THE ISSUE
No threat facing America has grown as fast or in a manner as difficult to understand as has cybersecurity. The media vacillate between claiming that the threat is nothing but hype and panicked cries that the digital sky is falling. Neither position is correct.
President Bush took strong steps to improve the overall security of the nation’s networks, and it seemed that President Obama was following suit. Securing cyberspace was a very early priority for the Obama Administration, which was wise enough to use former Bush appointees to set the tone and maintain some continuity, but the initial flurry of activity was not followed up in a consistent and effective manner.
There have been several legislative fights over cyber bills. They have been characterized repeatedly as partisan battles that have left America exposed to a growing variety of cyber threats, but this is a very inaccurate and self-serving view. In fact, every cyber bill that has been introduced has had bipartisan support as well as bipartisan opposition. The fight is not over a need for appropriate cyber legislation; it is over how one defines “appropriate.”
The main point of contention is the degree to which federal regulatory powers should play a role in cybersecurity. Many seem to think reflexively that this 19th-century solution is the answer. Those with a little more understanding of the dynamic and fast-moving nature of cybersecurity see regulation as far too slow and clumsy to be of any benefit and recognize that it might actually hinder security by building a culture of mere compliance with regulations and a false sense of security against enemies who are agile, motivated, and clever.
Russia is the most sophisticated cyber threat, with China as a close second. China also has a strong desire to jump-start its economic efforts by rampant theft of commercial intellectual property. This fact is common fodder for the news media but is actually a greater problem than the news illustrates. Iran and North Korea are much less sophisticated than the two giants, but what they lack in expertise they make up for in malice. For example, the 2012 “Shamoon” virus unleashed upon the Saudi ARAMCO oil production company was a brute-force attack that destroyed 30,000 computers, and the recent cybersecurity breach of the Office of Personnel Management, a campaign believed to be undertaken by the Chinese government, resulted in compromised information of approximately 4 million federal employees. Attacks such as these have shown the U.S. that countries like China have the capabilities to inflict serious damage. North Korea has also used high-profile cyberattacks against the U.S., with the most notable being the one launched against Sony Pictures Entertainment, allegedly over a movie depicting North Korea in a negative light. The hackers took terabytes of private data and released confidential information to the public, including five Sony movies.
To address this growing threat, the U.S. should leverage the forces of the market, motivating the private sector to make the sort of continual and dynamic investment needed to really secure our diverse networks. Heritage Foundation analysts have developed steps to do this that should be taken legislatively to begin the process of improvement that is so badly needed.
The India-France strategic relationship has generated a sense of comfort between the relevant government agencies. The Hollande visit focussed on initiatives that can strengthen business-to-business linkages and people-to-people contacts
