SAN FRANCISCO -- Cybercriminals are overrunning the Internet and posing an ever-increasing threat to critical infrastructure in the United States, forcing lawmakers and government officials to rethink how to react in the event of a major Internet security crisis.
Tuesday at the 2009 RSA Conference, a panel of experts from the Department of Defense, National Security Agency and the Department of Homeland Security agreed that drastic measures are needed to shore up defenses of critical infrastructure and ensure a plan is in place for critical communications in the event of a national emergency.
Paul Kurtz, executive director of the Arlington, Va.-based Software Assurance Forum for Excellence in Code (SAFECode) and former White House advisor on national security issues, said lawmakers need to address Net neutrality and priority communications in a time of crisis.
"When we go into IP network world and think about crisis responding, is my ability to download a movie as important as these guys being able to communicate?" Kurtz asked. "The answer is no."
Government officials have been increasing the focus on cybersecurity issues as lawmakers in Congress have signaled that they plan to fund initiatives to better secure the nation's infrastructure. Earlier this month, a report in the Wall Street Journal cited current and former national security officials who said malware was discovered on electrical grid computer systems. The Journal also reported this week that terabytes of data on the U.S. military's most technologically advanced fighter aircraft was stolen by computer hackers over the past two years.
"We have to be as far outside the network as we can to anticipate attacks," Lentz said. "We have to have devices talking to devices and infrastructure and applications talking to one another."
Jim Richberg, chief of staff of the Joint Interagency Cyber Task Force, helped develop the comprehensive National Cybersecurity Initiative and has been briefing lawmakers on cybersecurity issues. Richberg said lawmakers are ready to act, but the process is bogged down with dozens of congressional committees that claim ownership over the Internet and security issues. Richberg said the NCI helped get more than 20 government agencies to "rationalize instead of competing against each other" for funding.
"Every time I brief the threat to Congress, I never had one of them say 'I believe you are hyping the threat,'" Richberg said. "They finally understand that this is a serous problem and requires a serious and sustained effort."
But Lentz warned that even a strong focus on cybersecurity in Congress and greater agency cooperation to recognize and defend against threats could still come up short without support from other countries.
"I think we all have to be focusing as partners internationally in this area," Lentz said. "Countries are starting to come together and realize they have to be part of the club to help keep [the Internet] a neutral place for all of us to continue to work in."
The panelists agreed that as currently written, the Cybersecurity Act of 2009 won't likely gain congressional approval. But, according to Richberg, pieces of it will eventually become law and could help improve cybersecurity at the federal level.
"Senior lawmakers seem to get it, but they can be overzealous," Richberg said. "They understand the magnitude of the threat… but what they don't grasp is what the way ahead is. We still don't have the bumper sticker that says 'Here's the answer; fund this.'"