There are few politicians–heck, few Americans, period–for whom I have greater respect than John McCain. Not only do I have endless admiration for his character, I find his policy judgment, especially in the national security area, to be close to faultless. Which may be just another way of saying I seldom disagree with him. But I find myself in disagreement with his stance on cybersecurity–as does one of his closest Senate colleagues, Joe Lieberman.
Lieberman is co-sponsoring legislation that would allow the Department of Homeland Security to set minimal cybersecurity standards for air traffic control systems, dams, power plants and other such facilities that are absolutely essential to the safe functioning of the American economy. This is a major issue at a time when, as Gen. Keith Alexander, the head of the National Security Agency and U.S. Cyber Command, has just warned cyberattacks aimed at U.S. infrastructure increased seventeenfold from 2009 to 2012. General Alexander further said that “on a scale of 1 to 10, American preparedness for a large-scale cyber-attack is ‘around a 3.’ ”
The only way to raise our level of preparedness is to give the federal government more authority to protect civilian infrastructure. As things stand, Alexander’s NSA can mount offensive cyberoperations against other countries but can only protect Defense Department networks in this country. The Department of Homeland Security is supposed to protect the civilian networks on which we all depend–and whose disruption via cyberattack could cripple our economy. But DHS does not have the resources or authorities to get the job done. Understandable concerns about privacy have made it impossible to fix this situation on Capitol Hill. Lieberman’s legislation is a start toward fixing this major vulnerability but, thanks to objections from Sen. McCain and the Chamber of Commerce, the bill has been watered down so the cybersecurity standards will now be optional. Optional standards make sense when it comes to governing the size of sodas–not when it comes to protecting critical infrastructure.
While the federal government has undoubtedly extended its reach into all kinds of areas where it does not belong, national defense remains its core responsibility–and in the 21st century that must mean defense from cyberthreats as well as physical ones. Until Congress moves to fix our vulnerabilities, we will remain wide open to attack by China, Russia, and other countries in the forefront of developing offensive cyberwarfare capabilities.
One only need look at the damage that the Stuxnet virus–cooked up by the U.S. and Israel–did to the Iranian nuclear program; now imagine the Iranians returning the favor with a virus that incapacitates major parts of the American electric grid. That is a nightmare scenario that we must worry about, and Congress’s failure to act will only encourage the world’s cyberpredators to continue developing and deploying ever-more fiendish computer weapons against us.