Several Senators are calling for the creation of a select Congressional committee to shepherd through cyber security legislation designed to better protect the U.S. from cyber attacks.
Sen. John McCain, R-Ariz. and Sen. Angus King, I-Maine, raised the issue Feb. 27 in a Senate Armed Service Committee hearing on U.S. Strategic Command and U.S. Cyber Command.
“Everybody knows we need the legislation. I can’t tell you the number of meetings I’ve gone to on it. One of the biggest problems we face is this issue crosses many jurisdictional issues. Maybe we should have a select committee to examine this entire issue of cyber security,” McCain said.
When asked by McCain, Gen. Keith Alexander, Commander of U.S. Cyber Command, agreed there is an urgent need to pass cyber security legislation.
“I am concerned Senator that that lack of legislation will impact our ability to defend the country in this area,” Alexander said.
A select committee would, by design, focus on bridging the procedural issues and gaps separating various areas or committees affected by proposed legislation. The idea would be to synchronize proposed legislation across the Armed Services, Intelligence and Judiciary committees, among others.
Both McCain and King made reference to an earlier failed effort to strengthen cyber security — the Cybersecurity Act of 2012 — which ran into procedural trouble getting passed through the Senate.
“There was a major bill in 2012 that failed and here we are a year and a half later. Everyone one of our witnesses have told us how urgent this is and how important this is — and yet we aren’t there yet. Maybe we need a select committee to iron out differences between intelligence, judiciary and Armed Services to get this on the floor,” King said.
The proposed 2012 legislation was aimed at identifying vulnerabilities, creating public-private partnerships, improving information sharing and building cyber-security talent, among other things.
In particular, the legislation looked at addressing ways to fortify security for much of the U.S.’s critical infrastructure — power grids, communication lines and transportation systems – entities which are largely reliant upon cyber networks.
In the meantime, Alexander said U.S. Cyber Command is already working on what he called DoD’s Joint Information Environment or JIE, a new IT security system. JIE is, among other things, designed to decrease U.S. network’s vulnerability to cyber attack.
Lawmakers and expert witnesses at the hearing addressed the rapidly broadening scope of cyber threats facing the U.S.
“In future environments cyber will be the tool used first by both sides,” Alexander said.
Alexander also told McCain that Edward Snowden’s release of National Security Agency information about government surveillance programs has put Americans at greater risk.
“I am greatly concerned about the risk to our men and women in the military and to our nation from terrorist attacks. Senator I am concerned that they are learning how we stop them and that they are going to get through. That is the near term issue that we face both here in the United States and in Europe and that we haven’t adequately addressed that problem,” Alexander told the committee.
While describing the nature of existing threats and making the case for urgently needed cyber security legislation, McCain cited a Wall Street Journal report describing Iranian infiltration of a Navy computer network.
Discussion of cyber personnel was also a focus at the hearing. Sen. Tim Kaine, D-Va., asked the expert panel about progress toward DoD’s stated plan to add up to 6,000 new cyber specialist personnel to the workforce by 2016.
Alexander responded by saying that up to one third of them will already be added by the end of this year.
Regarding the cyber security legislation, King emphasized that now is the time to act.
“If we have an attack two or three years from now – and we have not done anything – we are going to look pretty dumb around here because we certainly have had plenty of warnings,” he said.