It should come as no surprise to anyone who follows the news in the U.S. that Congress hasn't moved on cyber security. Forces on both sides of the aisle watered down, and then eventually nixed, this summer's cyber security bill (also known as the Lieberman/Collins bill, sponsored by Senators Joe Lieberman (I-Conn.) and Susan Collins (R-Maine). Sen. John McCain (R-Az.) and others proposed an alternative SECURE IT Act, which now languishes as Congress gears up for the November election.
For his part, President Barack Obama has been doing what he can to prepare the country for the possibility of an attack on our critical infrastructure. In July, he wrote an opinion piece in The Wall Street Journal calling for better exchange of information between government and industry in the event of a cyber attack.
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
It's also possible, in the likely event of Congressional inaction, that the President might issue an Executive Order calling for such information exchange. Such an order, however, comes with its own political risks, as some consider such a move to impinge on the purview of Congress. The end result of all this political maneuvering, therefore, may be little or no action by the U.S. government on cyber security, at least until sometime in 2013.
Parties united in cyber security bill ppposition
The obvious question is whether such legislation would simply be too little, too late. The unfortunate fact of the matter is that we are already in the midst of a cyber war. Corporations as well as government agencies are under constant attack from a range of opponents, both economic and political. Furthermore, the 2010 Stuxnet attack on Iranian nuclear infrastructure and the more recent Gauss attack on the Lebanese banking system show that the U.S. (or parties aligned with U.S. interests, Israel in particular) are willing and able to take an offensive posture in this cyber war.
Analysis: Why Stuxnet is a really bad weapon
The fact that the U.S. is willing to take such an offensive role raises the stakes for the defensive side of this battle. Not only do criminals continue to infiltrate our financial networks, as they have for years, but now we're courting retaliation from nations who might very well launch their own cyber attacks against us. cyber war is heating up-and instead of strengthening our defenses, Congress dawdles.