Despite debates on Capitol Hill, few would disagree that the US needs to take steps to enhance the nation’s cybersecurity. But defining cyber procedures and necessary precautions continues to keep Congress at odds.
In an attempt to speed up the process, the Homeland Security and Governmental Affairs Committee (HSGAC) this week played host to a cyber attack demonstration put on by the Department of Homeland Security (DHS).
With DHS Deputy Undersecretary for Cybersecurity Mark Weatherford leading the demo, the event’s intent was to show members of Congress how easy it is for a hacker to access a system, specifically through a spear phishing cyber attack.
"Anyone can do them,” said Weatherford during the demo, according to Federal News Radio. “These are very common techniques and tactics that are used to do (all) kinds of things.”
Pointing out that spear phishing could lead hackers to access passwords, personal documents and other classified information, the DHS demonstrated that an attack could occur – from beginning to end – in under five minutes.
But it seems it’s going to take more time to convince Congress to move on the matter.
Citing the demo he had seen earlier in the day as cause for action, HSGAC Chairman Joe Lieberman (I-Conn.) took the Senate floor on Wednesday, urging his colleagues to pass the Cybersecurity Act of 2012, a bill the chairman cosponsored alongside Sens. Susan Collins (R-Maine), Dianne Feinstein (D-Cali.) and Jay Rockefeller (D-W.Va.).
“The House has passed a cybersecurity bill that takes some initial good steps and I congratulate them.” Lieberman said in a Senate floor statement. “But I believe the bipartisan Senate Cybersecurity Act of 2012… is the better bill, in large part because it addresses the need to secure our nation’s critical infrastructure.”
“But we need to pass our bill so we can go to conference and iron out our differences with the House – and the time remaining to do this is growing short. We know that the ‘lame duck’ session will be almost exclusively taken up with the crucial national security debate about reversing the $500 billion in defense cuts mandated by the Budget Control Act, as well as dealing with the expiration of the Bush tax cuts and the payroll tax cuts.”
With time running out, Senate Majority Leader Harry Reid (D-Nev.) also appeared on the Senate floor this week, calling on his cohorts to take action.
“We’ve already seen cyber attacks on our nuclear infrastructure, our Defense Department’s most advanced weapons, the NASDAQ stock exchange and most major corporations,” Reid said in a statement. “These attacks cost our economy billions of dollars a year, and thousands of jobs. So we need to act quickly to pass legislation to make our nation safer and protect American jobs.”
Reid also referenced a letter that he and Senate Minority Leader Mitch McConnell (R-Ky.) received last week from six former Bush and Obama Administration intelligence officials, including Michael Chertoff, Paul Wolfowitz, Mike McConnell, General Michael Hayden, Retired General James Cartwright and William Lynn III.
In the letter, the six former officials advised: “We carry the burden of knowing that 9/11 might have been averted with the intelligence that existed at the time. We do not want to be in the same position again when ‘cyber 9/11’ hits – it is not a question of whether this will happen; it is a question of ‘when.’”
Agreeing with the officials’ correspondence, Reid went on to warn, “The longer we argue over how to tackle this problem, the longer our power plants, financial systems and water infrastructure go unprotected.”
“Everyone knows this Congress can’t pass laws that don’t have broad, bipartisan support. So we’ll need to work together on a bill that addresses the concerns of lawmakers on both sides of the aisle.”
Michelle Kincaid is a DC-based public affairs professional specializing in technology policy. She is also founder of the blog CybersecurityNews.org. Follow her on Twitter at @OnCybersecurity.