Sen. John McCain and a coalition of his fellow Republican senators have introduced the SECURE IT Act, aimed at improving our nation’s cybersecurity. It’s a response bill to one introduced earlier, The Cybersecurity Act of 2012, by Sen. Joe Lieberman and a coalition of Republicans and Democrats in the Senate.
You could view this news in a couple of different ways. First, you could see it as more bill pushing in Washington by a group of squabbling legislators who can never work together sufficiently to make something happen. Secondly, you could see it as an attempt to save America from what could be an absolutely catastrophic attack. We’re talking about the power grid being messed with, the air traffic control system falling apart, problems with dams, with traffic lights, with the water supply, you name it. All of those things are connected to computers and could potentially fall victim to a large scale attack.
So what’s the difference between the McCain plan and the Lieberman plan? “In the bill put forth by Senator Lieberman, Department of Homeland Security would work with so-called critical infrastructure,” explains Tony Romm of Politico.com. “Things like power plants and water systems, to come up with performance requirements, a set of benchmarks that they'd have to meet to show that they're securing their networks against an attack. The GOP bill by contrast doesn't do anything of the sort. It just mostly focuses on information sharing. Companies would be sharing information about cyber-threats voluntarily with the federal government.”
Here’s what you need to know, in a nutshell. Under Lieberman’s bill, Homeland Security has power over companies to force them to manage security in what it sees as the right way. Under McCain’s plan, that power does not exist and companies are asked to share information on security voluntarily with the government.
There’s a lot of urgency in Washington to make something work in the near future to address security. President Obama has said that he wants a bill to sign that would make things better. The challenge is that threats to security could take several forms. There are attacks where a hacker is trying to disrupt systems and launch the cyber equivalent of a bomb. There is theft where someone's trying to steal information. Then there's spying. “Where foreign parties and foreign companies and foreign governments are raiding American companies,” says Allan Friedman of Brookings, “stealing valuable data, not just for strategic purposes, but to actively compete with American companies and try to gain an innovative advantage.”
Friedman says good legislation needs to address all of that as well as clearly spell out how to respond in a crisis. “Where things get into a little big of a morass is who exactly is going to be in charge and how do we get the information we need in order to solve this problem in real time,” he says.
And as if all these challenges weren't enough, here's another: setting up a system where we can train smart people to head off threats before they hit. Says Friedman, “The real challenge is how much we are going to spend now. If we are in fact facing real risks, we're going to need to invest, and the challenge that I don't see from either bill is really setting up a set of incentives to drive investment.”
Also in this program, your help is needed in finding space aliens. No, I’m not crazy. The SETI Institute has launched setilive.org, your chance to go online, look through a little bit of space they’ve broken off for you, and look for anomalies. Anomalies?! Exciting! I know! Look, you probably won’t find anything. But oh what if you did?