In a recent briefing to Congress about worldwide threats, FBI Director Robert Mueller said that the danger of cyberattacks will equal or surpass the danger of terrorism “in the foreseeable future.” What makes that assessment particularly alarming is that the United States may be as unprepared to defend some of its critical computer systems as it was to protect New York and Washington against al-Qaida before Sept. 11, 2001.
Though the Pentagon has a cybercommand, it does not cover the domestic civilian economy, including vital infrastructure systems such as the electric power grid, water supplies and the financial system. Many of the computers controlling those utilities lack adequate security measures and could be devastated by viruses launched by hostile states or even hackers.
Cyberdefense could be a signature achievement of this election year, if a few more senators can set aside partisanship and special interest appeals.
The most important legislation is emerging in the Senate and is packed with provisions and updates to outdated legislation, but its most important sections would provide for information sharing by the government and private companies and mandate better security for critical infrastructure.
Both areas are contentious. Fresh from blocking legislation on Internet piracy, some net purists are denouncing provisions that would make it easier for companies to tell each other, and the government, about security breaches and ways to prevent them — and mandate reporting in the event of breaches of critical infrastructure. While there are legitimate civil liberty concerns, it is essential that companies are able to share information about stolen data and other cyberattacks without compromising individual privacy or exposing themselves to government sanctions.
Cooperation between the government and private companies is also badly needed to ensure protection of power and water plants, banking networks, and other infrastructure essential to modern society.
In the absence of government supervision, critical systems have remained unprotected. To accept the status quo would be an unacceptable risk to U.S. national security.
— The Washington Post