It shouldn’t take a zombie attack to make the point that the U.S. needs a concerted, bipartisan effort to combat cyber criminals: organizations, individuals, and state-sponsored hackers and hacktivists.
But last week’s hacking of TV station Emergency Alert Systems to spread the word on zombies did just that, coming only a day before President Obama signed an executive order creating a framework for best practices for protecting critical systems.
Following the zombie “attack,” the FCC issued an urgent alert to stations and cable operators telling them they needed to change the default passwords to ones that were actually secure, and to make sure their firewalls were as strong as possible. That is advice we could all use on a personal and professional level (no, 1234567 and your name spelled backwards are not going to get the job done).
The president was issuing essentially the same kind of warning writ large. “Repeated cyber intrusions into critical infrastructure demonstrate the need for improved cybersecurity. The cyberthreat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront,” he said. And “must confront” are the operative words. As a country, we must push past the politics somehow and agree on a way forward, particularly as we move our checkups and checkbooks, and yes, our entertainment dollars—billions of them—online.
The president de!ned critical systems as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety or any combination of those matters.”
Obviously, issuing false emergency alerts falls squarely into that category, but so do threats that undermine the Internet economy of the security of personal information. Broadcast and cable operators have both professional and personal stakes in robust cybersecurity.
That is why we were pleased that: 1) the president forced the issue after Congress failed to come to an agreement on a cybersecurity bill and 2) the order makes it a presidential proclamation, in essence, that the framework will be voluntary, will include plenty of industry input and will be vetted down the road to make sure it has not had unintended consequences.
The order does not replace legislation, particularly since it does not get into a key aspect: liability protection for companies sharing cyberthreat information with each other and the government. No worries there: Republicans and Democrats plan to go at it once again on Capitol Hill. The scene during the last Congress was not pretty. Both sides agreed that the threats to critical systems, including economic ones, were real and growing. Both agreed legislation of some type was crucial. Yet it was another case of politics trumping policy.
Perhaps now that the president has essentially put his stamp on “voluntary,” there can be some agreement on how information is best circulated, privacy protected and liability ensured so that the government can share classified info and companies can drop their competitive guards long enough to help all of us stay safer online.
MOST READ
