WASHINGTON — Could sequester-related furloughs mean that U.S. Internet-service providers will have less protection from bad online actors this summer?
The head of the National Security Agency seems to think so.
In a hearing that generated headlines mostly about NSA secret phone and data collections revealed by an outside contractor, agency director Keith Alexander told Congress that the sequester could compromise efforts to combat cyberattacks, including by cybercriminals and foreign government-directed operators against U.S. businesses.
He also said cybersecurity legislation that includes easier information sharing between the government and ISPs is crucial.
The upcoming federal-employee furloughs in July, August and September, a result of the sequester, could have grave cybersecurity consequences, Alexander told a Senate Appropriations Committee hearing on cybersecurity two weeks ago.
“While many of our personnel are exempted from the furloughs, others are not, and their absence will degrade our mission readiness and performance this summer and beyond, and make the development of a strong and capable cyber force more problematic,” he said.
On the legislative front, the House has already passed a cable-backed cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA), which focuses on information sharing, but the Senate is looking to come up with its own bill.
After bipartisan cybersecurity legislation failed to pass in the last Congress, President Obama issued an executive order mandating the creation of voluntary guidelines, but there are limits to what the chief executive can order.
In testimony at the hearing, Alexander said that the executive order would help, but legislation is “urgently needed.” Such a measure would include facilitating information sharing and “incentivizing” adoption of the executive order’s voluntary best practices, he said.
Given the current concern over government access to private-sector information, Alexander made a point of saying he thought that sharing could occur “in ways that protect privacy and civil liberties,” while still giving industry “targeted liability protections.”