Cyber-attacks pose real and immediate threats to our national and economic security. Americans are under cyber-attack by nation-states, such as China and Russia, and by computer hackers. Cyber-attacks are aimed at both government agencies and private-sector businesses.
These attacks look to target America’s defense capabilities and the nation’s critical infrastructure, steal our intellectual property and compromise sensitive information such as personal credit cards, bank accounts and Social Security numbers.
FBI Director Robert Mueller has stated the dangers from cyber-attacks will equal or surpass the dangers of terrorism “in the foreseeable future.” Defense Secretary Leon Panetta testified before Congress last year when he headed the CIA about his fear of a “cyber Pearl Harbor.”
As a former district attorney and U.S. attorney, I understand the far-reaching effects of cyber-attacks and know that more must be done to give law enforcement, the private sector and individuals tasked with protecting critical infrastructure the tools they need to aggressively defend against these attacks.
Cyber-attacks on government and private-sector-controlled critical infrastructure could include bringing down power grids, water control facilities, air traffic control stations, transportation systems and a whole range of systems and services that could cripple our country.
Cyber-attackers also target and seek access to a whole variety of private-sector computer systems, targeting financial information, identity identification, intellectual property, trade secrets, product development/marketing plans and U.S. corporate strategies. Every day U.S. businesses are targeted by nation-state actors such as China and Russia for cyber-exploitation and theft, resulting in huge losses of valuable intellectual property and sensitive information.
This rampant industrial espionage costs American jobs and poses a threat to our national security and economic well-being.
With the cyber-threats our nation faces, there is a crucial need for carefully drawn cybersecurity legislation such as H.R. 3523, the Cyber Intelligence Sharing and Protection Act, which the House passed by a bipartisan vote of 248-168.
Currently, the government protects itself against cyber-espionage by using both classified and unclassified cyber-threat information. However, the vast majority of the private sector does not get the benefit of the classified threat intelligence that the government already has in its possession.
CISPA would amend the National Security Act of 1947 to enable cyber-threat sharing and provide clear authority for the private sector to defend its own networks, while providing strong protections for privacy and civil liberties. Crucially, the bill protects privacy by prohibiting the government from requiring private-sector entities to provide information to the government and by encouraging the private sector to “anonymize” or “minimize” the information it voluntarily shares with others, including the government.
CISPA also requires an independent inspector general audit of any voluntary information sharing with the government. All of this reflects the critical need to balance real security concerns with the need to protect our individual rights and liberties under the Constitution.
Legislating with respect to cybersecurity poses a complex set of issues involving legal, economic, national security, intellectual property and privacy considerations. To this end, Congress must continue to closely monitor concerns raised during the consideration of CISPA and other cybersecurity measures.
However, while there are legitimate civil liberty concerns, we cannot abandon efforts to increase our nation’s cybersecurity protections.
It is also important that Congress follow up on CISPA by continuing to examine what additionally can and should be done to protect Americans from the threat of cyber-attacks.
These measures should be largely voluntary, flexible and incentive-based because most critical infrastructures are privately owned. We must avoid a bureaucratically directed regulatory heavy hand, which will be slow and ineffective given how rapidly threats change and adapt and the fact that different companies and sectors face different threats and have unique vulnerabilities.
Instead, Congress must continue to take steps allowing the private sector to expand its own cyber-defense efforts in order to harness private-sector drive and innovation, while also keeping the government out of the business of monitoring and guarding private-sector networks.
Rep. Tom Marino (R-Pa.) is a member of the Foreign Affairs, Homeland Security and Judiciary committees.