Cybersecurity on the march

For the last several years, Rhode Island Congressman James Langevin has been pushing hard for comprehensive cybersecurity legislation.

Yesterday, a big step toward making that a reality: the US Senate, which had been slow to move on the issue, released a long-awaited cybersecurity bill to go with one making its way through the House.

Langevin can't claim authorship of the legislation; the GOP's 2010 takeover of the House ensured that Republicans would take the lead in writing the bill now winding its way through that chamber.

But he has beat the drum for some of the bills' central motifs. And he did pen a section of the House legislation that focuses on regional cybersecurity efforts, like the one he helped launch in Rhode Island.

If major cybersecurity legislation passes, Langevin will surely make a case for a significant Washington achievement.

But will the legislation make a major dent in the problem?

The central fight in Washington is this: how much of a regulatory burden should the federal government impose on the companies that control critical infrastructure - like the power grid, water system, and transportation - vulnerable to cyberattack?

The GOP is, naturally, more reluctant to require a whole lot of business. And the House bill reflects that bias, offering a relatively light touch. In the Senate, where Democrats hold a majority, the cybersecurity bill takes a tougher line on the utilities  - and is already facing pushback from industry and prominent GOP senators like John McCain.

Langevin has voiced support for both the House and Senate bills, even while suggesting they are flawed. "We must not allow the perfect to be the enemy of the necessary," he says. But he clearly seems to favor the tougher Senate approach to the utilities - and maybe something evem stronger. From his speech, today, before the American Bar Association:


As STUXNET has shown the world, a serious attack through cyberspace is all too real a possibility, yet many companies still have not confronted this risk, focusing on reliability over security and profit over protection.

The threat of a cyber war against our critical infrastructure may seem far off. But we are already beginning to see interest among the hacking community in the massive and often shocking vulnerabilities and lax mindset that plague our power, water, transportation and other utilities.

It used to take a sophisticated hacker to pull off a distributed denial of service attack; now all you need is an Internet connection, tools such as the Low Orbit Ion Cannon and a few angry individuals.

I believe it’s time for a new take on the public-private partnership, with government taking the lead in issuing standards and guidance for the protection of critical utilities and infrastructure. I have worked hard to bring this model of a federal lead in cybersecurity to the electric grid, but it applies across other sectors as well.

It seems likely that something will come out of Congress - there is enough bi-partisan concern around this national security issue to give the legislation legs.

But what, precisely, emerges - and what it will mean for Langevin's legacy and our cyber defenses - is yet to be determined.


| More

 Friends' Activity   Popular 
All Blogs
Follow the Phoenix
  • newsletter
  • twitter
  • facebook
  • youtube
  • rss
Latest Comments
Search Blogs
Not For Nothing Archives