from federal times: The country is not taking cybersecurity seriously and will fall victim to a devastating cyber attack within the next few years, former National Intelligence Director Mike McConnell told lawmakers Tuesday.
Disagreements over whether the federal government or private companies should take the lead in developing cybersecurity protocols is making the situation worse, McConnell testified before the Senate Commerce, Science and Transportation Committee.
"If the nation went to war today in a cyber war, we would lose ... We will not mitigate this risk. We'll talk about it, we'll wave our arms, we'll have a bill, but we are not going to mitigate this risk," McConnell said. "As a result, we will have a catastrophic event."
McConnell said he strongly favors the government playing a large role in cybersecurity because a major cyber attack could cripple commerce and shake consumers' confidence in the financial markets and the federal government, rivaling "the damage of a nuclear attack to the country."
"When transactions involve billions of dollars or route trains up and down the East Coast … the basic attributes of security must be endorsed," McConnell said.
Others argued that the government should spur the markets and private companies to develop solutions because the government moves too slowly.
"If the government tries to mandate standards, they will be out of date and an actual impediment to better security before they can be applied. This is not like fire codes in building construction, where the big changes can take decades. We don't know what the minimum code for cybersecurity should look like four years from now," said Scott Borg, director and chief economist at the U.S. Cyber Consequences Unit, an independent, non-profit cybersecurity research group.
But the federal government can't trust companies to have the goodwill to protect their systems, said James Lewis, director and senior fellow for the Center for Strategic and International Studies' technology and public policy program.
"If 10 percent [of companies] don't do the right thing, 100 percent will be vulnerable," he said.
Senate Commerce Committee Chairman John Rockefeller, D-W.Va., and ranking member Olympia Snowe, R-Maine, introduced a cybersecurity bill in March 2009 that would create a Senate-confirmed, Cabinet-level national cybersecurity leader. Snowe said the current cyber czar, Howard Schmidt, lacks accountability and the power to make game-changing policy.
Their bill, S 773, is one of several cybersecurity bills lingering in Congress. The House passed a cybersecurity bill earlier this month expanding cybersecurity research programs.
Update: Are we on the brink of cyberwar?