Cyber Attention: Why Now?
This week, at least four hearings in Congress tackled cybersecurity issues.
The week kicked off with the Senate Homeland Security and Government Affairs Committee hearing, "Protecting Cyberspace: Assessing the White House Proposal." On Wednesday, the House had a trio of hearings, including Judiciary's "Cybersecurity: Innovative Solutions to Challenging Problems," Science, Space and Technology's "Cybersecurity: Innovative Solutions to Challenging Problems," and Government Reform's "Cybersecurity: Assessing the Immediate Threat to the United States."
These hearings follow announcements of the White House's legislative proposal for addressing cybersecurity, its international cybersecurity strategy and a joint US-UK announcement identifying cybersecurity as an area key for collaboration.
Meanwhile, in the private sector, companies are staffing up on cybersecurity experts, with contractors identifying the issue as a key area of potential growth, especially for the public sector.
Why all the attention on cybersecurity? Why now? Cybercrime, cyberterrorism, cyberspying -- whatever elements of cybersecurity one is interested in -- are not new. Serious discussion on the critical infrastructure/cyber front have been taking place for at least 15 years. Cybercrime statutes date back to the mid-eighties.
Is it because of increased attention to potential threats from China? The international threats from cybersecurity are not new. Before China, there were (and remain) threats from Eastern European and Russian. "The Cuckoo's Egg," a must-read for cybergeeks, traces cyberattacks back to Germany. Indeed, in the late 90s, the Philippines were the focus of our nation's cybersecurity attention when the 'Love Bug' virus traced back to that country. Is China different because of its economic status?
Is it because of our increasingly interconnected world that links our mobile to our computer to our "smart" whatever device, which then beams everything up to the cloud? There has long been talk of each computer potentially being the "weakest" link in security. Does the fact that many of those devices are turned on all the time mean we are more concerned about every link?
Is it because we worry about cyberterrorism and attacks against our critical infrastructure? Former Cyberczar Dick Clarke has long warned of a "digital pearl harbor." Click here to read his warnings during a speech he gave in 2000. We can see videos of smart grids and nuclear plants being attacked virtually, but how realistic are those possibilities?
Is it because D.C.'s inside-the-baseball jurisdictional fights, both in agencies and in Congress, have made cyber the issue that everyone wants to control? Again, a dozen years ago we had a multitude of acronyms and agencies trying to own "cyber." Most of those entities were merged into one and placed in DHS. Today, we are hearing about the struggle between DHS and DoD and the intelligence community on who should be in charge, and now there are calls for the SEC, FTC and FCC to become more engaged.
In Congress, a similar jurisdictional dance is happening -- as demonstrated by the hearings earlier this week. In the House, a piecemeal approach may be the only way of getting cybersecurity addressed in a meaningful manner, short of bypassing the half dozen congressional committees with some claim to security issues. In the Senate, the divide is less hectic but still involves major players with not-always-aligned interests.
Is it because the threats are so much more and vulnerabilities are appearing quicker than we can address them? From data breaches at companies to having one's information compromised in some form or fashion becoming commonplace, one would think that we have become desensitized to the issue by now.
Or, finally, is it because cybersecurity has matured and has reached a point where academic discussions around policy are no longer sufficient? Has cybersecurity matured to the point where something has to be done?
Maybe it is none of the reasons above. Or maybe it is all. What is known, however, is that we can expect to see a lot more on cybersecurity from the government in the coming months...