Column: Cyber inaction may be our Achilles' heel

Wednesday - 10/24/2012, 3:08am EDT

By Rep. Mac Thornberry (R-Texas)
Special to Federal News Radio

Rep. Mac Thornberry (R-Texas)

The nature of national security challenges is constantly changing. Over the centuries, our weapons have become more advanced, the strategies we use more complex and the battlefields on which we fight more varied. However, there has been no place where that evolution has been more rapid over the last decade than in cyberspace.

Recently, Defense Secretary Leon Panetta warned that the cyber threat we are facing is quickly escalating and that we are facing far more destructive scenarios than in the attacks of the past. The threats we face in the cyber world today have become far more aggressive, their attacks more frequent and their capabilities more sophisticated than they were just five years ago. Attacks have evolved from those that seek to steal information, like the ones we saw in 2007 and 2008 on Department of Defense networks, to those that seek to control and destroy physical systems, like the ones we have seen in the recent months in Saudi Arabia and Qatar.

These developments and Secretary Panetta's assessment both underscore our need to respond with the tools and authorities necessary to protect our country. The good news is that the U.S. government is already well-equipped to fight this battle on its own networks. The next step should be to leverage that capability to help protect the private sector and critical elements of our nation's infrastructure. In doing so, we have to avoid the temptation to create large, expansive structures and laws that are too prescriptive, which can never keep pace with such a rapidly changing environment.

The U.S. House of Representatives has already taken several positive steps — with bipartisan support — to accomplish this goal. Earlier this year, the House passed the Cyber Information Sharing and Protection Act (CISPA), along with three other critical pieces of cyber legislation. In total, these bills would improve information sharing by the federal government and the private sector, improve cyber security for federal civilian agencies, and authorize important cyber research and development.

While all four bills are critically important, CISPA would by and large make the most immediate and meaningful contribution to improving our country's cybersecurity if it were enacted into law. Every day, our defense and intelligence agencies are dealing with many of the same sophisticated cyber attacks that plague our private sector. The need to coordinate information and efforts becomes even more urgent as our adversaries show increased interest in using cyberattacks to delete important data or to damage or degrade critical industrial controls.

Some Americans, including myself, may have concerns when it comes to how much information private sector businesses could or would share with the U.S. government under the guidelines established by CISPA. The push and pull between security and our civil rights is a lively and important debate, and one that is certainly applicable in this situation. But, I would venture that there is less daylight between security and privacy advocates than conventional wisdom would lead you to believe, especially when it comes to the strong privacy protections in the House bill.

However, while these disagreements over privacy protections are important, they should not result in inaction. To date, the Senate has been unable to get a bill off the floor because of privacy concerns and other disagreements over the scope of different proposals. That being said, there could still be a chance after the election to get something meaningful passed. For example, some agreement should be reached on an information sharing structure this Congress. Taking this small step will lead to an immediate improvement in our nation's cybersecurity.

If we can get an information sharing bill to the President, however, Congress should not consider their work done. We still have larger issues to grapple with, such as the role of the Department of Homeland Security and whether some industries will require a regulatory nudge to improve their network standards. But if the Senate fails to act on CISPA or something similar, the day will quickly arrive when we ask why we did not do more to stop a successful attack on our nation's critical infrastructure or economy. Such an attack may not only be measured in damage to physical systems or economic loss, but also human lives.


Rep. Mac Thornberry (R-Texas) represents Texas's 13th Congressional District in the U.S. House of Representatives. He serves as vice chairman of the Armed Services Committee and as a senior member of the House Permanent Select Committee on Intelligence. He is also the chairman of the House GOP Cybersecurity Task Force.

This article is part of Federal News Radio's special report, Cybersecurity Rising.

MORE FROM THE SPECIAL REPORT, CYBERSECURITY RISING: