Skip to: Content
Skip to: Site Navigation
Skip to: Search


'Loopholes' leave America with weak cybersecurity plan, experts say

A cybersecurity bill under consideration by Congress tries deal with private industry concerns, but its 'loopholes' would leave America open to cyberattack, experts said Thursday.

(Page 2 of 2)



In particular, the bill contains "significant loopholes," said James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies.

Skip to next paragraph

First, by defining "critical infrastructure" as only those systems that if disrupted "would cause mass death" or "major damage to the economy, national security, or daily life" many, if not most, critical computer networks would not be covered.

That weakness could be targeted, he said.

"Cyberattacks in the next few years won’t cause mass casualties," he noted. "The threshold [is] too high, and we are simply telling attackers where they should hit."

The other section of the bill that concerned him is a near-blanket "carve-out" that would exempt commercial information-technology manufacturers and service providers from any federal oversight.

"It makes sense that industry does not want government telling them how to make products," Dr. Lewis noted. "But a blanket restriction on services, maintenance, installation, and repair, could … leave the door open for a Stuxnet-like attack against America."

Other cybersecurity experts at the hearing seconded Lewis's assessment on the bill.

"I fear that it has already been weakened unduly by those who want us to do nothing," Steward Baker, a former DHS and National Security Agency official told the committee.

"We do not expect General Motors to field its own antimissile defenses in the event of a nuclear attack," Mr. Baker said. "And we cannot expect private power or oil companies to stand alone against calculated attacks from the militaries of half a dozen nations."

While the bill does an admirable job developing a flexible framework that allows private industry to respond rapidly to threats identified by the federal government, it needs to go further, he said.

"Commercial information-technology products are certainly part of the problem," Baker noted. "Why shouldn’t they be part of the solution?"

Get daily or weekly updates from CSMonitor.com delivered to your inbox. Sign up today.

Permissions

Read Comments

View reader comments | Comment on this story

  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer

 

Editors' picks

Doing Good

 

What happens when ordinary people decide to pay it forward? Extraordinary change...

Endeavor Global, cofounded by Linda Rottenberg (here at the nonprofit’s headquarters in New York), helps entrepreneurs in emerging markets.

Linda Rottenberg helps people pursue dreams – and create thousands of jobs

She's chief executive of Endeavor Global, a nonprofit group that gives a leg up to budding entrepreneurs.

 
 
Become a fan! Follow us! Google+ YouTube See our feeds!