Policy

The Case for Cybersecurity

4/02/2012 12:01 AM Eastern

Washington — These days on Capitol Hill, even bipartisan
issues run into partisan divides over the details, like online
piracy. Everybody agrees it’s bad, but it’s tough to get a
bill passed. Cybersecurity, though,
looks like an exception to this rule.

Just about all the stakeholders
agree something needs to be
done, and given how much of commerce,
services and entertainment
have moved online, virtually every
constituent has a vested interest in
it. Even in an election year, some
form of cybersecurity bill appears
to have a good chance of making it
into law. Here’s why:

• The FCC cares: Three weeks
ago, Federal Communications Commisssion
chairman Julius Genachowski
proposed a voluntary set of
cybersecurity standards for botnets,
malware, Web domain names and
Internet traffic routing. And remember
that while Genachowski was intent
on codifying network-neutrality
rules, there was a carve-out for network
management, including protecting
against cyberattacks. That is
because if Americans are going to be
living online — or at least banking, renewing
driver’s licenses, going to school, getting health checkups,
getting together with friends or monitoring nuclear power
plants online — it is important to have the cyberspace equivalent
of locks and police officers on the beat.

• Cable cares: Two
weeks ago, top cable
operators agreed to
voluntary standards
for dealing with malware
and other attacks
and for securing domain
names.
As key Internet-service
providers and network
owners, cable operators
face threats from hackers,
organized criminals
and even some
foreign countries — all
of which threaten customers as well as their own reputations. Thus, they have a vested
interest in securing their networks.

National Cable & Telecommunications Association
president Michael Powell has called cybersecurity the
“Achilles’ heel to the great vision of the Internet.”

• The White House cares: One of the White House’s hightech
goals has been to put as much government information
and business online as possible. So, just as there are those
concrete barriers in front of federal buildings in Washington
and elsewhere, government broadband needs equivalent
protections from cyber terrorism. President Obama has
called cyber attacks “the most serious economic and national
security challenges we face as a nation.”

• Congress cares: Senate Democrats are backing a bill
that would set security standards for industry, with input
from DHS. A Senate Republican version would emphasize
voluntary efforts and information sharing. Both bills
would provide ISPs with a shield from liability for sharing
information with the government. There are at least two
House bills and a third in the works, and there have been
over a half dozen hearings in various committees.

Unlike some issues, cybersecurity has a bipartisan constituency
and a personal connection. Rep. Anna Eshoo (DCalif.),
ranking member of the house
Communications Subcommittee and
co-chair of its cybersecurity working
group, spoke of the issue from personal
experience at a March 7 hearing
where her testimony substituted
for the typical Democratic and Republican
witnesses. “This is something
that rises above that,” she said.

On a trip abroad last year as part
of a congressional delegation, her
mobile device became infected.
Fortunately, she said, it was detected
before that infection spread to
the House network.

The house Energy & Commerce
Committee last week held the
fourth and fifth in a series of cybersecurity
hearings. For Rep. Lee
Terry (R-Neb.), who co-chairs the
working group with Eshoo, the issue
is personal, too. “Hell, no,” he
said to suggestions by Senate Democrats
that DHS oversee industry
cybersecurity standards.

• Equipment suppliers care:
Supply-chain security is one of the issues in the House’s
sights. Eshoo has expressed “grave” concerns about foreign
controlled telecom companies supplying U.S. infrastructure.
The House
Energy & Commerce
Committee last week
held a hearing on the
supply chain issue.

The bottom line from
various federal agencies
was that both the government
and private
sector must do a better
job of securing and
monitoring the hardware
and software in
government networks,
as well as the underlying
telecom infrastructure,
given the increasingly
globalized supply chain and the opportunity for foreign infiltration, including from terrorists. Threats include malware,
and the threat of counterfeits to the effectiveness of systems.

CYBERSECURITY BY THE NUMBERS

Comcast has been the most aggressive at implementing the DNSSEC
(Domain Name System Security Extensions) regime, a system designed
to protect computer systems. According to Congressional testimony, here
are some of the the key numbers beyond the 1s and 0s it is protecting:

18 million: Residential Xfinity customers using DNSSEC servers.

5,000-plus: Domain names Comcast owns, all of which have
DNSSEC protection.

10 million: Number of PCs infected each quarter with malware.

SOURCE: Congressional testimony

September
October