WASHINGTON, D.C.—“If the nation went to war today in a cyberwar, we would lose. We're the most vulnerable. We're the most connected. We have the most to lose." Former Director of National Intelligence Mike McConnell delivered that bracing statement at a recent Senate hearing on cybersecurity.
The information networks that nearly every American relies on are under constant attack by sophisticated cyber adversaries. These adversaries target our identities, our money, our businesses, our intellectual property, and our national security secrets. They often succeed. What's more, they have the potential to disrupt or disable vital information networks, which could cause catastrophic economic loss and social havoc. We are not prepared.
President Barack Obama is right to call cyberspace a "strategic national asset." The challenge is that 85% of these assets are owned by private companies and individuals. The government cannot protect cyberspace alone—and neither can the private sector. Therefore, we need proactive collaboration.
As members of both the Senate Commerce and Intelligence committees, we know our national security and our economic security is at risk. We have proposed legislation, the Cybersecurity Act of 2010, that will create a partnership between the government and private companies to protect our information networks before, during and after a crisis. Our bill will do the following:
- Create the position of national cybersecurity adviser to coordinate government efforts and collaborate with private businesses. The person who fills this position would be confirmed by the Senate and answer directly to the president.
- Launch a new public awareness campaign to make basic cybersecurity principles and civil liberty protections as familiar as Smokey the Bear's advice for preventing forest fires.
- Support significant new cybersecurity research and development and triple the federal Scholarship-For-Service program to 1,000 students. This program recruits individuals to study cybersecurity at American universities and then enter public service.
- Create a market-driven process that encourages businesses to adopt good cybersecurity practices and innovate other ways to protect our security. Companies that excel at this will be publicly recognized by the government, and companies that fall short in two consecutive independent audits will be required to implement a remediation plan.
- Encourage government agencies and private businesses to work together to protect our civil liberties, intellectual property rights, and classified information. Our bill provides for unprecedented information sharing, including giving cleared private sector executives access to classified threat information.
- Require the president and private companies to develop and rehearse detailed cyber-emergency response plans in order to clarify roles, responsibilities and authorities in a time of crisis. In a cybersecurity emergency, such as a terrorist attack or a major natural disaster, our country must be prepared to respond without delay.
Our proposal does not take private management responsibility away from private networks. To the contrary, it empowers the owners and operators of critical networks to meet cybersecurity challenges.
Divided fiefdoms in our intelligence community handicapped our ability to thwart the terrorists attacks on Sept. 11, 2001. Bureaucratic confusion left our nation unable to properly respond to the devastation of Hurricane Katrina. And this past Christmas, a failure to connect the dots nearly allowed a terrorist attack to take place aboard a U.S. airliner outside of Detroit.
We cannot allow similar weaknesses to expose our nation to serious cyber threats. But neither the government nor the private sector can protect our privacy and national security alone. This is a job for our entire country, and this year must be the turning point. We must build a strong public-private partnership for cybersecurity in the 21st century.
By Senator John D. (Jay) Rockefeller IV, (D-WV) and Senator Olympia J. Snowe, (R-ME).
As published in the Wall Street Journal on April 2, 2010.