You choose, we deliver
If you are interested in this story, you might be interested in others from The Journal Gazette. Go to and pick the subjects you care most about. We'll deliver your customized daily news report at 3 a.m. Fort Wayne time, right to your email.

Editorial columns

  • Use common sense in Common Core debate
    The national debate over Common Core State Standards has intensified in recent months as several states have begun rejecting the standards in favor of drafting their own. My home state, Indiana, was the first to choose this path.
  • New censorship study reveals what Beijing fears
    While living for more than a decade in China, and using its thriving social media, no question came to mind quite so often as: “Who is the idiot who just censored that online post, and what on Earth was so dangerous about it?
  • State suits help keep the balance with feds
    Recently some have questioned why the state of Indiana has brought lawsuits against our federal government.

Nation’s cyberdefenses still a neglected priority

The House passed a new cybersecurity bill on Thursday, and the accompanying report emphasizes what many corporate and government experts know only too well.

“A number of advanced nation-state actors are actively engaged in a series of wide-ranging, aggressive efforts to penetrate American computer systems and networks” and “these efforts are targeted not only at sensitive national security and infrastructure information but are also often aimed at stealing corporate research and development information that forms the very lifeblood of the American economy.”

The report called it nothing less than “pillage.”

The other day, Michael P. DeCesare, co-president of the security firm McAfee, a subsidiary of Intel, reminded us of the destructive assault last year on the Saudi national oil company Aramco, which wiped out some 30,000 work stations and servers. It was carried out by malware known as “Shamoon,” of unknown origin.

Meanwhile, he estimated that one in 10 personal computers is unwittingly roped in to botnets that carry out surreptitious cyberattacks, and he shares the concern, voiced last year by then-Defense Secretary Leon Panetta, about our vulnerability to a major cyberattack.

With all this urgency in the air, there is a real need for the government, which has the sophisticated tools and expertise, to team up with the private sector, where the majority of vulnerable networks exist. But such information sharing requires a basis in law.

Congress deadlocked over legislation in the last session. On Feb. 12, President Obama issued an executive order, a stopgap attempt to begin doing something to meet the threat. The new Congress must do better.

The House moved off the dime quickly with a 288-127 vote to approve the Cyber Intelligence Sharing and Protection Act, a modified version of a bill passed last year to authorize government-industry cooperation on a voluntary basis. Despite efforts to strengthen privacy measures, the bill has been criticized by civil liberties advocates and Obama has threatened to veto it.

The House bill is a start, but there is more to be done.

Last year, we favored a more muscular approach to cybersecurity provided in Senate legislation, which imposed mandatory standards on industry for data sharing. The legislation died in the Senate, not least because of stiff opposition from the U.S. Chamber of Commerce, which raised the specter of more government regulation.

The new chairman of the Senate Commerce, Science and Transportation Committee, John D. “Jay” Rockefeller IV, D-W.Va., has pledged to move ahead on cybersecurity, including on the key issue of information sharing. But political support for the mandatory approach seems to be ebbing and may not be included in the Senate legislation now being drafted.

If discarded, some other mechanism – perhaps some kind of incentive – will be necessary to ensure that robust private sector cooperation becomes a reality, not just a promise. Privacy and liability issues need to be hammered out, too.

DeCesare mentioned that a major American automaker was chagrined to find the designs for a new car – proprietary plans that it thought was secure from cybertheft – recently turned up in another country. This is going on every day. Congress ought not to dally.