Op-Ed: It’s Time to Take Action on Cybersecurity

Maksim Kabakou/Shutterstock.com

Our adversaries aren’t standing idly by while we get our defenses in order.

With each New Year comes the promise of a fresh start, and nowhere is there a more pressing need for that than in Washington, where gridlock has taken hold for too many months. The good news is that the close of 2013 witnessed the beginnings of forward motion, on the part of key actors, on select issues of national importance. In December, Rep. Paul Ryan, R-Wis., and Sen. Patty Murray, D-Wash., jointly took the lead on preventing another government shutdown only three months after the last one by crafting a bipartisan budget deal.  While the deal is nowhere near a grand bargain in scale and scope, it does reflect incremental progress that is still a step in the right direction and as such, is emblematic of what may be the new model of governance in the capital: Getting things done through small steps forward.

Indeed, the new golden rule in Washington may be: Don’t let the perfect be the enemy of the good. In the present partisan atmosphere, holding out for a panacea that addresses all challenges comprehensively may simply be a bridge too far. Cybersecurity is just one important area that could benefit much from this type of approach. Consider the context: Despite an ever-increasing array of cyber threats that continue to morph and evolve in complexity, and despite widespread acknowledgement that more needs to be done, the United States remains underprepared for the ecosystem it faces and the many hostile actors that inhabit cyberspace. While there may be plenty of blame to go around in terms of inaction, Americans rightfully expect some remedies and results.

Despite a range of proposals for addressing gaps in cybersecurity, none have fully materialized.  For instance, the Cyber Intelligence Sharing and Protection Act (CISPA), sponsored by House Intelligence Committee Chairman Mike Rogers, together with Ranking Member Dutch Ruppersberger, passed the House but not the Senate. Designed “to provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes,” the House bill would have facilitated the exchange of threat and vulnerability information needed to prevent, mitigate, and respond to cyberattacks. It also addressed liability issues that may arise in connection with such exchange. The importance of information sharing is widely acknowledged, but prevailing sensitivities attached to the matter are acute, due largely to the Snowden case, which continues to unfold. Prospects for the bill are dubious, even though the latest version addresses many of the privacy concerns that critics raised with an earlier iteration. 

In December, House Homeland Security Committee Chairman Michael McCaul also introduced the National Cybersecurity and Critical Infrastructure Protection Act of 2013 (NCCIP). This bipartisan bill, submitted together with Ranking Member Bennie Thompson, and counterparts on the House Homeland Security Committee’s panel on cybersecurity, infrastructure protection and security technologies (Reps. Patrick Meehan and Yvette Clarke, respectively), aims to “strengthen…the cybersecurity of the nation’s 16 critical infrastructure sectors as well as the federal government by codifying, strengthening and providing oversight of the cybersecurity mission of the Department of Homeland Security (DHS)—the agency responsible for ensuring the security of our critical infrastructure.” 

On the Senate side, the Armed Services Committee, the Homeland Security Committee, and the Intelligence Committee are contemplating measures within their defined areas of jurisdiction. In the Senate Commerce Committee, moreover, Chairman Jay Rockefeller and Ranking Member John Thune introduced last July the Cybersecurity Act of 2013, which “would give the National Institute of Standards and Technology (NIST) authority to facilitate and support the development of voluntary, industry-led cyber standards and best practices for critical infrastructure”; and “make sure the federal government supports cutting edge research, raises public awareness of cyber risks, and improves the nation’s workforce to better address cyber threats.”  

In effect, the Senate Commerce Committee bill largely codifies President Obama’s February 2013 executive order on improving critical infrastructure cybersecurity, which allocates to NIST a central role in facilitating the   development of a private sector-led, market-oriented framework. The final version of that cybersecurity framework is expected to be published later this month and "shall provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk," according to the executive order.

These are just some of the cybersecurity measures that have been initiated. For the private sector, a prominent concern is to know and understand the rules of the road regarding active defense. Industry leaders understandably want clarity on these rules, that they will help define, and which will allow companies to protect themselves.  Such an approach, wherein guidelines and guidance are relayed to the private sector to then determine the best way forward, is emblematic of the direction in which we need to go if tailored and effective countermeasures are to be formulated and enacted in real-time and/or as required. Companies cannot be expected to simply wait until Congress and the executive branch get their own houses in order.

From optimizing interagency cooperation to pursuing research and development strategically and beyond, there are various steps left to take in the area of cybersecurity. Our adversaries are not standing idly by and the risks continue to multiply. How many more incidents like the recent and massive breach of Target’s data, involving millions of Americans, are needed to spur the country into taking the actions needed?  If it takes baby steps to push the country further down the path to a more robust posture, so be it. Just as Congressional committees have put their minds to crafting an omnibus bill that converts the Ryan-Murray framework into details and constructive action, so too must we get on with it in the cyber realm. 2013 was a very good year for our adversaries. Let's not make it two in a row by our own hand.

Frank J. Cilluffo is director of the George Washington University Homeland Security Policy Institute and GW’s Cybersecurity Initiative.  Sharon L. Cardash is HSPI’s associate director and a founding member of GW’s Cyber Center for National and Economic Security.

(Image via Maksim Kabakou/Shutterstock.com)

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.