Government not keeping pace with cyber threats
February 1st, 2012
12:57 PM ET

Government not keeping pace with cyber threats

By Suzanne Kelly

Senior administration officials are headed to Capitol Hill on Wednesday afternoon to brief the entire Senate on addressing cyber security threats, a day after key senators expressed frustration with what they described as a lack of a cohesive approach to such threats.
Secretary of Homeland Security Janet Napolitano and the White House Counterterrorism Advisor John Brennan are among those who will appear.

The nation's top intelligence officials were pressed by senators at a Senate intelligence hearing Tuesday about the myriad of agencies responsible for defending the United States from cyberattacks and the lack of legislation to define how government and private industry should work together.

The public may not yet be fully aware of how cyberthreats will affect them personally, but a recent report sponsored by cybersecurity giant McAfee suggests that more cybersecurity experts and companies that rely on the Internet to do business are already thinking about battle mode.The study, conducted by the security think-tank Security and Defense Agenda, noted that 57% of global experts they polled believe that an arms race is already under way in cyberspace.

What to do about it is a tough question, when, as National Director of Intelligence James Clapper said, essentially, the more successful the nation is in developing Internet growth, the greater security risk it's facing.  "Owing to market incentives, innovation in functionality is outpacing innovation in security, and neither the public nor private sector has been successful at fully implementing existing best practices," he said.

That's a point echoed by former Director of Homeland Security Michael Chertoff, who now leads the Chertoff Group, which offers advice to clients on mitigating the cyberthreat.

"I think a lot of the hackers are using techniques that aren't that sophisticated," Chertoff said. " They're taking the fact that you have entities that are simply not using all of the available technology and all of the best practices to protect themselves, and as long as you leave the door open, the burglars are going to come in, they're not going to have to pick the lock."

Chertoff sees the utility of a more robust government function when it comes to setting regulations for companies that find themselves closer to the bulls-eye for a hacker looking to do widespread damage.

"I know this is a little more controversial," Chertoff said. "I think you may need a regulatory framework for critical infrastructure that really pushes to make sure they (companies likes banks and utility services) have certain standards in effect.  It doesn't mean the government has to micro-manage, saying you have to have this kind of tool on your network, and this kind of password.  It does mean having the government work with the private sector to come up with an agreed set of requirements or standards."

The former head of the National Security Agency, retired Gen. Michael Hayden, who now works for Chertoff and regularly testifies and speaks on the issue of cyber threats, agrees.

"We, the universal America, have not yet decided what we want the government to do, or what we will permit the government to do in this domain," said Hayden, who points out that his old agency could take a much more aggressive approach in going after hackers and other countries who use the Internet for espionage purposes, if they only had the correct legal guidance.

"There are specific policy and legal guidelines that the NSA would need before it could engage all the power it has," says Hayden, who insists that the super secret surveillance agency has all of the tools it needs to go to war in cyberspace. "We've got a lot of good players on the sidelines."

At the hearing on Tuesday, senators questioned why there is not a greater sense of urgency in dealing with the threats.

"My question is, is Napolitano in charge," asked Sen. Barbara Mikulski, D-Maryland. "We know the president's in charge. OK, we know the president's in charge. But what is the president in charge of? And I need to know who would respond and so on, because I feel that it is the governance issue that are the number one issues and continue to diddle, dither and punt."

Caryn Wagner, under secretary for intelligence and analysis at the Department of Homeland Security, replied by saying, "There's never a simple answer to that question, especially in this town, because we all have pieces of the pie." Wagner then said that DHS is responsible for protecting the government domains and the private domains that are associated with critical infrastructure and resources.

Robert Mueller, the director of the Federal Bureau of Investigation, said the FBI is responsible for finding out who is responsible for attacks, along with the intelligence community. He also noted that assigning responsibility to one agency does not work.

"You can't allocate it to a particular agency, which is why we developed the national cyber-investigative task force, with the FBI, CIA, DIA, NSA, Secret Service, all of those who have a role to address this kind of threat," Mueller said.

Another senator was exasperated by the seeming lack of urgency to legislate an approach.

