Senate considers Cybersecurity Act of 2012 (with related video)
Senate Commerce Committee Chairman Jay Rockefeller (D-W.Va.) has been pressing his colleagues to approve the Cybersecurity Act of 2012, a bill that would give the DHS regulatory authority over companies with computer systems crucial to the nation's economic and physical security.
"The threat posed by cyber attacks is greater than ever. It's a threat not just to companies like Sony or Google but also to the nation's infrastructure and the government itself," Rockefeller — one of three bill co-sponsors — said at a Senate Intelligence Committee hearing. "Today's cyber criminals have the ability to interrupt life-sustaining services, cause catastrophic economic damage, or severely degrade the networks our defense and intelligence agencies rely on."
IT firms are concerned about the DHS' possible control over federal contractors, whose security precautions have been found lacking, as well as the implied power the DHS would have to seize control of systems owned by private firms and cloud providers. Others fear that the bill would impose a regulatory burden on contractors, hurt job growth and handicap innovation, according to Capitol Hill sources.
But supporters insist the provision keeps with the current federal cybersecurity law and applies only to sensitive government data on contractor computers. Also, rumors the bill includes a presidential "kill switch" to take over the Internet is not true, said bill co-sponsor Sen. Joseph Lieberman (I-Conn.) on the Senate floor in February.
What the bill doesn't address is recruiting and retaining the talented personnel needed to stave off cyber attacks. In fact, part of the reason the U.S. isn't winning the cyber war is the shortage of IT soldiers, said Joe Tedesco, managing partner at Maryland Cyber Investment Partners.
Indeed, the U.S. is struggling to recruit talent, according to a GAO human capital report. In June 2010, the DHS inspector general reported difficulties filling vacant positions at the department's National Cyber Security Division. In March 2011, the U.S. Cyber Command reported that the military did not have enough highly skilled personnel to address the current and future cyber threats to the nation's infrastructure.
In the same report, more than one-third of field agents interviewed for an audit reported that they lacked sufficient expertise to investigate the national security-related, cyber-intrusion cases they had been assigned.
U.S. school children have fallen behind other nations when it comes to interest in and then the education to make a career based in math and science, Tedesco said.
"Our country has a science and technology issue, specifically getting our kids motivated to do that," he said. "And that is something to work on. It's a huge problem to get an educated work force to do [cybersecurity]."
While the bill continues to be debated in the Senate, more U.S. systems may fall victim to nation-state attacks. IT professionals are the frontline defense and will find themselves battling hackers until the industry addresses mitigation and counterattack strategies to reduce the loss of sensitive, national security data.
"The truth is, time is not on our side," Lieberman said. "We are not adequately protected at this moment and the capabilities of those attacking us … just grows larger and larger."