Well-publicized cyberattacks on the U.S. in late 2014 have made it almost certain that government will focus heavily on the nation’s technological security in the year ahead. And as cybersecurity talks heat up in Washington, policymakers will be tasked with striking a balance between protecting the nation’s cyber infrastructure and enacting rules that threaten U.S. Internet liberties, such as 2012’s much maligned Cyber Intelligence Sharing and Protection Act.
Texas Republican Rep. Michael McCaul, in an op-ed Thursday for The Washington Times, said that the cyberattack on Sony late last year marks the beginning of “a new era of cyberterrorism where threats cause just as much damage and fear as a bomb threat.”
“While the economic damage of this hack is disconcerting, the real significance lies in the fact that, according to the FBI, this marks the first major destructive cyberattack waged against a company on U.S. soil,” wrote McCaul, who heads up the House Committee on Homeland Security.
The national security aspect of the Sony attack may be marginalized because the hackers’ intentions were limited to keeping “The Interview,” a comedy leader poking fun at North Korea, out of theaters. But McCaul warns of devastating consequences if the same tactics were employed against U.S. infrastructure.
“While the economic damage of this hack is disconcerting, the real significance lies in the fact that, according to the FBI, this marks the first major destructive cyberattack waged against a company on U.S. soil,” he wrote.
Making the situation more worrisome, McCaul said, is that the federal government is currently as ill prepared to respond to cyberattacks as private companies that have been targeted in the past.
“We have no effective strategy in place to stop it,” he wrote.
McCaul has moved cybersecurity legislation in the past which created a federal civilian interface at the Department of Homeland Security to address cybersecurity threats to the United States. In the months ahead, he says he plans to do more.
And while government action on cybersecurity almost always draws negative attention from Internet freedom advocates who fear a misplaced clampdown on information freedom, McCaul’s concerns about the nation’s cybersecurity have been echoed by at least one staunch champion of transparency.
National Security Agency whistleblower Edward Snowden warned in a recent interview that the U.S. has “more to lose than any other nation on Earth” when it comes to the growing threat of cyberwarfare.
On PBS’s “NOVA Next” program Snowden argued that the U.S. should reallocate resources dedicating to online spying to cyberdefense initiatives.
“Defending ourselves from Internet-based attacks, Internet-originated attacks, is much, much more important than our ability to launch attacks against similar targets in foreign countries because when it comes to the Internet, when it comes to our technical economy, we have more to lose than any other nation on Earth,” Snowden said.
The technical economy, Snowden argues, gives adversaries an endless number of vulnerable entry points for attacks that could cripple critical infrastructure.
“If an adversary didn’t target our power plants but they did target the core routers, the backbones that tie our internet connections together, entire parts of the United States could be cut off,” he said. “That would have a tremendous impact on us as a society and it would have a policy backlash.”
Meanwhile, Rep. Dutch Ruppersberger (D-Md.) revived CISPA, a failed 2012 cybersecurity bill that encourages government and private sector sharing of cyber information, on Friday.
“The reason I’m putting the bill in now is I want to keep the momentum going on what’s happening out there in the world,” Ruppersberger told The Hill. “We have to move forward.”
The legislation will likely muddle the cybersecurity debate further, as privacy activists have repeatedly charged that it has little cybersecurity merit and serves as little more than a back door for the National Security Agency to more easily access communication data on private networks.
“We must do everything within our power to safeguard the privacy rights of individual Internet users and ensure that Congress does not sacrifice those rights in a rush to pass vaguely worded cybersecurity bills,” said Lee Tien, senior staff attorney of the Electronic Frontier Foundation, when CISPA was defeated back in 2012.