Cyber security could be one of those things that, in retrospect, leads to congressional hearings and scathing media reports — after an enemy has launched an attack. Using computers as weapons is a new form of warfare that may seem dubious to some, but the threat is real and the results could be devastating. Now is the time to prepare.
That was the unequivocal message Defense Secretary Leon Panetta delivered recently to group of business leaders. He outlined the worst-case scenario — a "cyber Pearl Harbor." An enemy could shut down the nation's power grid; disrupt its transportation system, causing trains loaded with lethal chemicals to derail in major cities; and contaminate the water supply. While computer hackers carry this out, conventional weapons could be unleashed in a more traditional military attack against a United States that suddenly is disrupted and defenseless.
The speech was overshadowed by other events of the day, most notably the vice presidential debate, but Panetta's warnings are worth careful consideration. The United States already has been conducting cyber attacks of its own against Iran, which became public two years ago. Such attacks are seen as one way to halt Iran's nuclear enrichment plants, but they also raise the risk of a retaliatory strike, and computers offer an effective way for a nation at a military disadvantage to cause significant damage to a larger foe.
Panetta and the Obama administration would like Congress to pass a bill that aims to strengthen cyber security in the private sector. Specifically, it is concerned with privately owned water companies and other utilities, but it also wants government and business to share more critical information about threats, attacks and defense measures. The bill has been stuck in the Senate, where Republicans have filibustered it.
Specifically, Republicans are responding to the U.S. Chamber of Commerce, which worries about burdensome regulations and a natural tendency for government to be cumbersome and slow-footed in the face of a computer threat that is continually changing and adapting to new technologies.
These are legitimate concerns, as are concerns about government gaining too much control over, and access to, private business. However, the government's worries also are legitimate. Without national security, the private sector cannot freely operate.
Panetta has said the Defense Department is not interested in looking at emails or other information that would violate basic rights and liberties. He shouldn't then mind if the final bill includes language that leaves such things off limits.
As currently written, the bill would set security goals that businesses themselves would determine how to reach. In return, businesses that meet those goals would be immune from any liabilities in the event of a successful cyber attack. Victims' advocates may not like that, but business should find those terms reasonable.
Surely, Congress ought to be able to iron out the details and pass a bill that reasonably protects liberty and free enterprise while allowing the nation to better defend itself. This is not a liberal or conservative matter. We're certain a Republican administration would lobby for the same sort of bill.
Underlying the debate, however, must be the notion that the nation cannot afford to be unprepared in the face of this new type of threat.