recommended reading

9/11 haunts debate over cybersecurity

Moshe Bursuker/AP file photo

More than a decade after the Sept. 11, 2001, terrorist attacks, the tragedy haunts Washington policymakers who are deadlocked over how to protect the country against cyberattacks.

Current and former government officials have spent months pointing to 9/11 as a harbinger of what could occur if Congress, federal agencies, and businesses don’t act to update policies that govern how cyberthreat information is shared; how threats are monitored; and what standards should guide national cybersecurity.

“We’ve got an opportunity to do what we didn’t do before 9/11. We’ve got an opportunity to fix this problem before we’re attacked,” Senate Homeland Security and Governmental Affairs Chairman Joe Lieberman, ID-Conn., told National Journal in an interview earlier this year. “I hope and pray that we deal with it, and we don’t run around frantically after an attack to close loopholes we can close now.”

Lieberman was the lead sponsor of the Cybersecurity Act of 2012, which failed to advance before Congress recessed in August. Republicans, backed by business groups such as the U.S. Chamber of Commerce, say the bill could lead to burdensome government regulations that could never keep up with ever-changing cyberthreats.

FBI Director Robert Mueller has said he thinks the danger of damage to U.S. computer networks—including those that control vital systems such as power grids and nuclear plants—is well on its way to overtaking terrorism as the top threat to the United States.

President Obama is considering a number of ideas for a draft executive order that could be used to enact some reforms if Congress fails to act on cybersecurity, but no decision has been made. Even if Obama moves forward, he’s limited in the steps he can take and Congress will continue to face pressure.

Throughout it all, 9/11 has cast its shadow as lawmakers and government officials seek to inoculate themselves against blame should a catastrophic attack happen.

“We carry the burden of knowing that 9/11 might have been averted with the intelligence that existed at the time,” a group of former officials wrote in a letter to Congress this summer. “We do not want to be in the same position again when ‘cyber 9/11’ hits—it is not a question of whether this will happen; it is a question of ‘when,’ ” said the letter. Among its signatories was Michael Chertoff, who headed the Homeland Security Department under President George W. Bush.

Senate Commerce Chairman Jay Rockefeller, D-W.Va., another of the cybersecurity bill’s sponsors, recalled the 9/11 warning signs that were missed in 2000 and 2001 when discussing the issue during this summer’s debate.

“Our intelligence and national-security leadership took these matters seriously, but not seriously enough,” he said. “Then it was too late: 9/11 happened.”

Although the terrorist attacks have been used as an example of why the United States needs to be proactive in confronting cyberthreats, the civil-liberties legacy of government action taken in their wake is complicating the debate. Privacy groups, for example, have warned that cybersecurity could be used as an excuse to extend government surveillance powers. A House bill aimed at encouraging cybersecurity information-sharing between businesses and government passed the House in April but was roundly criticized as providing a backdoor opportunity for officials to monitor private communications.

Some doubt whether a cyberattack could cause the same loss of life and physical destruction that occurred on 9/11. So far, there have been no examples of major physical damage or deaths related to online-based attacks.

Howard Schmidt, who stepped down as the White House’s top cybersecurity official earlier this year, has long been an advocate of toning down the rhetoric over cybersecurity. And Gen. Keith Alexander, who heads the National Security Agency and U.S. Cyber Command, says that al-Qaida has yet to achieve the capabilities to launch a major cyberattack on the United States.

Nevertheless, both Schmidt and Alexander are among the many officials urging Congress to act before a major attack not only wreaks havoc, but leads policymakers to overreact.

“I’m afraid we’ll argue about this until something bad happens. And when something bad happens, we’ll jump way over here, where we don’t want to be,” Alexander said in a rare public appearance in July. “Let’s do it now. Let’s get it right.”

Businesses are asking for legal protections and incentives to help them better secure private networks, which make up the majority of systems in the United States. The White House, however, says voluntary standards are not enough and advocates for more authority to enforce security guidelines for the most vulnerable networks.

Threatwatch Alert

Accidentally leaked credentials / Misplaced data

Boeing Employee Emails 36,000 Coworkers’ Personal Info to Spouse

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.