Cyber Security and Threats to Business
Earlier this year, Senate Democrats introduced the “Cyber Security and American Cyber Competitiveness Act of 2011” (S. 21). This bill, which was introduced by Sen. Harry Reid (D-NV) with a number of cosponsors, is needed, according to its authors, because of emerging threats to businesses and national security. The following justification was given in the official press release announcing the bill’s introduction:
Cyber criminals and state adversaries pose a threat to both national security and our economy by threatening infrastructure, defense systems and global communications. Criminals and hackers probe U.S. government computer networks millions of times every day, about 9 million Americans have their identities stolen each year, and cyber crime costs large American businesses $3.8 million a year. More than $1 trillion worth of intellectual property has already been stolen from American businesses.
The cyber security bill introduced by the Democrats would work to enhance government IT security, provide incentives for the private sector to protect themselves from cyber attacks, promote IT technology investments in the United States, improve our capabilities of detecting and preventing attacks, protect our critical national security infrastructure, and safeguard individual privacy.
Highlighting the importance of this issue, S. 21 is one of nearly a dozen bills introduced in the House and Senate on this issue, according to the Center for Strategic & International Studies (CSIS). These other bills include:
- “Tough and Smart National Security Act” (S. 8)
- “Cybersecurity and Internet Freedom Act” (S. 413)
- “Combating Online Infringement and Counterfeits Act”
- “Cybersecurity Enhancement Act”
- “International Cybercrime Reporting and Cooperation Act”
- “Public Safety Spectrum and Wireless Innovation Act” (S. 28)
- “Homeland Security Cyber and Physical Infrastructure Protection Act” (H.R. 174)
- “Broadband for First Responders Act of 2011” (H.R. 607)
- “Cybersecurity Education Enhancement Act” (H.R. 76)
- “Internet Freedom Act” (H.R. 96)
CSIS provides a brief summary of each of these bills with their current status.
While much of the emphasis for these bills focuses on cyber threats to the U.S. government or large businesses, cyber security is an issue for smaller firms, too. One recent study suggests that 55 percent of them have experienced some sort of fraud in the past 12 months, mainly through online banking activities. According to a different analysis, 83 percent of small business owners believe that IT security is crucial for their operation; however, their size often limits the budgetary investment, hampering the overall effectiveness of their security. As a result, a number of trade associations have spoken on the need for increased IT security for small firms to protect against cyber threats. CompTIA says, “We support public policies that balance the need to secure the national technology infrastructure and protect the user with promoting enterprise, innovation, and competition.” They specifically cite the value of “cyber education” and “advancements and innovations in smart technologies.” Other organizations have deemed this an important cause, including the U.S. Chamber of Commerce, the Internet Security Alliance, the National Association of Manufacturers, the National Cyber Security Alliance, and Tech America.
Of course, cyber security is often easier said than done. New safeguards will lead to new innovations to circumvent them, and further complicating the process, the Internet is a global phenomenon, making it difficult to for U.S. authorities to “police” it. Opponents of this legislation worry about infringement on other people’s rights and the ability of the government to control the Internet. For instance, some people worry that the “Cybersecurity and Internet Freedom Act,” which was introduced by Sen. Susan Collins (R-ME), would initiate an “Internet kill switch” similar to one that was used in Egypt during the political unrest there earlier this year. Such worries, however, are highly unlikely.
One thing is clear, though. Some form of cyber security legislation is likely to pass the 112th Congress. As one blogger wrote:
In the past, we have seen congressional interest [in cyber security] ebb and flow, but this time it feels different. Maybe it is because businesses are more focused on the subject, with more entities offering services to address the issue. Maybe it is because the press has focused on it more, as threats against the electric grid and WikiLeaks has put the topic front and center. Or perhaps, momentum is building behind the proliferation of smartphones, networked devices, and Internet services that has made security online so prominent.
She also noted that many of the bills introduced in the Senate are likely to be rolled into one; meanwhile, House Speaker John Boehner (R-OH) has appointed Rep. Mac Thornberry (R-TX) to lead its efforts on cyber security. It will be interesting to watch this debate over the coming months.