Why the cyber security bill in Congress is getting big push from Pentagon
The bill would require US companies that run 'critical infrastructure' to buttress their cyber security and share certain information with the government. Critics say that's risky and unnecessary, but the Pentagon is all for it.
What keeps Pentagon planners today up at night, even more than the threat of a terrorist attack? It is the prospect of an act of cyberwarfare – an incursion into America’s financial systems, water treatment plants, or the electrical grid that keeps lights on and homes heated.Skip to next paragraph
Subscribe Today to the Monitor
“Cyber will overtake terrorism as the persistent, gnawing, constantly-at-us kind of threat and danger,” warned Ashton Carter, deputy secretary of Defense, at a conference last month in San Francisco. He was relaying the fears of FBI Director Robert Mueller, who has been describing the dangers of cyberincursions in the same stark terms for months.
On this front, Pentagon officials have become increasingly vocal. They routinely hire teams of professional hackers to find vulnerabilities in computer systems. And they have lobbied to pass legislation currently circulating on Capitol Hill to step up information-sharing between the government and private industry to increase cybersecurity, especially when it comes to “critical infrastructure” such as power plants.
RECOMMENDED: The new cyber arms race
Yet this information-sharing raises eyebrows among some critics outside the Defense Department, who say private companies have enough incentive to improve cybersecurity without legislating it, and that such exchanges between the Pentagon and industry have the potential to compromise privacy.
The Pentagon, for its part, makes no secret of the fact that, even in a time of fiscal restraint, there is money to be had for firms that can help make the cyber realm more secure. In the midst of tense defense budget negotiations, “I can just tell you that at no time in the deliberations ... was it even considered to make cuts in our cyber expenditures – not even considered,” Mr. Carter said.
In fact, that portion of defense spending is increasing. It would increase still more “if we could find more worthy investments to make,” Carter added.
Even so, companies don’t necessarily understand the threat of cyberattack, Pentagon officials say. Though the “long march” toward cybersecurity is just beginning, Carter says, “It’s difficult to embark on this march, because the market, both economic and political, undervalues security at the moment – doesn’t see it, doesn’t fully get it,” he added. “And I’m afraid events will soon prove it wrong.”
Legislation on Capitol Hill would require a certain degree of federal oversight of cyberprotection for “critical infrastructure” such as power stations and water plants. Disabling such facilities by attacking their computer systems, say defense officials, would be a “cyber Pearl Harbor.” The bill also would require private firms to let the government know when their systems are hacked.