As federal officials and the White House increasingly call on Congress to pass the comprehensive cyber-security bill to protect critical infrastructure, the House moves forward with its version.
Federal law enforcement
officials expect cyber-espionage, hacktivists and cyber-attacks to soon surpass
traditional terrorism as the No. 1 threat facing the United States, according
to Congressional testimony.
"Stopping terrorists is
the No. 1 priority," Robert Mueller, director of the Federal Bureau of
Investigation told the Senate Select Committee on Intelligence Feb. 1.
"But down the road, the cyber-threat will be the No. 1 threat to the
country. I do not think it is necessarily [the] No. 1 threat, but it will be
The U.S. Director of
National Intelligence James Clapper urged the U.S. House of Representatives and
the Senate to pass legislation to increase cyber-security in both the public
and private sectors during a hearing of the House Select Intelligence Committee
on worldwide threats on Feb. 2. Clapper discussed intrusions on public systems
that control major defense weapon systems, electrical grids and banking
infrastructure. The U.S. economy is losing upwards of $300 billion per year
because of rampant cyber-espionage, Clapper said.
Perhaps Mueller is right to
be nervous. The hacktivist collective Anonymous released audio transcripts on
YouTube of a 16-minute call between the FBI and Scotland Yard where law
enforcement officials discussed several Anonymous- and LulzSec-related cases on
Feb. 3. The FBI and British police have confirmed that the transcripts are
legitimate and said they are investigating.
Anonymous had access to one
of the call participants' email accounts and had intercepted an email
containing the dial-in information and passcode for the trans-Atlantic phone
call, an Anonymous member bragged on Twitter.
"The #FBI might be
curious how we're able to continuously read their internal comms for some time
now. #OpInfiltration," AnonymousIRC wrote on Twitter.
The email invitation for the
Jan. 17 conference call had been sent to 44 government officials and members of
the law enforcement community, including FBI's cyber-crime-specialist
counterparts in the French government, London's Metropolitan police,
representatives from the European Union criminal intelligence agency Europol,
the Swedish government and the Netherlands, according to a post on the text-sharing
Congress is making some
movements toward a comprehensive cyber-legislation.
The House Homeland Security
Subcommittee on Cyber-Security, Infrastructure Protection and Security
Technologies marked up the cyber-security bill sponsored by Rep. Dan Lungren
(R-Calif.) and unanimously approved it Feb. 1. Lungren's Promoting and
Enhancing Cyber-Security and Information Sharing Effectiveness Act (PRECISE) calls
for creating a nonprofit National Information Sharing Organization that would
collect cyber-security threat information and allow the industry to voluntarily
share the data with the government. The NISO umbrella would make private firms
and government agencies exempt from privacy laws that prevent data sharing, so
long as they share the information only for cyber-security purposes.
The bill also identified the
Department of Homeland Security as the lead federal agency for securing
networks operated by civilian government and private sectors. The bill also
does not give the government an "Internet kill switch" or authority
to limit Internet traffic in case of an emergency.
ISPs and other operators
need "clearer legal authority" to share signatures and other
information about suspected attacks with each other and with the government,
wrote Greg Nojeim, senior counsel at the Center for Democracy and Technology,
on the CDT
. A private nonprofit organization would pose far fewer privacy risks
than an information-sharing hub run by the government, according to Nojeim.
The Senate has plans to
present its version of the cyber-security bill for markup by Feb. 17. The
Senate bill is rumored to also put the Department of Homeland Security in
charge, but the agency would also have the authority to create security rules
for the private sector to follow, and punish companies that do not comply with
the rules. The Department of Homeland Security would decide which companies it
would be able to regulate but would select those with systems whose "disruption
could result in the interruption of life-sustaining services, catastrophic
economic damage or severe degradation of national security capabilities,"
according to a summary of the bill.
As much as 85 percent of the
country's critical infrastructure is controlled by the private sector.
"Where the market has
worked, and systems are appropriately secure, we don't interfere," said
Sen. Joseph Lieberman (Ind.-Conn.), chairman of the Senate Homeland Security
and Governmental Affairs Committee. "But where the market has failed, and
critical systems are insecure, the government has a responsibility to step
in," Lieberman said.