information Systems Agency from 2000 to 2005, told National Journal magazine in November. "Cyberspace has no boundaries," Raduege said. "It’s just everywhere, and it permeates everything we do…. We continue to improve our capabilities, but so do the adversaries."
Earlier this year, both the Pentagon and the Department of Homeland Security acknowledged that America’s enemies could exploit our cybersecurity vulnerabilities.
In February, Dennis Blair, the Director of National Intelligence, gave this chilling account before the Senate Select Committee on Intelligence: “The national security of the United States, our economic prosperity and the daily functioning of our government are dependent on a dynamic public and private information infrastructure, which includes telecommunications, computer networks and systems and the information residing within. This critical infrastructure is severely threatened.” Cyberspace, he said, “is exponentially expanding our ability to create and share knowledge, but it is also enabling those who would steal, corrupt, harm or destroy the public and private assets vital to our national interests.”
How vulnerable are we? Consider these statistics from the Senate’s Sergeant-at-Arms Office, which found that Congress and other government agencies are under a cyber attack an average of 1.8 billion times a month, compared with an average of 8 million times a month in 2008. The Senate Security Operations Center alone receives 13.9 million of those attempts per day. “We operate in an escalating attack environment in which threats to our information infrastructure are increasing in both frequency and sophistication,” said Senate Sergeant-at-Arms Terrance Gainer in testimony before a Senate Appropriations subcommittee in March. “Our raw numbers bear this out, so we must remain on guard.”
In April, a survey found that nearly three-quarters of federal IT decision-makers who work in national defense and security agencies say the possibility is “high” for a cyber attack by a foreign nation in the next year. That survey also found that a third of those respondents said they have already experienced such a cyber attack within the past year.
The trend is growing more worrisome and alarming. Consider these other developments:
• China and Russia have allegedly attempted to map the United States’ electric grid, using software that could be activated later, perhaps to disrupt or destroy components.
• Hackers reportedly broke into the Pentagon’s Joint Strike Fighter project and stole information.
• Cyber thieves in 2008 secretly implanted circuitry into keypads sold to British supermarkets, which were then used to steal account information and PIN numbers.
• The country of Estonia was attacked in cyberspace in 2007. The assault involved a flood of data that nearly crippled the country’s information infrastructure.
Businesses and consumers face the same stark situation. In 2009, cybercriminals stole intellectual property worth nearly $1 trillion from businesses. In 2008 and 2009, cybercrime cost Americans more than $8 billion.
Given these threats and vulnerabilities, I am working on a bill designed to improve our cybersecurity and to place America’s critical digital assets on a path of increased vigilance and preparedness.
The legislation has several key goals. It would:
• Protect federal civilian information technology systems and critical infrastructure assets from cyber vulnerabilities.
• Establish a strong cybersecurity leader within the Department of Homeland Security who has the authority to coordinate policy and to mandate protective measures across all federal civilian agencies. This leader would be in charge of a National Cybersecurity Center – much like the National Counterterrorism Center – that brings together expertise from across the federal government.
• Promote information-sharing on cyber vulnerabilities and on protective measures, distributing data among federal, state, local, and tribal governments and private sector stakeholders.
• Create incentives for the private sector to implement cybersecurity best practices, with a special focus on helping small businesses.
• Provide specific authority – based on a risk-based, collaborative model – to identify and mitigate cyber vulnerabilities and imminent threats to critical infrastructure, where disruptions could result in catastrophic loss of life and property.
This legislation would set our nation on a course to be better equipped to anticipate, neutralize, and build additional safeguards against cyber attacks. It would help protect the ever-evolving frontier of cyberspace, which now encompasses so much of our modern-day life and whose presence will continue to grow in importance.
If we don’t build adequate protections for our federal networks and critical infrastructure, then the malicious hackers – civilian, military or terrorist – will exploit, attack, and destroy. As a nation, we must be prepared to aggressively and proactively meet this emerging global cyber