Readers with long memories might recall that it was in May last year that the White House announced that the nation's critical infrastructure was "at risk" and called on Congress to move forward with plans to protect it. Launching the administration's own cybersecurity legislative proposals, President Obama almost pounded the table:
Just as we failed in the past to invest in our physical infrastructure -- our roads, our bridges and rails -- we've failed to invest in the security of our digital infrastructure... This status quo is no longer acceptable -- not when there's so much at stake.
Right. Fix it -- and fast. Well, let's see where we're at, some nine months later.
The Senate this week revealed a new bill aimed at achieving some of the White House's goals. Specifically, it tackles the thorny problem that the infrastructure on which we all rely is largely in private hands, and would require enterprises responsible for key elements of the infrastructure -- like power plants and oil pipelines -- to meet cybersecurity standards.
The cherry on the cake is that enterprises complying with the regulations would enjoy liability protection.
Even so, to say that lawmakers are tentative about regulating private enterprise would be an understatement. Although the bill enjoys bipartisan support, industry -- together with its predictable Congressional chorus of support -- is lobbying hard against it. Burdensome. Why throw out what's working? Let's have incentives rather than more rules. You could write the script.
Seven bold senators have already asked majority leader Harry Reid to slam on the brakes. Kay Bailey Hutchison of Texas, John McCain of Arizona, Charles Grassley of Iowa, Saxby Chambliss of Georgia, Lisa Murkowski of Alaska, Jeff Sessions of Alabama, and Mike Enzi of Wyoming have signed a letter calling for hearings upon hearings:
This is not the kind of legislation that can result in a carefully balanced solution unless the full process is afforded.
Understand: nobody is actually against cybersecurity. Everyone just wants to have a conversation. In other words, for "full process," read "not this year." (Reid had hoped to bring the bill to a vote next month.)
It was left to Senator Jay Rockefeller, the West Virginia Democrat, to sound a note of sanity:
We are on the brink of what could be a calamity. A widespread cyber attack could potentially be as devastating to this country as the terror attacks that tore apart this country 10 years ago.
Maybe not. After all, as security analyst Bruce Schneier has observed, the cybersecurity environment for the last several years has been one of makeshift, uncoordinated, and unattributable attacks, rather than organized terrorism, state-sponsored or otherwise.
But then again, maybe. If hackers can enter the security systems of our banks through so many revolving doors, there can be little doubt that they could damage the nation's infrastructure. The only question is: how seriously?
Rather than treat the situation with the gravity it deserves, a few senators -- with the approval of the US Chamber of Commerce and other lobbying groups -- seem happy to play their fiddles. As if that wasn't enough, well-intentioned -- but misguided -- analysts have stirred up concern that Harry Reid might use the new bill as a vehicle to inject SOPA-type provisions back into the legislative process.
The truth is, this bill, or something very much like it, is one we actually need.
— Kim Davis , Community Editor, Internet Evolution