- 12 iPhones Apps That Will Make You a Networking Star
- 10 Careers Robots Are Taking From You
- Big Data Gold Isn't Always Where You Would Expect It
- 6 Tips to Build Your Social Media Strategy
CSO - Should the federal government combine legislative muscle with fear to pressure private enterprise leaders into funding defenses for a cyberwar? Or should it be up to the government to fund and create a "cyber army" to protect private industry, just as it protects factories and infrastructure in the physical world?
That debate is raised in two reports last week on National Public Radio on the escalating threat of cyberattacks from foreign and terrorist enemies. In the first, reporter Tom Gjelten profiles a public-private partnership called the "Enduring Security Framework," which began at the end of 2008 and, "brings chief executives from top technology and defense companies to Washington, D.C., two or three times a year for classified briefings.
The purpose is to share information about the latest developments in cyberwarfare capabilities, highlighting the cyberweapons that could be used against the executives' own companies."
Or, in more colorful terms, "We scare the bejeezus out of them," Gjelten quotes one U.S. government participant as saying.
At one such briefing in 2010, U.S. officials told business executives, "We can turn your computer into a brick." That, according to NPR, prompted computer manufacturers to fix a design flaw in their firmware.
But now there is legislation pending that would take it beyond persuasion. In a second story, Gjelten reports on a U.S. Senate bill that would require private enterprises, particularly those that, "control the U.S. power grid, the financial system, water treatment facilities and other elements of critical U.S. infrastructure," to improve their cybersecurity capabilities.
The leading backers of the bill are Sens. Joe Lieberman of Connecticut and Susan Collins of Maine, among others. Lieberman, an Independent, still caucuses with Democrats. Collins is a Republican.
Leaders in government and private industry agree on the need for those improvements, but the report says, "they divide over the question of who bears responsibility for that effort."
That is a key dispute over passage of the bill, which is the Senate version of CISPA (Cyber Intelligence Sharing and Protection Act), recently passed by the House. The Senate version is more popular among privacy advocates because it would give the civilian Homeland Security Administration oversight of information sharing between the public and private sectors, rather than the military's National Security Agency. But the Senate bill puts heavier, and more costly, regulation, on private business.
[See also: CISPA enjoys wide backing from enterprises]
Can business afford that burden? NPR cites a study by Bloomberg Government that estimated that those in charge of critical infrastructure, "may need to increase their cybersecurity spending as much as nine times to reach satisfactory levels."
Larry Clinton of the Internet Security Alliance told NPR, "The legally mandated role of the government is to provide for the common defense, and they're willing to spend pretty much whatever it takes to do that. If you're in a private organization, your legally mandated responsibility is to maximize shareholder value. You can't spend just anything on the cyberthreat."