“The Time To Strengthen Cybersecurity Is Now”

We have all received suspicious emails that appear to come from our friends or contacts.  They often include links that, when clicked, can unleash a virus that could destroy our computer’s hard drive or expose our private, personal information to thieves.

If your personal computer can be targeted, imagine what could happen if cyber criminals, terrorists groups, or hackers from countries that want to harm our nation’s economy, attacked our critical infrastructure like the power grid, a water treatment plant, financial systems, or our air traffic control. 

It wasn’t until after the devastating attacks of September 11, 2001, that we learned of many early warnings that went unheeded, including an FBI agent who warned that one day people would die because of the “wall” that kept law enforcement and intelligence agencies apart.  When a major cyber attack occurs, the ignored warnings will be even more glaring – because our nation’s vulnerability has already been demonstrated by the daily attempts to penetrate our systems.

The warnings of our vulnerability to a major cyber attack come from all directions and countless experts.  They are underscored by the intrusions that have already occurred.  Earlier this month, the Director of the FBI warned that the cyber threat will soon equal or surpass the threat from terrorism.  He argued that we should be addressing the cyber threat with the same intensity we have applied to the terrorist threat.  I agree.

The threat is not just to our national security, but also to our economic well-being.  Studies calculate the cost of global cybercrime at $114 billion annually.  When combined with the value of time victims lose due to cybercrime, this figure grows to $388 billion. 

The evidence of our cybersecurity vulnerability is overwhelming and compels us to act now.  For this reason, I have authored with the chairmen of three major Senate committees legislation that will strengthen our defenses against the nation’s increasing vulnerability to a major cyber attack.  The bill that I wrote with Homeland Security Committee Chairman Joe Lieberman, ID-Conn., Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Select Intelligence Committee Chairman Dianne Feinstein, D-Ca., would establish a public-private partnership to secure those systems which, if commandeered or destroyed by a cyber attack, could cause mass deaths, evacuations, disruptions to life-sustaining services, or catastrophic damage to our economy or national security.

Since 2005, our Homeland Security Committee has held 10 hearings on the cyber threat.  Other committees have held similar hearings.  There are some in Congress who are calling for yet more hearings and further studies.  In other words, more delay.  We cannot afford to delay any further.  Each day we fail to act, the threat to our national and economic security only increases.

Of course, we need to be cautious about imposing any new federal regulations.  I have opposed efforts to expand regulations that would burden our economy.  But regulations that are necessary for our national security and that promote, rather than hinder, our economic prosperity will strengthen our country.  With 85 percent of our nation’s critical infrastructure owned by the private sector, the government has a critical role in ensuring that the most vital parts of our infrastructure – those whose disruption could result in truly catastrophic consequences meet reasonable, risk-based performance standards. 

The risk-based performance requirements in our bill are carefully targeted.  They only apply to specific systems or assets – not entire companies – that, if damaged, could reasonably result in mass casualties; mass evacuations; catastrophic economic damage; or a severe degradation of our national security.  Moreover, the owners of critical infrastructure – not the government – would select and implement the cybersecurity measures the owners determine to be best suited to satisfy the risk-based cybersecurity performance requirements.

It’s important to note that there is nothing in our bill that touches on the intellectual property and free speech issues that inflamed public opinion over the proposed “Stop Online Piracy Act,” or the Protect IP Act. Our legislation would not regulate the design or architecture of the Internet, or allow any government official to shut it down.  Instead, it is focused only on protecting our most critical infrastructure systems and assets – those that keep the water flowing, the power on, and the trains running.

If we haven’t yet learned the lesson of foresight from 9-11, we owe it to the nation to do so now.  It will be inexcusable if a massive cyber attack succeeds because Congress failed to act.