In warning of a “cyber-Pearl Harbor,” Defense Secretary Leon Panetta did the nation a service by dramatically pointing out the dangers of cyber-attacks on its government, financial networks, power grids, transportation systems, and water supplies.
Mr. Panetta may have exaggerated the dangers of a single catastrophic attack. But he did not overstate the overall risks of technologically advanced cyber-tools to undermine the nation’s economy and security.
Congress and the country will ignore him at their peril. The computers and electronic communications that control the nation’s basic institutions and services expose millions of people to disruptions on an unprecedented scale.
Fortunately, Mr. Panetta’s comments last week got widespread attention. They may even have lit a fire under Congress, which last August stalled an Obama Administration-backed bill, the Cybersecurity Act of 2012, partly because of shortsighted opposition from the U.S. Chamber of Commerce.
In opposing mandatory security standards for critical-infrastructure industries, such as energy and banking, the nation’s largest business lobby cited burdensome regulations and costs. It failed to acknowledge how better security can protect operations and profits from sophisticated global cyber-attacks.
Hackers from countries such as China have stolen billions of dollars worth of intellectual property and research and development. They can extract valuable corporate secrets from infiltrated computers in minutes.
Senate Majority Leader Harry Reid (D., Nev.) seems to have gotten the message. He vowed to try again to bring cyber-security legislation to the floor when senators return for the lame-duck session.
If Congress fails to act quickly, President Obama should protect the nation with a broad executive order that would promote information sharing about cyber-security between government and private industry. If possible, it also should require standards for critical private-sector infrastructure, including gas pipelines and power and water treatment plants. Most such infrastructure is in private hands.
Legislation is the best way to bolster cyber-security, but President Obama may need to move more forcefully in any event. Any bill that passes the House and Senate is likely to be so vague and toothless that it would be practically useless.
Iran, Russia, and China, as well as militant groups, have become increasingly aggressive and technologically advanced. Launching cyber-attacks, they could derail passenger trains loaded with lethal chemicals, contaminate water supplies in major cities, turn off the lights on the East Coast, and put planes and trains on collision courses. They could combine a physical attack with several simultaneous cyber-attacks.
With increasing frequency, cyber-attacks have been launched on large U.S. financial, business, and government institutions. Intelligence officials suspect that Iran initiated network attacks that crippled computers in the Saudi oil industry.
Iran created its cyber-unit last year, possibly to respond to American and Israeli cyber-attacks on a nuclear enrichment plant. It will almost certainly seek to retaliate for U.S.-led financial sanctions that have disrupted its economy.
Civil liberties and privacy concerns, as well as rapidly changing technology, will complicate efforts to develop an effective cyber-defense system, through legislation or executive order. But it has to be done — now.
America’s adversaries won’t wait. Neither should Congress.