Foreign hackers are "the 21st-century nuclear weapons equivalent." A "9/11 in the cyber world" could happen "imminently."
When such dire statements come from two top-ranking American officials on the same day — in this case, Secretary of State nominee Sen. John Kerry, D.-Mass., and Secretary of Homeland Security Janet Napolitano, respectively — you know it can't be a coincidence.
Kerry and Napolitano's remarks yesterday (Jan. 24) came the day after the introduction of the Cybersecurity and American Cyber Competitiveness Act of 2013, a bill put forward by powerful Democratic senators that establishes cybersecurity as a priority for the just-started congressional session.
The bill, combined with and Kerry's and Napolitano's remarks, indicate that the White House and the Democratic-controlled Senate plan to move forward on national cybersecurity and overwhelm Republican opposition.
Kerry, at his Senate confirmation hearing, was responding to a question by his colleague Sen. Dick Durbin, D-Ill., about whether Kerry considered cybersecurity "our greatest threat," as Durbin put it.
Durbin "hit the nail on the head," Kerry said, according to Foreign Policy.
"Every day while we sit here, right now, certain countries are attacking our systems, they are trying to hack in to classified information, to various agencies of our government, to banking structures — money has been stolen from accounts and moved in large sums," Kerry said.
The Massachusetts senator has broad bipartisan support to replace Hillary Rodham Clinton, who is retiring as Secretary of State.
Napolitano spoke at the Woodrow Wilson International Center for Scholars, a public-private think-tank affiliated with the Smithsonian Institution.
"We shouldn't wait until there is a 9/11 in the cyber world," Napolitano said, according to Reuters. "There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage."
Sen. John D. Rockefeller IV, D-W.Va., lead sponsor of the new bill, sounded a similar note.
"Our military and national security officials and our country's top business executives have made it abundantly clear that the serious threats to our country grow every day," Rockefeller said in a press statement issued Wednesday (Jan. 23). "The private sector and the government must work together to secure the networks that are vital to American businesses and communities."
The new bill isn't really a piece of legislation. It's a statement of intent by the Senate Democratic A-team in anticipation of an expected executive order from President Obama establishing new national cybersecurity rules.
Besides Rockefeller, who's chair of the Commerce Committee, the bill's co-sponsors include heavy hitters such as Homeland Security Committee chair Tom Carper, D-Del., Intelligence Committee chair Dianne Feinstein, D.-Calif., Armed Services Committee chair Carl Levin, D-Mich., and Appropriations Committee chair Barbara Mikulski, D-Md.
With that kind of backing, the bill doesn't even have to pass to be effective. Its very existence sends a message that the Democrats are very serious about cybersecurity.
"Leading experts in the private sector and the government agree that the United States should establish a new model of public-private collaboration, which fits the realities of the 21st century, to secure the country against cyber attack," the text of the bill says.
"Congress should enact, and the president should sign, bipartisan legislation to improve communication and collaboration between the private sector and the federal government to secure the United States against cyberattack."
Keeping the issue alive
The new bill basically calls for resurrection of the much ballyhooed, but ultimately doomed, Cyber Security Act of 2012.
The 2012 bill, at least in its initial forms, would have let the government designate certain privately held industrial facilities, such as power plants, rail systems and water-treatment centers, as critical infrastructure.
The government would then have decided what kind of digital security such critical-infrastructure facilities should have, and would have mandated communications among facility managers and the government.
But the act, which was chiefly sponsored by Connecticut independent Joe Lieberman (since retired) and strongly backed by the White House, met stiff resistance from Senate Republicans, who saw it as a heavy-handed government intrusion upon private industry.
Even after Lieberman watered the bill down substantially, the Cyber Security Act died in a close floor vote last August.
As a workaround, the White House plans to soon issue an executive order that would establish much of what the Cyber Security Act would have mandated, but on a voluntary basis.
However, an executive order can only do so much. As a Commerce Committee staffer told TechNewsDaily, legislation would still be needed to "fill in the cracks."