This week’s panel on cybersecurity at CPAC rightfully put a spotlight on the vulnerability of our economy and critical infrastructure to continuing cyber-attacks, with the panel warning that we could soon be facing a “Cyber Pearl Harbor” for which the U.S. is ill-prepared.  Breitbart reports that one of the panelists, Sen. Rob Portman (R-OH), noted several issues that need to be addressed in light of the growing cybersecurity threat, including dysfunction in Congress on this subject:

Portman said that it costs the country up to $100 billion a year to address these attacks, but the federal government isn’t even close to finding a solution to these issues.

One of the problems in Congress, Portman said, is that there are five committees tackling this issue and there isn’t enough coordination between them. This, Portman said, is diluting the ability of the country to erect defenses and craft legislation to deal with these attacks.

Portman insisted that the nation needs to quickly change its anti-trust laws to help companies share information about cyber attacks both with other companies and with the government so patterns and solutions can be found to these attacks. Unfortunately, Portman warned, our 21st century problem is being addressed with 20th century laws.

The Senator also hoped to get more people from the business sector into Congress because Congress is not up to the task of solving these problems with mere politicians. He continued saying that this administration has been caught flatfooted on these issues but this is not an area we can ignore.

Compounding the institutional problems holding Congress back from effectively tackling the cyber-threat is the bureaucracy that prevents key agencies from collaborating with one another, or with the private sector, as Army Cyber Command notes in Defense One:

Despite the fact that [Army Cyber Command’s commanding general, Lt. Gen. Edward Cardon’s] organization increased exponentially in a year — going from only two functional units, to its current 25 — a large-scale nation-state-directed cyberattack magnitude could likely not be defeated without significant teamwork across the federal government and the private sector, according to Cardon.

The only problem is the government is still taking baby steps toward greater collaboration with the private sector and even personnel- and resource-sharing between federal agencies themselves can still be spotty.

‘I think eventually where we’re going to have to get to is a much closer relationship between government and private for these true World War I-type events,’ Cardon said.

In its current format, teamwork between federal agencies remains a challenge because different agencies are simply not equipped to collaborate, according to Cardon.

For example, a National Security Agency analyst’s request to work for a year on rotation at the Army Cyber Command isn’t as simple as it might sound. The two organizations’ personnel systems are unable to interact.

‘We’re not set up that way,’ Cardon said.

Collaboration between federal government and private industry brings with it even more red tape. But the opportunities for collaboration appear to be slowly improving.

These are serious impediments to addressing cyber-warfare and they need to be solved.  But as our policymakers attempt to do that, it’s critical for them to remember that a cyberattack is just one way to take down our electric grid and the economy and infrastructure that rely on it.  It’s ironic, and alarming, that as we struggle to figure out simply how to organize ourselves to prevent that kind of a “Digital Pearl Harbor”, someone could walk up to a power cable with a hacksaw and cause the same kind of chaos that we’re worried about from a sophisticated virus.  Washington Free Beacon reports:

Cellphone, Internet, and telephone services across half of Arizona went dark on Wednesday [Feb. 25] after vandals sliced a sensitive fiber optic cable, according to those familiar with the situation. The incident is raising concerns about the safety of U.S. infrastructure.

The outage shut down critical services across large parts of the state, preventing individuals from using their phones, bank and ATM cards, and the Internet. Critical services, such as police and state government databases, as well as banks and hospitals, also were affected as a result of the vandalism.

It’s worth noting that this isn’t the first time we’ve seen a physical assault of serious proportions on our grid.  Almost a year ago, the Wall Street Journal reported on an April 2013 coordinated sniper attack on a PG&E Corp. substation in California that came very close to blacking out Silicon Valley.

Thankfully, there are Members of Congress who recognize that a cyberattack is not the only way to skin a grid.  Rep. Trent Franks (R-AZ) recently reintroduced the Critical Infrastructure Protection Act (CIPA), focused on ensuring that the Department of Homeland Security is adequately factoring electromagnetic pulse events and geomagnetic disturbances into its threat assessments with respect to U.S. electrical infrastructure.  Passed unanimously last Congress, CIPA tackles a critical component of what ought to be an all-hazards approach to hardening our electric grid against the range of threats out there.

We should be doing everything we can do prevent a catastrophic cyberattack on the United States, but the rest of these hazards are not going away while we scramble to address the cyber threat.

Ben Lerner

Please Share: