Ninety percent of respondents to this week’s RBJ Daily Report Snap Poll say they are concerned about the threat of cyberattack against the United States. More than half say they are very concerned.
Defense Secretary Leon Panetta warned last week that the nation could face a "cyber Pearl Harbor," with attacks that could shut down the power grid, derail trains carrying lethal chemicals, contaminate water plants and cripple other public and private systems and networks.
Calling it "a new terrain for warfare," Panetta said threats already detected range from "denial of service attacks" that delay or disrupt services to the Shamoon virus, which in August hit Aramco, the Saudi state oil company, and U.S. financial institutions; it disabled more than 30,000 computers. Those suspected of attacks include nations such as Iran and extremist groups.
Among other moves to counteract this threat, Panetta called for passage of the Cybersecurity Act of 2012, bipartisan legislation that stalled in Congress two months ago. The measure would have given the Department of Homeland Security authority to set minimum, voluntary cybersecurity standards for operators of critical infrastructure and would have encouraged sharing of information by the government and the private sector.
More than two-thirds of readers said the Cybersecurity Act or similar legislation is needed to protect the nation.
The bill was opposed in the Senate by most Republicans and a few Democrats who said it would be costly for businesses and could lead to mandatory standards. Critics also doubt the government’s ability to keep pace with rapidly evolving cyberthreats, saying it should encourage private-sector initiatives.
Panetta said, however, that "we need to develop baseline standards for our most critical private-sector infrastructure," adding that "the reality is that too few companies have invested in even basic cybersecurity."
Roughly 500 readers participated in this week’s poll, which was conducted Oct. 15 and 16.
Are you concerned about the threat of cyberattack against the U.S.?
Very concerned: 52%
Somewhat concerned: 38%
Not very concerned: 8%
Not at all concerned: 2%
Is the Cybersecurity Act or similar legislation needed to protect the nation?
Some form of basic standards needs to be adopted for our critical infrastructure.
I believe the public as a whole only thinks of cyberattacks in terms of a virus on their home computer and does not fully realize the implications of an attack on utilities—until the lights go out for a long time.
—Eric Muench, president, Genesistems Inc.
The only thing scarier than a cyberattack is the government having control over the Internet! Allowing them the ability to flip the Internet “kill switch” and cease all communication via the Internet is not constitutionally kosher in my book. Thomas Jefferson said it best: “A government big enough to give you everything you need is a government big enough to take away everything that you have.” Let that one sink in for a moment. Our founding fathers were prophetic.
Another government program/regulation? I don’t think so.
Once again, congressional partisan bickering and conflict is preventing our government from taking action that can protect the interest of our economy and livelihood. Cyberterror is a very real and potential threat and it is just wrong that progress to counter it is blocked by politicians more concerned about election year victories than the public good.
—Bill McDonald, Medical Motor Service
Laws have never stopped the evildoer before. Why does anyone think laws against cyberattack will have any effect? Such laws may benefit the legal profession and further inflate politicians’ egos but will not stop the criminal.
Mandates and legislation are not going to solve this potential threat. The government needs to engage private enterprise through defense contracts to help protect our networks and infrastructure.
—Carlo Jannotti, Forward Branding
For a Naples, Fla., Council on World Affairs study group, I researched and led discussions on cybersecurity and national security, exploring the extreme vulnerability of our nation’s infrastructure (water, electrical, transportation and telecommunications systems). While the Defense Department’s Cyber Command, coordinating military operations, has made significant progress in all *.mil servers, and Dept. of Homeland Security is strengthening its efforts in all *.gov servers, the great majority of our critical infrastructure—the likely targets in cyberwar—is in the private sector. “The Director of the FBI warned (Feb. 2012) that the cyberthreat will soon equal or surpass the threat from terrorism. He argued that we should be addressing the cyberthreat with the same intensity we have applied to the terrorist threat. … The evidence of our cybersecurity vulnerability is overwhelming and compels us to act now. If we haven’t yet learned the lesson of foresight from 9-11 (when early warnings went unheeded), we owe it to the nation to do so now. It will be inexcusable if a massive cyberattack succeeds because Congress failed to act,” wrote Sen. Susan Collins, ranking member of the Senate Committee on Homeland Security and Governmental Affairs. The Cybersecurity Act of 2012 would “establish a public-private partnership to secure those systems which, if commandeered or destroyed by a cyberattack, could cause mass deaths, evacuations, disruptions to life-sustaining services, or catastrophic damage to our economy or national security.” Our lives, our economy, our way of life, may well depend on it.
The act as it stands would allow the government too much latitude in prosecuting and pursuing other non-cyberattack scenarios. It’s a significant abbreviation on freedom of speech and freedom of Internet usage, and yet another thinly veiled ploy by the Recording Industry Association of America and other copyright holders to pursue people for license violations using cease and desist orders without court protection of those they are trying to enforce against. The government has had a terrible record in the past of closing down sites and putting people out of business who were later proved to be completely innocent. While cybersecurity is an important subject, legislating it based on making Internet service providers responsible for content and placing cumbersome and frequently biased governmental bodies in charge of deciding what’s OK and what’s not is not the way to go about protecting our rights and those of copyright holders. When “encouraging information sharing” becomes “we come in and seize your servers because there is one copyright infringer on a server that hundreds of sites are using,” you have stepped over the line. The government isn’t even capable of prosecuting identity theft successfully, despite all the tools given them. What makes you think they’ll do better at critical infrastructure?
—Lee Drake, CEO, Os-Cubed Inc.
Though a cyberattack is an event that concerns me greatly, further incursions by Department of Homeland Security on our liberty and freedom concerns me more. I applaud the members of Congress who oppose this legislation, for they likely understand the effects of government intrusions into our lives. We stand upon a very slippery slope today as a result of our nation’s knee-jerk reaction to terrorist attacks. So far DHS and organizations like the TSA have reduced the liberties and freedoms American citizens had enjoyed. Instead of targeting our enemies they have targeted us—we wouldn’t want to profile, instead they go after the infirm, children and elderly persons who pose no threat. The “Cybersecurity Act” only strengthens the government’s ability to keep we Americans under control through the guise of protecting us. We must identify our enemies and be sure to make it perfectly clear that any attack upon our nation will result in a quick, violent and focused retaliation. It’s called self defense.
—Michael F. Kloppel, chairman, Ontario County Conservative Party
If it means people stop saying “uber” and “vetted,” I’m all for it.
10/19/12 (c) 2012 Rochester Business Journal. To obtain permission to reprint this article, call 585-546-8303 or email firstname.lastname@example.org.