New Cyber-Legislation Gains Traction in House and Senate
Federal law enforcement officials believe that cyber-security is more of a threat to the U.S. than traditional terrorism. In order to combat this new threat, the House and Senate are each considering new bills that would tighten the nation’s cyber-security infrastructure. These bills are being debated just as Anonymous has started a new campaign targeting the FBI.
As federal officials and the White House increasingly call on Congress to pass the comprehensive cyber-security bill to protect critical infrastructure, the House moves forward with its version. Federal law enforcement officials expect cyber-espionage, hacktivists and cyber-attacks to soon surpass traditional terrorism as the No. 1 threat facing the United States, according to Congressional testimony.
“Stopping terrorists is the No. 1 priority,” Robert Mueller, director of the Federal Bureau of Investigation told the Senate Select Committee on Intelligence Feb. 1. “But down the road, the cyber-threat will be the No. 1 threat to the country. I do not think it is necessarily [the] No. 1 threat, but it will be tomorrow.”
The U.S. Director of National Intelligence James Clapper urged the U.S. House of Representatives and the Senate to pass legislation to increase cyber-security in both the public and private sectors during a hearing of the House Select Intelligence Committee on worldwide threats on Feb. 2. Clapper discussed intrusions on public systems that control major defense weapon systems, electrical grids and banking infrastructure. The U.S. economy is losing upwards of $300 billion per year because of rampant cyber-espionage.
Perhaps we all have the right to be nervous. The hacktivist collective Anonymous released audio transcripts on YouTube of a 16-minute call between the FBI and Scotland Yard where law enforcement officials discussed several Anonymous- and LulzSec-related cases on Feb. 3. The FBI and British police have confirmed that the transcripts are legitimate and said they are investigating.
Anonymous had access to one of the call participants’ email accounts and had intercepted an email containing the dial-in information and passcode for the trans-Atlantic phone call. “The FBI might be curious how we’re able to continuously read their internal comms for some time now,” AnonymousIRC wrote on Twitter.
Congress is making some movements toward a comprehensive cyber-legislation. The House Homeland Security Subcommittee on Cyber-Security, Infrastructure Protection and Security Technologies marked up the cyber-security bill sponsored by Rep. Dan Lungren (R-Calif.) and unanimously approved it Feb. 1. Lungren’s Promoting and Enhancing Cyber-Security and Information Sharing Effectiveness Act (PRECISE) calls for creating a nonprofit National Information Sharing Organization that would collect cyber-security threat information and allow the industry to voluntarily share the data with the government. The NISO umbrella would make private firms and government agencies exempt from privacy laws that prevent data sharing, so long as they share the information only for cyber-security purposes.
The bill also identified the Department of Homeland Security as the lead federal agency for securing networks operated by civilian government and private sectors. The bill, as presented, does not give the government an “Internet kill switch” or authority to limit Internet traffic in case of an emergency.
ISPs and other operators need “clearer legal authority” to share signatures and other information about suspected attacks with each other and with the government. A private nonprofit organization would pose far fewer privacy risks than an information-sharing hub run by the government.
The Senate has plans to present its version of the cyber-security bill for markup by Feb. 17. The Senate bill is rumored to also put the Department of Homeland Security in charge, but the agency would also have the authority to create security rules for the private sector to follow, and punish companies that do not comply with the rules. The Department of Homeland Security would decide which companies it would be able to regulate but would select those with systems whose “disruption could result in the interruption of life-sustaining services, catastrophic economic damage or severe degradation of national security capabilities,” according to a summary of the bill.
It’s interesting to note that as much as 85 percent of the country’s critical infrastructure is controlled by the private sector. Looks like Big Brother will finally get its fingers in the pie!