Homeland Security Watch

News and analysis of critical issues in homeland security

April 26, 2012

Shared cybersecurity sensibilities squandered in the scuffle

Filed under: Cybersecurity — by Philip J. Palin on April 26, 2012

One side compromised with the other, alleged deals were done, criticisms were leveled, a possible veto was signaled (threatened would be too strong in this case),  alleged deals unraveled, unprincipled behavior was alleged.  Further compromise was probably undermined. See Declan McCollough’s report  at CNET.

Yesterday was a typical afternoon on Capitol Hill.   A very similar summary might be written of your local City Hall, union hall, church board, or any place that decision making takes place.  Something like this has happened since we first gathered around pre-historic fire pits.

Unlike many of our challenges, differences of judgment on cybersecurity cross partisan and ideological divides.  This is a good thing suggesting the potential for actual thinking and creativity has not — yet — been extinguished.

There is also a widely shared judgment that something needs to be done.

Four Senators blogging at The Hill criticize the House legislation as insufficient, but also argue, “The system is already blinking red in warning. FBI Director Robert Mueller has predicted that, in the near future, cyberattacks will surpass terrorism as the country’s greatest threat, while Chertoff, who served in the George W. Bush administration, said cyber threats are “one of the most seriously disruptive challenges to our national security since the onset of the nuclear age.”

In a Statement of Administration Policy, unidentified authors at the Office of Management and Budget write:

The Administration is committed to increasing public-private sharing of information about cybersecurity threats as an essential part of comprehensive legislation to protect the Nation’s vital information systems and critical infrastructure. The sharing of information must be conducted in a manner that preserves Americans’ privacy, data confidentiality, and civil liberties and recognizes the civilian nature of cyberspace. Cybersecurity and privacy are not mutually exclusive. Moreover, information sharing, while an essential component of comprehensive legislation, is not alone enough to protect the Nation’s core critical infrastructure from cyber threats. Accordingly, the Administration strongly opposes H.R. 3523, the Cyber Intelligence Sharing and Protection Act, in its current form.

In an opinion piece Congressman Mac Thornberry writes, “We cannot let the quest for the perfect, overarching bill prevent us from achieving the good, a-step-in-the-right-direction bill. In cybersecurity, we cannot afford to wait any longer to get it done perfectly. We need to act now.”

For most of those engaged in this legislative process the question is not if, but how.   Would be remarkable if the contestants might recognize how much they agree.  I wonder what sort of legislation might emerge from such an epiphany?

The four pieces of cybersecurity legislation should be considered by the Committee of the Whole later today.  I will be offline, but will join you in watching and listening for what the process might say about cybersecurity and more.

LATE THURSDAY UPDATE: Late this afternoon the Cyber Intelligence Sharing and Protection Act (CISPA) was passed by the House on a bipartisan vote of 248-168.  Forty-two Democrats voted for the bill and 28 Republicans voted against it. Senate approval is unlikely.  The White House has raised the prospect of a veto.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

2 Comments »

Comment by William R. Cumming

April 26, 2012 @ 7:32 am

Bill’s Ten Commandments for cyber security!
First, allow no marketing of unsafe consumer products.
Second, allow litigation by consumers against software creators,implementers, distributors.
Third, revise the definition of “Sabotage” in Title 18 of the US Code to update for CIP and cyber security so that easier to prosecute cyber attacks of various kinds. The OMB role in computer security should be carefully reviewed.
Fourth, create a new standing JOINT COMMITTEE on the HILL to cover both CIP and Cyber Security.
Fifth, create an international treaty and convention on cyber issues and including cyber security.
Sixth, just as the STATE DEPARTMENT lists those nation-states that are considered “sponsors and supporters” of terrorism this should also be done for those controlling and censoring the INTERNET and violating certain standards.
Seventh, conduct of cyber warfare against an enemy should be reviewed by an International body that can determine if the collateral damages imposed are “crimes against humanity” justiceable in the ICC.
Eight, the AG should issue guidelines on internet collection of information for any individual not under formal criminal investigation in the USA.
Nine, persons who attack the INTERNET in various ways should be subject to civil fines and criminal charges.
Ten, a physical security, CIP security, and cyber security budget for each federal department and agency should be published annually with a report issued in classified and unclassified format on the operations and expenditures under that budget. Separate appropriations subcommittees on the HILL should be established to provide funding and oversight and federal agency and department should have a senior official designated as Principal Coordinator for that organization and inter and intra organizational liaison for those functions.

Comment by William R. Cumming

April 26, 2012 @ 7:34 am

Did I mention that the Antitrust laws should be strictly enforced against all software manufactures, foreign and domestic?

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>