Boost national cybersecurity without stifling freedom
The US government should apply stricter control over its own network, but it should leave public networks alone.
Virginia Beach, Va.
For years, the US government has been fretting over national network vulnerabilities with banking and financial assets, government and military data, and the energy and utilities grid. Just last year, the Defense Department detected 360 million attempts to penetrate its networks, up from 6 million in 2006.Skip to next paragraph
Subscribe Today to the Monitor
One such attack involved overseas hackers that breached both the nation's electricity grid and the Pentagon's biggest weapons program, the $300 billion Joint Strike Fighter, according to the Wall Street Journal.
"We are literally under attack every day as our networks are constantly probed and our adversaries seek to exploit vulnerabilities," Lt. Gen. William Shelton, the Air Force's chief information officer, told a House Armed Services Committee panel this week.
To be sure, America is so e-vulnerable in so many e-ways that security officials now say Washington has no other choice but to extend its national security efforts across the Internet. This makes sense at first glance. However, the "Cybersecurity Act of 2009" (introduced recently in the Senate and apparently lacking independent expert testimony) would advance a plethora of shady mandates that could impinge on America's freedom and actually put it at greater risk.
The bill requires federal agencies to take some needed steps to secure their computer networks. But it also essentially decrees the government grand overseer of Internet and network security, granting agencies such as the National Security Agency and Department of Commerce rights to regulate and impose their own universal security standards across public and private networks. It would even grant the president the most epic privilege: the ability to control and shut down any network the government wanted in the name of a "cyber emergency" – though that term isn't defined.
The government tried its hand at managing the national network infrastructure ( the system of digital networks that electronically link the electrical grid, defense systems and the White House) with The Federal Information Security Act of 2002 (FISMA). It enforced security rules for government information systems. But it seemed bent on compliance and report cards rather than on actual measurable performance.
Security experts later lambasted the act as a lethargic piece of legislation that stymied action and built nothing but paper fortresses. Even former White House security adviser Howard A. Schmidt admitted recently that despite laudable goals, FISMA "has not managed to solve security problems."