Given the amount of sensitive information transmitted and stored over the cyber-sphere each day, strong cybersecurity has become a necessity for businesses, private citizens and our government alike. Anyone who has had their identity stolen because of a breach in Internet security knows the ripple effect of that invasion. Credit cards need to be canceled. Debts need to be disputed. Credit reports need to be corrected.
A cyber-attack on our nation’s digital infrastructure would cause the same ripple effect but with far more devastating consequences. Nearly all key sectors of the U.S. economy are reliant on networked computers for their daily operations. Not only could an attack threaten our homeland security, it also has the potential of incapacitating many American businesses within the private sector as well as industries supporting our infrastructure. Medical networks, for example, face the threat of hackers stealing and compromising patient data.
There are a number of legislative proposals in the House and the Senate on the horizon, but a resource that already exists is being ignored. Professors, students and industries have been collaborating on cybersecurity measures in research centers located at academic institutions across the country. These are the experts, and tapping into their knowledge provides the most immediate solution to protect against cyber-attacks. Critically, these solutions hardly, if ever, infringe on privacy rights.
A November 2010, Department of Defense-commissioned report, “Science of Cybersecurity,” underscored the need to establish multiple cybersecurity science-based centers within universities and other research institutions. Federally sponsored centers would tap into already-existing knowledge banks on this issue while providing academic sponsors with access to agency experience within government cyber-networks. Additionally, these centers could develop strategies to improve the security and resilience of information infrastructure and mitigate the consequences of a successful cyber-attack.
Regional university-based cybersecurity research centers come with other benefits as well. Such centers will be ideal training grounds for the next generation of cybersecurity experts. They will accelerate the pace of discovery in nearly all other fields and enable us to remain competitive in the global economy. As such advances in networking and information technology are a key driver of economic competitiveness, it is highly probable that we would see a great return on our investment. Perhaps most importantly, these centers are independent arbiters of technology, free from the motivations of for-profit companies.
The need for more of these academic research centers to be created cannot be overstated. In the meantime, we should be working with the ones already in existence.
Our country needs to be employing the best cybersecurity available now, and in Washington we need to direct our attention toward this immediate solution as we address larger cybersecurity goals, such as protecting our citizens’ privacy.
Currently, our individual privacy rights are still secure; yet, that has not stopped bills compromising those rights from coming to the floor of the House. For example, the Cyber Intelligence Sharing and Protection Act, recently passed by the House, was so broad that a private citizen’s personal information could potentially be collected in furtherance of our nation’s cybersecurity.
Regional academic research centers are developing technology that stays within the current boundaries of protecting private information while still protecting against cyber-attacks. These centers can serve as a bridge between the public and the government, serving a dual purpose: educating the public while sharing critical expertise with those charged with protecting them. Without question, we should be engaging more of these academic centers as soon as possible.
Rep. Bill Keating is ranking member of the Homeland Security Subcommittee on Oversight, Investigations and Management and also serves on the Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies.