Home > Identity Theft > Congress’ Profound Failure on Cybersecurity (And Why You Should Care)

Comments 0 Comments

On August 2, 2012 Congress did it again. They acknowledged the looming threat of cyberwarfare while discussing the Cybersecurity Act of 2012, and then they “kicked the can down the road.” It’s what they do best. The “Party of No” hurt us all on a critically necessary piece of cyber-security legislation, and continued the U.S. Senate’s proud tradition of failing to do anything to deal with our absolute vulnerability to an attack by state sponsored hackers and terrorists on our critical infrastructure.

The Obama administration called the result “a profound disappointment.” That is a bloody understatement.

We no longer have Cold War problems. It’s hackers, working either for rogue states or terrorist organizations. At some point, they will disrupt not just our military’s computers, which will be bad enough, but also the computers upon which all Americans depend: computers that run our nuclear power plants and electricity grid; computers that deliver our drinking water; computers that manage our hospitals, banks, and every corporation large and small. They will use our own machines against us, but as of yet we have no John Connor.

[Credit Check Tool: Monitor your credit score and activity for free with Credit.com]

“(T)he Pentagon has formally recognized cyberspace as a new domain in warfare . . . [which] has become just as critical to military operations as land, sea, air, and space,” William J. Lynn III, the deputy secretary of defense, wrote in a 2010 article for Foreign Affairs magazine.

What’s particularly troubling, experts warn, is the degree to which America’s critical computer infrastructure is decentralized, privatized, unprotected, and vulnerable to attack. It was precisely this problem that the cybersecurity bill was intended solve.

Knocking out even 10 percent of the computers used to control the complicated network of water reservoirs and pipelines that crisscross the Western states would have an immediate, severe impact in giant metropolises including Phoenix, Las Vegas and Los Angeles. Private utility companies like First Energy — which caused the 2003 East Coast blackout, and which came within 60 days of incinerating a large swath of Michigan, Ohio and Pennsylvania in 2002 by allowing acid to eat a football-sized hole in a nuclear reactor lid at its Davis-Besse power plant — face only limited requirements to safeguard their critical computer systems. If this is how major utilities handle basic infrastructure such as power transmission lines and nuclear reactors, just think what unseen dangers lurk in their disparate computer systems.

Free Credit Check & Monitoring

“The alarm bells sound regularly: cybergeddon; the next Pearl Harbor; one of the greatest existential threats facing the United States,” Preet Bharara, U.S. attorney for the Southern District of New York, wrote in a recent Op-Ed in The New York Times. “With increasing frequency, these are the grave terms officials invoke about the menace of cybercrime — and they’re not understating the threat.”

[Related Article: 5 Stupid Things You’re Doing to Ruin Your Credit]

Both parties in Congress agree that the question is not whether this next war will start. It’s when. Yet members of both parties once again blew their best chance to get America ready. Senator Joseph Lieberman, the Independent from Connecticut, literally spent years nursing a cybersecurity bill through Congress. As originally conceived, the bill would have created security standards for computers that run the nation’s critical infrastructure including transportation, water systems and the electrical grid. In addition, it gave the federal government the power to make sure those standards were met.

Lieberman’s first attempt was clearly far from perfect. As my colleague Eduard Goodman, chief privacy officer of Identity Theft 911, sees it, the original bill contained some serious threats to the privacy of American citizens. Particularly troubling were provisions that could have required phone companies and Internet service providers to spy on their customers, and turn over anything that looked suspicious to government surveillance agencies.

According to Goodman, “Companies would potentially be reporting individual citizens to law enforcement without any of the checks and balances we have for traditional surveillance, though in truth, to some degree this already been happening for years.”

That dog don’t hunt. Our Founding Fathers fought and died to preserve and protect our freedom and liberty. Sacrificing freedom in the name of protecting it (sorry, Sheriff Joe) is akin to destroying the village to save it.

That problem could have been resolved, however, by the deliberative process for which Congress was created, but some of our esteemed lawmakers had no desire to make the legislation better. They simply wanted to kill it, but for all the wrong reasons.  Conservatives and their financial backers in the Chamber of Commerce didn’t even mention the cybersecurity bill’s looming privacy threats. Rather, they focused on trumped-up allegations that the bill would be a burden to American corporations.

“The chamber believes [the bill] could actually impede U.S. cyber security by shifting businesses’ resources away from implementing robust and effective security measures and toward meeting government mandates,” Bruce Josten, chief lobbyist for the chamber, wrote in a letter to senators.

[Related Article: Payment Processor Facing More Concerns Over Recent Data Breach]

Shifting resources… Are you kidding me? U.S. Attorney Bharara has remarked on several occasions that he was approached by a board member of a major U.S. Corporation who remarked that cyber security wasn’t even mentioned at meetings.  Josten’s argument is utterly bogus. As Joel Brenner, former counsel for the National Security Agency, repeatedly points out, American corporations’ current computer safeguards present a “‘glass house,’ all but transparent to our adversaries.”

But the opponents of the bill weren’t interested in having that inconvenient truth aired. So they deployed their full arsenal of parliamentary tricks to kill the bill. They loaded it down with more than 70 amendments, most of which were highly controversial and had nothing to do with the legislation at hand, including provisions on gun control (don’t get me started) and abortion. This is like the Grasshopper and the Ants parable, but a thousand times worse. While corporate America tries to keep things as Wild West as possible while they loot the American Dream, they seemingly have no regard for the future. But winter is coming.

“We all recognize the problem, that’s really not the issue here,” Mitch McConnell (R – Kentucky), the Senate Minority Leader, said from the Senate floor. “It’s the matter that the majority leader has tried to steamroll a bill.”

This bill is no more a steamroller than a cat on a tricycle. It was many years in the making — there was nothing fast about it. Was it one of the Senate Democrats’ finest moments? Not quite. In an effort to woo sufficient members of McConnell’s rabid right wing to win the supermajority needed to overcome the filibuster, Democrats simply, profoundly caved. They offered to make the bill’s vital security safeguards optional, which in the context of the coming cyberwar is like telling members of the Massachusetts Militia that the Minutemen can show up whenever it’s convenient.

The problem, as most people who are paying attention know, is that our current collection of uneven, random and deficient computer security protocols will fail precisely because they are optional. The Democrats’ last-ditch efforts to save the bill by gutting it might have created some small boost in their efforts to look tough on security issues before the election this fall, but the resulting law would have done little to better protect the American people. In the end we are probably lucky that it failed, having avoided being lulled into a false sense of security.

[Featured Products: Research and compare Identity theft protection plans at Credit.com]

So what happens next? The Obama administration has some power to require that executive agencies write and enforce a number of the security rules included in Lieberman’s original cybersecurity bill. The administration has hinted that it might use that power, and I hope that it does, despite well-rehearsed and inevitable howls of faux outrage that the President is sidestepping the will of Congress. After all, when the Congress has demonstrated that its will is to leave America’s critical infrastructure flapping in the breeze, the President’s only choice is to act as Commander in Chief to a threat to the nation.

But any moves by the executive branch can only be piecemeal. The White House needs the blessing of Congress before it can require agencies and private companies to share information on threats. That kind of collaboration was exactly what was missing in the years before Sept. 11, and it appears America’s military and intelligence agencies learned that lesson well.

Apparently, the politicians in Congress have not. Through their election-year cowardice, both Democrats and Republicans have colluded to let terrorists and enemy states create a new “Day of Infamy.” Therefore, let’s make November 6, 2012, Election Day, their day of reckoning.

This is an Op/Ed contribution to Credit.com and does not necessarily reflect the views of the company.

Image: San-Tus, via Flickr

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team