Cybersecurity reform has risen to the top of the Obama administration's agenda in recent months, but vocal opposition from a variety of camps has stopped several proposed bills in their tracks. In an effort to galvanize support for a crucial cause, the president recently invited senators to observe an elaborate simulation of what might occur if a cyberattack were to strike New York City's power grid during a summer heat wave.
According to the Hill, all 100 senators were invited to the briefing and approximately one-third attended. The legislators were joined by several other high-ranking officials, including Secretary of Homeland Security Janet Napolitano, FBI Director Robert Mueller, National Security Agency director Keith Alexander and the president's top cybersecurity and counterterrorism aides. The demonstration comes amid intense debate regarding who should be given the responsibility of setting security standards to protect critical national networks, and exactly what such authority would entail.
"The classified scenario was intended to provide all senators with an appreciation for new legislative authorities that could help the U.S. government prevent and more quickly respond to cyberattacks," White House National Security Council spokeswoman Caitlin Hayden told reporters. "Only Congress can modernize our underlying laws and give us the full range of tools our cybersecurity professionals need to more effectively deal with this growing and increasingly sophisticated threat."
Although the administration's latest display provided a valuable analysis of the real-life implications tied up in legislative disagreements, there has been a consistent chorus of criticism coming from the private sector as industry experts have come forward to suggest that heavy-handed government intervention could compound the dangers.
One popular refrain has been the assertion that the public sector is, by its very nature, not qualified to design or enforce changes in this particular area and that government regulation of national networks would be a false solution.
"Such requirements could have an unintended stifling effect on making real cybersecurity improvements," explained AT&T chief security officer Edward Amoroso, according to Bloomberg. "Cyber adversaries are dynamic and increasingly sophisticated, and do not operate under a laboriously defined set of rules or processes."
Congressional leaders have also encountered opposition from civil liberties advocates, who have expressed fear that the proposed expansion of monitoring capabilities afforded to government agents could become a consumer privacy nightmare. According to Reuters, critics are worried that the classifications of which types of consumer information can be shared among federal cybersecurity centers are overly broad. The loose definition of phrases such as "malicious intent," for example, could mistakenly bring ordinary emails containing constitutionally protected protest speech under suspicion.
Despite the prevalence and vigor of criticisms aimed at government regulation, the private sector has been unable as of yet to provide a clear alternative. Internet security providers (ISPs) have been particularly resistant to accepting a role in legislators' plans. Instead, these companies are hoping to shift the conversation away from compliance and toward market innovation.
ISPs already have inherent incentives to maintain the security of their networks, according to CSO Online, and Comcast vice president Jason Livingood is one of several industry counterparts who have suggested that bureaucracy brought on by government intervention could actually inhibit their effectiveness. Worrying about the administrative tasks associated with ensuring and proving compliance, for example, could take precious time away from IT responsibilities. Livingood has insisted that market solutions, like the implementation of DNSSEC (domain name system security extensions), would provide more agile and effective Internet security protection.
Security News from SimplySecurity.com by Trend Micro