Are we on the verge of a cyber infrastructure apocalypse? Can Washington save us? A group of senators including Joe Lieberman and Dianne Feinstein are trying to breathe new life into a cyber security bill (see: The Real Cyber Threat is From Politicians and Bureaucrats) by reintroducing The Cybersecurity Act of 2012. The bill assumes that a partnership between big government and the private sector cemented by veiled threats will protect our infrastructure from cyber terrorism. Can government control of cyber security force the nation to be more secure, or will Washington’s technology lapses render efforts to protect America from cyber terrorism another exercise in federal futility?
Big government creates a cyber terrorism threat
Big government carries it own risks. Washington has become so enormous that federal information technology is an evolving catastrophe. We lose tens of billions to improper payments, administer an immigration system incapable of keeping track of who comes and goes, and know about rampant entitlement fraud, a massive tax gap, and an ongoing list of other problems we can’t fix because of the inability to manage information technology on the scale required by big government.
An April 2012 GAO report detailed House subcommittee testimony, adding to previous warnings about Washington’s management of federal computer systems:
The threat posed by cyber attacks is heightened by vulnerabilities in federal systems and systems supporting critical infrastructure. Specifically, significant weaknesses in information security controls continue to threaten the confidentiality, integrity, and availability of critical information and information systems supporting the operations, assets, and personnel of federal government agencies.¹
Not only was it reported that “most major federal agencies had weaknesses in most of the five major categories of information system controls…”² but threats are increasing:
The number of cybersecurity incidents reported by federal agencies continues to rise, and recent incidents illustrate that these pose serious risk.³
Government control would secure private sector systems with threats
The Senate bill creates a National Cybersecurity Council overseen by the president and chaired by Homeland Security, an agency whose past misadventures with technology wasted our money (see: Homeland Security’s Lesson in Denial). Bill sponsors talk about offering rewards to the private sector for voluntary cooperation with federal standards, but their words speak otherwise and raise the specter of liability and punishment. Warning of the looming catastrophe cyber threats pose to private sector infrastructure, sponsors maintain:
This compromise bill creates a public-private partnership to set cybersecurity standards for critical American infrastructure, and offers the reward of some immunity from liability to those who meet those standards. In other words, we are going to try carrots instead of sticks as we begin to improve our cyber defenses.4
The president was more candid, referring to “reasonable liability protection”5 that predictably places Washington at the helm while casting doubt on private sector businesses:
To their credit, many of these companies have boosted their cyber defenses. But many others have not, with some lacking even the most basic protection: a good password. That puts public safety and our national security at risk.6
Washington has already placed our national security at risk because of its vulnerability to cyber threats. Cyber terrorism notwithstanding, taxpayers lose more to improper payments (see: Smaller Government the Answer to Bad Payments) than the PR for the Cybersecurity Act of 2012 attributes to private sector losses from cyber crime:
Moreover, U.S. companies lose about $250 billion a year through intellectual property theft, $114 billion to theft through cyber crime and another $224 billion in down time the thefts caused.7
Given the president’s “you didn’t build that” stance, it is no big surprise that Washington ignores the rule about glass houses and stones when it comes to the threat of cyber terrorism.
A bill to head off cyber threats does not mean big government will do its job
No one would argue that it is crucial that we ward off cyber terrorism and intrusions into our critical systems and infrastructure. What we should argue with is government control of our nation’s cyber security with hints of liability for businesses that don’t step in line when Washington knows it needs to fix its own flawed computer systems before we can be secure.