The Daily Record - New Tools Are Needed to Combat Cyber Threats

Op-Ed

By:  Rodney Frelinghuysen
Date: June 12, 2012
Location: Unknown

By Representative Rodney Frelinghuysen

Article 1, Section 8 of the U.S. Constitution says "Congress shall have Power to…provide for the common Defence and general Welfare of the United States."
Further, Article Four, Section Four states that the "United States shall guarantee to every State a republican form of government and shall protect each of them against invasion." In other words, even if the federal government chose to exercise no other power, it must, under the Constitution, provide for the common defense.

In the Republic's earliest days, that meant defeating imperial powers on our soil and in our near-shore waters. Later, the threat came from invading armies and marauding foreign navies and pirates. In the 20th Century, America reacted to the challenges posed by dictators overseas and tyrants who attacked us. The Cold War spawned "Mutually Assured Destruction" in a bi-polar world.

Today, terrorists still stalk Americans everywhere. However, Congress' newest challenge is to counter the growing threat to our economy and security posed by cyber criminals and online terrorists. If we ignore it, it will not go away. And we are no longer talking about the solitary teenager in his mother's basement hacking into a high school database to change a grade. The situation is much, much more serious than that.

Why? Because with each passing day, the Internet is becoming more central to our economy, security and our private lives. For example, Internet commerce accounted for $684 billion or 4.7% of all U.S. economic activity in 2010.

107 trillion emails were sent 2010, an average of 294 billion per day. Facebook reports that it has over 845 million users worldwide, 50% log in daily and have an average of 130 "friends." In addition, Twitter claims to have over 100 million active users worldwide, half of whom log in daily. To support these trends, 461 million mobile phones and tablets were sold in 2011.

Today, a whole range of Americans and organizations are targeted every hour of every day by organized hackers intent on stealing our jobs and robbing sensitive government information through the Internet. We also have countries that have developed the capabilities to completely break computer networks. These disruptions can be catastrophic when you think about our financial sector, or public utilities, or the "command and control" elements for all our national security systems.

And this problem is getting incredibly personal. One credit card company reports that they get attacked for cardholders' personal information 300,000 times a day.
Another firm estimated 20,000 manufacturing jobs were lost for Americans -- good paying jobs -- because countries like China stole their trade secrets and illegally competed against them in the market place.

In fact, the leader of the Pentagon's Cyber Command, General Keith Alexander, recently told members of the House Intelligence Committee, with whom I serve, estimates of the value of lost corporate and government information range as high as $1 trillion --"the greatest transfer of wealth in the history of the planet."

In the next few weeks, my Defense and Homeland Security Appropriations Subcommittees will provide funding to attack this threat. But, beyond funding, a new approach is needed -- a narrow, yet effective solution which protects our privacy under the Constitution.

The House recently passed the bipartisan Cyber Intelligence Sharing and Protection Act (CISPA). This measure helps the private sector protect itself and its clients from attackers and data thieves. The intelligence community has the ability to detect cyberthreats, malicious codes and viruses, before they are able to attack our networks.

But right now, Federal law prohibits the intelligence community from sharing the classified cyber threat information with the companies that can protect us and their networks--the AT&Ts, the Verizons, the Comcasts, the Bank of Americas, PSE&G, etc.

CISPA allows the intelligence community to share the codes and signatures associated with malware and viruses and the means to counter these dangerous elements with private companies. These companies keep a lookout for these viruses and work to stop them. Conversely, the bill also allows the private sector to share with the intelligence community data on any particular new peril they detect.

This kind of information sharing is a "force multiplier." It combines the technological strength of our network providers with the ongoing efforts of our intelligence agencies to combat growing and morphing cyberthreats. In the process, the bill protects privacy and civil liberties. CISPA draws a line between the government and the private sector. It is all voluntary. There are no new mandates. There is no government surveillance in this proposal.

In fact, the bill includes language allowing businesses that share information with the government to "minimize" the personal data it passes along to exclude some details. The intelligence community's Inspector General would audit how the bill is being implemented.

Let me be clear: CISPA is not SOPA, the Stop Online Piracy Act, which I strongly opposed earlier this year. CISPA is not an over-reaching set of government mandates that threaten to shut down sites across the web. Rather, it's a totally voluntary avenue for information sharing designed to help American companies protect American jobs and our citizens.