"This is our number one national security threat, and you're in the threat business, to say that 'I don't - this is not necessarily what we do,' frankly, I'm just using this forum to scream out, who is going to start paying attention to this," asked Sen. John Rockefeller, D-West Virginia.

The FBI director noted it is a tough environment when it comes to a singular legislative approach.

"There are 47 states that have different requirements for reporting data breaches. There has to be a national data breach requirement for reporting, and we should be recipients of that reporting," Mueller responded.

soundoff (12 Responses)
  1. Minecraft Let’s Play

    I love it when folks get together and share opinions. Great site, continue the good work!

    June 1, 2012 at 6:34 pm | Reply
  2. Embarrased

    While the government, military and other agencies have areas that need improving, the core of the problem is that the private sector doesn't want the government to do anything because they fear it will cost them money to comply with regulations, they worry that the government could cut off some connections overseas during a cyber crises that businesses need to make money, and other fears (mostly unfounded) that lead them to pay top dollar for lobbyists and political contributions to keep such laws from ever being written. We need our politicians to have the ethical fortitude to do the right thing for our country to enable the protection of our economy, critical infrastructure and enable the government agencies to act. This is not much different than our physical borders, which we protect, yet we don't have nor could we protect cyber borders with the current system. And for those about to start on the censorship bandwagon, that is not what I'm referring too; I'm talking about protection and not censorship. There is a difference between blocking malicious code trying to enter the U.S. infrastructure from reading and selectively blocking emails like in China.

    February 6, 2012 at 2:27 am | Reply
  3. larry5

    If they haven't taxed the Internet yet you can be sure that they haven't noticed it, yet.

    February 2, 2012 at 6:29 pm | Reply
  4. MSNBCSUCKS

    Of course we're not keeping pace with cyber threats! Our government is to busy using it resources to spy on Americans to fight against China and real threats.

    February 2, 2012 at 6:12 pm | Reply
  5. DiddyD

    We are behind the 8 ball on this one because all of the three letter agencies responsible for Cyber want White, Ph.D's from Harvard that are virgins! WAKE UP US GOVERNMENT. You don't get "experts" by training, you get them by skill. Stop locking up hackers and turn them to work for you. You can't train some of these skills, they have to be born. Besides, I know TONS of people that would be perfect for this but can't quality for these cyber jobs because the process is so damn difficult/impossible. Some of the most skilled people have arrest records, DEAL WITH IT. You can't get perfection when hiring people to do any type of work.

    February 2, 2012 at 11:32 am | Reply
  6. James

    Just hire anonymous already !

    February 1, 2012 at 7:14 pm | Reply
  7. studdmuffins

    Why is it governments job to "keep pace with cyber threats?" Why not private industry?

    Be wary when any government official declares that "something" must be done to confront or contain a problem. A problem, in most cases, created so they can spend mo' money.

    February 1, 2012 at 6:20 pm | Reply
  8. mipolitic

    well one of the problems is there is no punishment. geeks sit in confinded spaces and there brains travel with there sceems. so taking a guy locking him up is not real punishment. geeks are wimps if they thought for one minute that they were going to be subject to physical punishment when they were caught , you would see cyber crime fall quickly.
    along with that interpol has to be greatly improved to have the resourses to deal with these idoits. turn a couple of case to place that has the lash and those geeks would fold up shop over night. cyper crime is international , send a few of them to the saud's to have their backs plowed . i know this would never happen but it sure would reduce cyber crime geartly

    February 1, 2012 at 5:30 pm | Reply
  9. AMERICAN POLICIES

    when america is confronted with agendas related to CYBER SPACE we need HOMELAND SECURITY working round the clock 24/7 to ensure the safety of the AMERICAN people. WE ARE IN A NEW ERA OF TECHNOLOGY WHERE WE WOULD HAVE TO RELY ON THE PICTURE THATS IN FRONT OF US!

    February 1, 2012 at 4:30 pm | Reply
    • Sgt. Fury & His Howling Faggots

      Hey – at least the TSA's doing a fine job of groping children and humiliating the elderly – you know – just so we can all be safe.

      February 2, 2012 at 4:01 pm | Reply

Post a comment


 

CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.