The threat of a devastating cyber attack on America's critical infrastructure is real, the consequences would be costly and the need for action by Congress is urgent. That is the consensus of a panel of technology, energy and banking industry representatives, and a former Secretary of Homeland Security.
"It doesn't take a lot to understand how an attack on critical infrastructure during a time of tension could seriously undermine the ability of a country to defend itself," said former Homeland Security Secretary Michael Chertoff, who keynoted a House Cybersecurity Caucus Summit on Capital Hill Tuesday. "We don't want to have another 9/11 in order to learn this lesson."
"It's of great concern in terms of protecting businesses and the private sector from the theft of intellectual property, espionage and the potential of denial of service attacks or a reprogramming virus like Stuxnet that could cripple the nation," said Congressman Michael McCaul (R-TX), co-chair of the House Cyber Caucus, referring to the virus that crippled Iran's nuclear facilities.
"We have to redouble our efforts. This is important not only to our national security but to our infrastructure and our economic competitiveness," said Congressman Jim Langevin (D-RI), co-chair of the House Cyber Caucus. "This is a time more than ever when we need closer collaboration between the public and private sector."
"We are batting a thousand," said Roger Cressey of the corporate cybersecurity consulting firm Booze, Allen, Hamilton. "We have yet to find a network that has not been penetrated by a sophisticated adversary. The message today: the threat is urgent and real. We need to take steps."
The Cyber Summit served as a prelude to as many as half a dozen pieces of cyber legislation on which the House is expected to vote next week. Congressman McCaul's Cybersecurity Enhancement Act would harden federal networks, increase research and development, strengthen education and awareness of hygiene, and procurement policies to influence the private sector to better secure their networks. Other bills would encourage sharing of signature threat information between the public and private sector.
"I had the experience of living through an event that occurred after there was a fair amount of warning and four planes were hijacked and we lost about 3,000 people. My message to anybody who's interested in this, particularly in Congress, is let's do something meaningful because it is not a tolerable situation," Chertoff said.