Senate discussing cyber protection bill against foreign hackers

March 1st, 2012

American citizens are not the only ones at risk of being hacked. The federal government is also vulnerable to malicious cyber attacks from Russian and Chinese hackers.

To answer these security concerns, the Senate is currently discussing the Cyber Security Act of 2012. The bill largely increases the Department of Homeland Security’s (DHS) role in preventing and detecting cyber crime.

Currently, most of the efforts to combat cyber crime are done at the state and local levels. This new bill authorizes a new sub-agency to be created within the DHS to oversee and act on these concerns.

“The threat posed by cyber attacks is greater than ever. It’s a threat not just to companies like Sony or Google but also to the nation’s infrastructure and the government itself,” said one of the three cosponsors of the bill, Sen. Jay Rockefeller (D-W.Va.). “Today’s cyber criminals have the ability to interrupt life-sustaining services, cause catastrophic economic damage, or severely degrade the networks our defense and intelligence agencies rely on.”

There has been a strong push to get the bill passed quickly because of the potential impact an attack could have on the United States infrastructure.

“Ask any expert in the national security field and see what keeps them up at night. They would probably tell you, as they tell me, that it is the increased possibility of a devastating cyber attack,” said Rep. Cliff Stearns (R-Fla.).

The bill would allow the DHS to impose certain standards on businesses to ensure that they’re adequately protected. Furthermore, the DHS is allowed to assess businesses and evaluate if they’re at risk for an attack and potentially shut them down.

But with this new potential power there are many concerns. Skeptics worry about the DHS being allowed to look at businesses emails and place wiretaps, given the vagueness of what all is authorized under the countermeasures.

“We do have some serious concerns about this language,” said Amie Stepanovich, counsel for the Electronic Privacy Information Center. “The bill would, essentially, allow the government to flag any activity which may indicate a potential crime. The bill does not specify any type of crime, or even if it has to be a felony or a misdemeanor.”

There are also concerns about the effectiveness of giving all the oversight to one single agency. Currently, many different agencies and levels of government handle these concerns. “The proposal is seriously flawed,” said Sen. Chuck Grassley (R–Iowa). “It’s kind of heavy-handed on the part of the federal government and I think it’s unnecessarily costly.

“Ironically, it would likely slow down the ability of the United States to respond to these cyber threats.”

Grassley’s rationale is that this is just a massive expansion of the government bureaucracy, which is only going to increase the risks these attacks even occur. It could also slow down businesses because the time it takes to do these inspections. Furthermore, by placing more requirements on businesses it will hurt their ability to flourish.

Senate Majority Leader Harry Reid (D-Nev.) wrote a letter to U.S. Chamber of Commerce President Thomas Donahue regarding these issues. “You are absolutely right that a regulatory framework creating bureaucratic redundancy, over-intrusive requirements, and unmanageable costs is counterproductive and contradictory to the spirit of public-private partnership that must drive our nation’s cybersecurity efforts,” he wrote.