Perhaps the most important role of federal government, highlighted in the preamble of the Constitution, is to “provide for the common defense.” This role is generally thought of as military defense against missiles and bombs. But in the digital age, Americans are more frequently becoming the targets of high-tech cyberattacks.
Cyberattacks against U.S. government and private sector networks are on the rise. Hackers gain access to personal, banking and financial information, as well as to sensitive state secrets and intelligence reports.
In just the past few weeks, some of America’s largest companies have been hacked, showing our vulnerabilities. Protecting America’s cyber-systems is critical to our economic and national security.
Americans deserve better protection, and the federal government can help make sensitive information more secure.
Apple is the latest target in a string of recent sophisticated cyberattacks. Other victims include Facebook and leading newspapers such as The New York Times and The Wall Street Journal. Mandiant, a network security firm hired by the Journal, released persuasive evidence that the Chinese military was responsible for these and numerous attacks against U.S. corporations.
Hundreds of terabytes of proprietary information and stolen data were traced to a government building in Shanghai. Perhaps more disturbing, the firm further revealed that hackers are increasingly targeting America’s power grid and other critical infrastructure.
While China’s government continually denies involvement, the sophistication of the attacks and the evidence released by Mandiant point decisively to a systematic, coordinated effort. This is a problem that will not be solved easily.
Protecting the nation’s cyber-infrastructure is a responsibility shared by a number of different federal agencies. And while federal efforts in this area are gradually growing, so too are private sector efforts.
As the federal government begins to identify the challenges of protecting critical infrastructure, private companies are taking on the task. More and more private equity firms are investing in national-security-focused startups. Whereas federal efforts tend to be slower, private companies can quickly adapt to a constantly changing landscape. The government must work collaboratively with these private companies to keep up. But with so many players in the game, coordination is the real key to success.
Last month, the White House issued an executive order intended to improve the cybersecurity of critical infrastructure systems. While I support this goal, legislation must be part of the solution. The administration’s executive order is inherently limited.
Only Congress can provide the incentives and protections that would permit necessary information sharing among companies and, more importantly, among private companies and the government.
Along these lines, federal policies have the potential to improve the public and private sectors’ abilities to mitigate cyber-threats and reduce the associated costs.
Congress must ensure that agencies are working to avoid duplication and inefficient use of limited taxpayer dollars. Investments must be made wisely and produce significant value for our nation. The Science, Space and Technology Committee, which I chair, has begun working on important cybersecurity legislation. Last week, we held a hearing to examine the Cybersecurity Enhancement Act, a bill that would coordinate research-and-development activities to better address evolving cyber-threats.