WASHINGTON – Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., and Ranking Member Susan Collins, R-Me., Tuesday heard government and private sector cyber security experts assess legislation the Senators introduced last week with their colleague Senator Tom Carper, D-Del., to secure the nation’s most critical cyber networks.
The “Protecting Cyberspace as a National Asset Act of 2010” (S. 3480), introduced June 10, 2010, would provide a comprehensive framework to modernize, strengthen, and coordinate our cyber defenses across civilian federal networks and the networks of the most vital privately-owned critical infrastructure – including our electric grid, financial systems, and telecommunications networks.
“We need to reorient our thinking about the risks inherent to our reliance on the Internet and cyberspace,” Lieberman said. “Today we face a much greater risk than individual crime. A sophisticated attacker could cripple our entire financial system, take down our electric grid, or cause physical devastation equal to major conventional warfare. The fact is cyber attack is among the most serious threats we face as a nation today. And we must defend against it just as we defend ourselves against conventional attack.”
Senator Collins said: “Cyberspace is under increasing assault on all fronts. The cyber threat is real, and the consequences of a major successful national cyber attack could be devastating. As former Director of National Intelligence Michael McConnell warned in February, ‘If we went to war today, in a cyber war, we would lose.’ We are already under fire,” she noted. “Just this past March, the Senate’s Sergeant at Arms reported that the computer systems of Congress and Executive Branch agencies are now under cyber attack an average of 1.8 billion times a month. Cyber crime already costs our national economy an estimated $8 billion per year. So it’s clear that we must move forward now with an aggressive and comprehensive approach to protect cyberspace as a national asset. The vital legislation that we introduced last week would do just that. It would fortify the government’s efforts to safeguard America’s cyber networks and it would promote a true public/private partnership to work on national cyber security priorities.
“If hackers can bring the nation of Estonia to its knees through cyber attacks, infiltrate a major defense program and hack into the computers owned and operated by some of the world’s most sophisticated private sector experts, we must assume that even more spectacular and potentially devastating attacks lie ahead,” Senator Collins said. “We simply cannot wait for a ‘cyber 9/11’ before our government takes this threat seriously and acts to protect these critical assets.”
Carper said: “For the past five years our country has witnessed several high-profile shots across the bow dealing with our lack of cyber security. For example, nation-states have stolen our most advanced weapon systems, criminals have siphoned billions of dollars from small businesses, and terrorists have used online fraud to fund the bombing of innocent civilians. Not only is this unacceptable, but America can’t afford to wait until another attack brings down Wall Street or our electric grid. I look forward to getting the needed reforms in our bill passed by Congress and on the President’s desk by the end of the year.”
The legislation would:
• Create a White House Office of Cyberspace Policy to lead all federal cyber security efforts. The office would be led by a Senate-confirmed director accountable to Congress and the public.
• Create a National Center for Cybersecurity and Communications (NCCC) within the Department of Homeland Security to defend the dot-gov networks and oversee the defenses of our most critical infrastructure.
• Set up a collaborative process between the government and the private sector to meet a baseline set of security requirements that DHS would enforce for the nation’s most critical infrastructure.
• Require the federal government to develop and implement a strategy to ensure that almost $80 billion of the information technology products and services it purchases each year are secure and don’t provide adversaries with a backdoor into our networks.
• Provide the President with clear authority to direct short-term emergency measures for a select group of critical infrastructure owners and operators in order to preserve their networks and protect the American people in the event of a catastrophic cyber attack that could seriously jeopardize public safety or have disastrous effects on our economy or national security.
• Reform the way federal cyber security personnel are recruited, hired, and trained to ensure that the government has the talent necessary to lead the national cyber security effort and protect its own networks.
“Our bill would bring together what is now a disjointed, understaffed, and under-resourced federal effort to secure cyberspace and create a coherent, coordinated framework that unites government and the private sector to defend a most important ‘strategic national asset,'” Lieberman said.
The DHS Inspector General, meanwhile, will issue a report tomorrow citing a lack of clear authority as one of the issues that needs to be resolved. The Lieberman-Collins-Carper bill more than addresses these shortcomings by establishing a NCCC with new authorities and responsibilities to direct federal efforts to secure the cyber networks of government and the private sector.
Witnesses at the hearing were DHS Deputy Under Secretary of the National Protection and Programs Directorate Philip R. Reitinger; Intelligence and National Security Alliance Chairwoman of the Board Frances Fragos Townsend; SANS Institute Director of Research Alan Paller; Exelon Corporation Wholesale Market Development Vice President Steven T. Naumann; and Verizon Chief Network Security Officer Sara C. Santarelli.