What you should know about cybersecurity

Congress is now in recess. But before its members left town, back on Friday, Aug. 3, they rejected a bipartisan bill that would have established optional "cybersecurity" standards for the computer systems that operate the country's power grids, dams, transportation systems and other critical infrastructure.

This defeat -- led by the U.S. Chamber of Commerce -- raises questions about the proper role of government vs. private industry in defending our country's critical infrastructure from cyberattacks.

The chairman of the Joint Chiefs of Staff and the White House counterterrorism adviser, along with security experts who had served in the George W. Bush administration, detailed the nature of the cyberthreats faced by the United States and urged positive, timely Senate action on the cybersecurity bill.

According to the authorities who were urging passage of the bill, cyberattacks on America's critical infrastructure increased 17-fold between 2009 and 2011. They expressed alarm at the pace by which America's electricity grids, water supplies, computer and cellphone networks were coming under attack.

However, the Chamber of Commerce and other private corporate interests objected to the governmental imposition of cybersecurity standards and the associated costs that they believe private industry would have to incur in order to comply. This at a time when corporate profit margins are at an all-time high.

Experts say that, ironically, a cyberattack on critical U.S. infrastructure could cost private industry well into the billions of dollars.

We certainly have come a long way from the World War II days, when everyone acknowledged that partisanship should end at the border and that it was every American's duty to unite behind our government in support of the common defense.

It appears that we are living in an age when the political left and the political right both feel compelled to question the role of government in our lives, with both sides clinging to their perceptions of what is "constitutional." Article I, Section 8 of the U.S. Constitution empowers Congress to "provide for the common defense." But I suppose the threat of a cyberattack is not as real to some as a nuclear attack or an invasion by land, air or sea. Arguably, though, a cyberattack that shut down key segments of our critical infrastructure could be every bit as devastating as a conventional military attack.

Among those testifying that the federal government needed new powers to defend private computer networks that control our critical infrastructure in the United States was General Keith B. Alexander, the commander of the United States Cyber Command (USCYBERCOM), under the United States Strategic Command at Fort Meade in Maryland.

Alexander said that the United States, "remained unprepared to ward off a major attack" and that on a scale of 1 to 10, preparedness for a large-scale cyberattack is "around a 3."

Apparently, the views of commanders on the ground were not enough to sway the insistent opposition orchestrated by the U.S. Chamber of Commerce.

Two of the bill's three main sponsors are urging President Obama to use his executive powers to enforce key provisions of the defeated bill -- which, otherwise, will languish in legislative limbo until taken up again -- presumably after the November election.

Should companies be allowed to share information about cyberthreats with the government? Should government be permitted to share classified information with private companies? Some are concerned that "too much" information-sharing between industry and government could lead to violations of civil liberties.

One thing's for certain: All of these threats are very real. It will take an informed, intelligent debate to figure out how best to balance the new security concerns brought to us along with all the benefits that we derive from the cyberworld.

-------------------