Failed Cyber Security Legislation

By Steven R. Russo                                                                                                                             8/02/2012

Executive Vice President of

Secure Cloud Systems


A cyber security bill that was intended to have set security standards for the nation’s critical computer network governing infrastructure was blocked by a Republican filibuster in the Senate this week. Around the Silicon Valley area, “Regulation” is often treated like a nasty four-letter word. With regard to cyber security this seems not to be the case. It appears evident that Criminals, hackers, activists, and government representatives are able to effectively stop security technology regulation from becoming a reality sooner rather than later.

A Republican Arizona Senator, other prevalent Republicans, as well as John McCain, opposed the bill on standing on grounds that the proposed standards would be far too onerous for corporations and other business entities. A joint compromise was reached just prior to the Senate vote to make these types of standards optional and not mandatory. Directly after the filibuster vote, the Senate voted 52 to 46 to cease discussion and terminate the debate regarding the bill. With the lack of support behind it the vote it fell eight votes shy and failed to pass. In reviewing several Silicon Valley security experts takes on the bill as well as the cyber challenges and the potential risks associated with it, many are concerned about the potential for a 9/11 type cyberattack taking place in the near future. Many have voiced concerns about the seriousness of the situation. A vast majority of Cyber professionals feel strongly that this bill should have been passed! After the standards became voluntary the opportunity to bridge centralized exchanges between the public and private sectors of threat information has been postponed once again. While there was not a clear path defended for this there was no question regarding the intent, as well as conformation that this was indeed important.

The concept was that should an intrusion take place within a single news agency by an individual it may appear that the attack was an isolated incident. However,  if law enforcement was able to identify that there was an attack from that same IP address against multiple sites concurrently it would send a strong signal that potentially something much larger and more destructive may be taking place. We need to be prepared as well as armed with the right tools just as quickly as possible. As the bill creped forward it seemed to go through a metamorphosis of types throughout a fairly short period of time. At the beginning the bill possessed some significant teeth. Eventually the compromise within the bill, in an effort to get it passed, removed many of those teeth. It’s clear that that this bill or something like it is needed. From a cyber security standpoint this is a huge and significant setback. Every day that goes by without this types of measures in place, and the execution of these security measures, places our nation at exponentially higher risk. Being that we are a “First world” country it is essential that we take immediate action. We cannot afford as a nation to have extensive power outages for example. We must be able to rely on the quality of the water that comes out of the taps. We need to be able to heat our homes and to cook utilizing the natural gas that’s delivered to our homes and businesses. The effectiveness regarding our ability to maintain and secure our infrastructures from attack is nothing less than essential and highly critical. A successful cyber attack against the U.S. with enough magnitude could cause a worldly frenzy that potentially could spin quickly out of control.

Today intellectual property is being heisted at unacceptable rates. Successful “Hacksters” are proving they can get most of what they want if they try hard enough. The concept and reality that regulation will solve the entire situation is no more than a dream. Regulation cannot in itself solve the cyber security challenge we all face. However it would dramatically build global awareness which can only be a good thing. Just last week Mr. Shawn Henry, the F.B.I.’s former top cybercop, warned of a 9/11-style cyberattack and felt that the threat will not be taken seriously until it happens. Rumor has it that the DOHS, (Department of Homeland Security), incident response team believes that oil rigs may already be under cyber attack. When we sit back and contemplate the potential possibilities of an attack against a key component of our infrastructure such as possibly our water supply being cut off from a series of nuclear reactor facilities is disconcerting. Imagine for a moment the fact that we have multiple sectors that intersect, such as oil and gas pipelines, nuclear plants and water treatment facilities. In reality many of our infrastructure components interconnect.

Our nation’s ability to maintain the lifestyle, freedom, and society we have depends on the successful and continued inter-connection of these systems and infrastructure. We are at risk today, tomorrow, next month, and next year.  While there is no predicting we know that we must be ready. The fact is that public awareness can do nothing but help the situation. The passing of certain bills, guidelines, and standards, would shine a light on the seriousness as well as the complexity of the situation. This is not something that can be just simply pushed under the rug and left to deal with at another time. The time act is now. We must be PROACTIVE rather than REACTIVE!