Do Companies Need Fed Cybersecurity Intervention?

Once again, Americans are hearing that the United States is a cybersecurity wimp, vulnerable to major damage should it ever suffer a large, organized cyberattack. The latest testimony underscoring that notion came from Michael McConnell, the former director of national intelligence, who spoke to the Senate Tuesday.

Testifying before the Senate Committee on Commerce, Science and Transportation regarding the U.S. Cybersecurity Amendment Act of 2009, McConnell said the U.S. needs government involvement if the country aims to prevail in a defensive cyberwar.

The Cybersecurity Amendment Act, which was passed overwhelmingly by the House of Representatives recently, is now before the Senate.

McConnell’s testimony could indicate eagerness in the private sector to tap into the lucrative government market for cybersecurity, as the Obama administration tries simultaneously to make America a more digital nation and shore up its admittedly weak cybersecurity defenses.

The Global Village Sucks

The U.S. is the most vulnerable country because it’s the most connected, according to McConnell. It won’t be able to mitigate risks from cyberattack unless and until the federal government gets more active in helping protect the nation’s cyber infrastructure, he pointed out.

The Senate Committee also heard testimony from other representatives of industry and government. They included Scott Borg, director and chief economist at the nonprofit U.S. Cyber Consequences Unit; James Lewis, a director and senior fellow at the Center for Strategic and International Studies; and Mary Ann Davidson, chief security officer at Oracle.

The bill, which provides for research in cybersecurity and education, is necessary and overdue, said Lewis.

The Feds Aren’t All Bad

Like Director of National Intelligence Dennis Blair, who addressed Congress about the Cybersecurity Amendment Act earlier this month, McConnell called for stronger cooperation between the private and public sectors.

They’re echoing President Obama’s call for such cooperation. A joint effort would help resolve our cybersecurity issues, Charles King, principal analyst at Pund-IT, told the E-Commerce Times. “We’ve finally got an administration that has appointed agency leaders who understand the breadth and severity of the problem and are willing to do something about it,” he explained.

“For the past 20 years, the refrain has been to leave things to the private sector,” King said. “You could argue that the private sector has muffed its chances time and again and that the threat is now so pervasive that government intervention may be the only way to address it comprehensively.”

Helping Solve the Problem

Why is the U.S. so vulnerable? Don’t we have the best technologists? Where are the geniuses of Silicon Valley when we need them? Are people in developing countries, many of whom hadn’t seen a Pentium III computer until only recently, better programmers than Americans? Are their kids smarter than ours?

The Act’s call for improved cybersecurity education can only help the U.S. “The emphasis on science and technical training in China, Eastern Europe and elsewhere has resulted in a plethora of trained, skilled people with little in the way of professional opportunities,” Pund-IT’s King said. “Unless the U.S. makes some fundamental changes in educational funding and administration, I expect this situation will worsen over time.”

Part of the problem may lie in unrestrained use of the Web on corporate networks. Such uncontrollable access to the Internet sites can introduce malware into a business’s network and allow important corporate secrets escape the company’s walls. This week, the Federal Trade Commission warned about 100 companies that their files have been compromised by peer-to-peer file-sharing networks. It’s believed staff at many of these companies were responsible for the problem through accessing P2P networks at work.

“If organizations allow P2P connections and aren’t monitoring them, it’s not possible to protect against network breaches,” Bill Edwards, chief information security officer at Vigilant, told the E-Commerce Times.

The private sector may be backing the bill because there’s money to be made — Cisco recently took on former White House cybersecurity advisor Melissa Hathaway as consultant and is targeting the government cybersecurity market.

Privacy groups are concerned about other aspects of the Cybersecurity Amendment Act, or H.R. 4061. The Electronic Frontier Foundation fears a provision in the act that calls for the federal government to establish a standardized, uniform digital identity for citizens could be a threat to anonymity and privacy.