News last week that Chinese and Russian hackers had infiltrated the U.S. electrical power grid gave practical significance to already high-profile issues in Washington — how better to secure the nation’s cyber-infrastructure. Late in 2008, the Center for Strategic and International Studies Commission on Cyber Security for the 44th Presidency (the Commission) released a report citing the U.S.’s failure to protect cyberspace as “one of the most urgent national security problems” facing the Obama administration. The failure threatens the safety and well-being of the United States and its allies and raises immediate risks for the economy. In a global economy, where economic strength and technological leadership are as important to national power as military force, failing to secure cyberspace puts the U.S. at a disadvantage. When Chinese and Russian intruders apparently left software on networks supporting the U.S. power grid that could be used to compromise electric and water systems, the warnings of the Commission proved true in a real-world way.
The Obama Administration has taken these threats seriously. On February 10 it initiated a 60-day review of federal cybersecurity efforts to protect vital U.S. computer networks (the Review). The Review staff has engaged in significant and broad outreach to the government, the private sector and non-governmental organizations. As the work of the Review draws to a close, its director, Melissa Hathaway, has intimated that it will not result in the naming of a cyber security advisor at the White House level. This is an important, if controversial, signal. However, on April 2, 2009, Senator Jay Rockefeller (D-WVA) and Senator Olympia Snow (R-ME) proposed legislation that would establish just such a position, invested with sweeping powers. The legislation would empower government to set and enforce security standards for industry, and broaden the focus of the government’s cybersecurity efforts to include not only military networks but also private systems that control critical infrastructure, such as electricity and water distribution. Such new powers raise serious questions for industry and civil liberties.
The Centre for Information Policy Leadership has played a prominent role in these efforts. Centre Senior Policy Advisor Professor Fred H. Cate has consulted on several occasions with the Review committee.