Legislation would bring together private- and public-sector experts to propose minimum cybersafety standards to secure computer networks
College Park, MD – At the height of the cybershopping season and just as millions of Americans prepare to use their e-tickets to board airlines around the country for the holidays, U.S. Senator Benjamin L. Cardin (D-MD), Chairman of the Senate Judiciary Terrorism and Homeland Security Subcommittee, has introduced major legislation that would require the government to work with the private sector to propose minimum standards for Internet and cybersecurity safety designed to protect Americans from cybercrime and cyberterrorism. Speaking before hundreds of security, technology and intelligence professionals gathered at the launch the new Maryland Cybersecurity Center today, Senator Cardin outlined the need for such a bill and the malicious nature of cyber threats.
“Every computer connected to the Internet, whether a part of our nation’s critical transportation or energy infrastructure or sitting in a family living room, is a prime target for cyberterrorists, cyberspies and cybercriminals who want to steal our identities, corrupt our financial networks, and compromise or disrupt key resources. Users of computers and other devices that connect to the Internet are generally unaware that their computers and other devices may be used, exploited, and compromised by others with spam, viruses, and other malicious software and agents.
“We live in a digital world and we need to arm ourselves with the right tools to prevent a digital 9/11 before it occurs. Failure to take such steps to protect our nation’s infrastructure and its key resources could wreak untold havoc for millions of Americans and businesses, as well as our national security.”
Cybercrime is serious business. In 2008, the Federal Bureau of Investigation (FBI) uncovered a transnational crime organization that used sophisticated hacking techniques to withdraw more than $9 million in less than 12 hours from 2,100 ATM machines in 280 cities around the world, including the United States, Russia, Italy, Japan and Canada.
“Cybersecurity involves more than preventing identity theft and stealing money,” Senator Cardin said. Senior executives at three major American oil companies reportedly fell victim in 2008 to what security experts called "tenacious" and "clever" cyber attacks that exposed some of these companies most critical intellectual property after executives were unwittingly duped by unsolicited e-mails carrying data-extracting malware. Cyberterrorists can hit these kinds of financial targets but also more traditional enemies, such as when anti-Israel hackers reportedly connected to Hamas and Hezbollah crashed several Israeli government web sites by flooding them with bogus traffic. Countries like Russia, China and Serbia also have reportedly engaged cybersoldiers to disrupt critical infrastructure systems in advance of or simultaneous to more traditional military engagements.
The Internet and Cybersecurity Safety Standards Act would require the U.S. government and the private sector to work together to develop minimum Internet and cybersecurity safety standards for users of computers and other devices that connect to the Internet. “Just as automobiles cannot be sold or operated on public highways without meeting certain minimum safety standards, we also need minimum Internet and cybersecurity safety standards for our information superhighway,” said Senator Cardin.
Last year, Senator Cardin chaired a Subcommittee hearing entitled “Cybersecurity: Preventing Terrorist Attacks and Protecting Privacy in Cyberspace.” It reviewed governmental and private sector efforts to prevent a terrorist cyber attack that could cripple large sectors of our government, economy, and essential services. The hearing included witnesses from key federal agencies responsible for cybersecurity, as well as representatives of the private sector.
Maryland is at the center of our nation’s cybersecurity efforts. The new United States Cyber Command (USCYBERCOM), was established in June of last year, and is located at Ft. Meade, MD. More than 50 key security and intelligence federal facilities and 12 major military installations are or will soon be located in our state, and combined, these facilities and installations will employ nearly 200,000 well-educated, highly-skilled government employees and contractors in cutting-edge research and development, as well as important scientific, medical and technological innovations. In total, Maryland has one of the highest concentrations of technology jobs in the nation, and led the nation in 2009 with the largest growth in computer systems design jobs.
The Internet and Cybersecurity Safety Standards Act
The Internet has had a profound impact on the daily lives of the people of the United States by enhancing communications, commerce, education, and socialization between and among persons regardless of their location
The Internet and Cybersecurity Safety Standards Act (ICSSA)
· Requires the Secretary of Homeland Security, in consultation with the Attorney General and the Secretary of Commerce, to conduct an analysis to determine the costs and benefits of requiring internet service providers and others to develop and enforce minimum Internet and cybersecurity safety standards
· Requires all relevant factors to be considered, including the effect that the development and enforcement of minimum Internet and cybersecurity safety standards may have on homeland security, the global economy, innovation, individual liberty, and privacy
· Requires consultation with relevant stakeholders in the Government and the private sector, including the academic community and groups or institutions that have scientific and technical expertise related to standards for computer networks, critical infrastructure, or key resources
· Requires report to Congress within one year on recommendations for minimum Internet and cybersecurity standards for computers and other devices that connect to the Internet to prevent them from being used, exploited, and compromised by terrorists, criminals, spies, and other malicious actors