‘We Would Lose’ Cyberwar if Attacked, Ex-Intelligence Chief Says
Approve the Senate Commerce Committee’s cybersecurity bill or face doom: That was the stark choice posed by the George W. Bush administration’s last Director of National Intelligence at a committee hearing Tuesday. Mike McConnell, executive vice president of Booz Allen Hamilton’s national security business, laid out a vision for a future Internet brought under federal control in the same way that railroads came under heavy regulation at their peak of influence. Meanwhile, an FCC official made a pitch for his agency to use its experience in collecting status information from traditional communications networks to do the same for the Internet at large.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
The Cybersecurity Act (S-773) has gone through four drafts since it debuted last year to widespread concerns it would give too much power to the executive branch (CD June 1 p1), said Committee Chair Jay Rockefeller, D-W.Va. “We kept calling in the stakeholders” and revising provisions they found problematic. But last week’s Cyber ShockWave simulated cyberattack (CD Feb 17 p9) removed any doubt that the U.S. needs “strong top-level coordination” to successfully respond to an attack, Rockefeller said.
Sen. Olympia Snowe, R-Maine and cosponsor of the committee bill, said they've had “literally hundreds of meetings” with interested parties. Though they met recently with new federal cybercoordinator Howard Schmidt, leaders remain worried the job lacks “heft” and a direct line to the president, she said. The cyberattacks on Google and other companies traced to China “should serve as a wake-up call to those who have not taken this problem seriously.”
“If the nation went to war today in a cyberwar, we would lose,” McConnell said. The U.S. can’t “mitigate the risk,” he said bluntly: “We're going to have a catastrophic event” that will spur a more forceful reaction from the government unless the committee bill becomes law. “We're going to have to morph the Internet” from its commercial focus, symbolized by the .com domain, to a “dot secure” framework, based on authentication, data integrity and “non-repudiation,” McConnell said.
If the history of federal regulation of railroads and automobiles is any indication, the Internet is due for serious regulatory intervention -- a rare point of agreement with China, McConnell said. U.S. currency is based on “accounting entry” and thus the financial system is most vulnerable to attack: An extremist group could “scramble” financial data and shake public confidence. McConnell also warned the U.S. will have to develop a cyber “preemption” policy.
Many FCC cybersecurity recommendations will be addressed in the National Broadband Plan, said James Barnett, chief of the Public Safety and Homeland Security Bureau. Communications licensees already provide the FCC near-real- time data on outages and network problems, so it’s well positioned to manage “situational awareness” of the broader Internet, he said. The commission is considering a voluntary certification program to get out its cyber best practices developed by a previous working group, and it’s talking more to regulators abroad on the issue, Barnett said: “We're at the start of a long journey.”
Sen. Mark Pryor, D-Ark., questioned Barnett on the extent of the role that Barnett envisioned for the commission. Pryor asked if businesses can “talk among themselves” without fear of antitrust or other regulatory violation. That’s exactly where the FCC can play a role, Barnett said: Regulated providers won’t share information with each other but they do with the commission, which keeps information confidential.