Under Cyber Attack

We Must Do More to Protect Government Agency Computers and Private Networks

An Op-Ed by Congressman C.A. Dutch Ruppersberger in the Baltimore Sun

A war broke out in November 2008 — not on the battlefield, but in 7 million computers across the world. The soldiers are computer geeks armed with state-of-the-art codes to eliminate the enemy, a dangerous worm quietly and quickly settling into unsuspecting hard drives.

A year and a half later, we’re still battling. The worm, nicknamed Conficker, continues to outsmart our most sophisticated minds and technology. It’s hiding in the shadows, ready to strike.

What kind of damage Conficker will cause is unknown, as is the identity of its creator, but experts warn it could be catastrophic. That’s the challenge of cyber security. The enemies are elusive, and the stakes are high.

Cyber networks have become essential to everyday life. They power computers and cell phones. They control the electric grid that keeps the lights on. They link homes, schools and businesses, and they run the classified military and intelligence systems that protect our soldiers on the battlefield.

Just as a terrorist is able to board a plane and turn it into a weapon, the bad guys can virtually board a cargo ship. With a few clicks through a manifest, they can quietly replace a container full of medicine on a delivery truck heading to a hospital with one full of explosive chemicals, then hatch a plan to blow it up.

Right now, our nation is not doing enough to protect our networks. As chairman of the House Intelligence Subcommittee that oversees the technical aspects of cyber security as well as a member of the Appropriations subcommittee that funds Homeland Security, I know we are under attack every day. Government websites have been penetrated, allowing criminals to steal hundreds of millions of dollars in technology secrets and priceless military information. China’s widely-reported cyber attack on Google just scratched the surface of what kind of damage can be done stealing trade secrets.

Cyber attacks on American government agencies are up more than 400 percent. As the threat gets worse, I am worried that the Department of Homeland Security, the federal agency charged with protecting government agencies and helping defend private networks from cyber attacks, is falling farther behind.

DHS is the consolidation of 22 different federal agencies and programs. It was given its cyber security mission in 2003. But last week, the DHS Inspector General issued a report saying the department’s cyber section is understaffed, has inconsistent leadership and lacks an overarching strategy. The report also found DHS is not actively sharing critical information and computer programs designed to detect and destroy malicious code before it attacks. This needs to change.

I am cosponsoring legislation that would establish a national cyber security director who has budget authority, a seat on the National Security Council and the ability to coordinate policy and strategy across government agencies and the private sector. President Obama’s appointment of a cyber coordinator was a positive step, but we don’t need another advisor. We need someone with enough clout to get the job done.

This new director would review each government agency’s budget and ensure they are allocating the proper resources and manpower to protect our networks. The bill would enable the director to recommend the president withhold bonuses from agencies that don’t properly secure their networks.

This cyber security director would work with DHS to engage the private sector, which owns most of our critical infrastructure. DHS must develop a process to distribute and share reports of trends, anomalies and recurring attacks with private companies so they can shore up their cyber defenses. The old school system of sitting around a conference table discussing the latest attack isn’t going to work. We need real-time, automated sharing of malicious code. Proper encryption must be utilized, and the constitutional right to privacy must be strictly protected.

One federal agency is doing it right. The National Security Agency, which has been charged with protecting our military cyber infrastructure, has created a central Cyber Command at Fort Meade to coordinate the Pentagon’s strategy. Headed by a four star general who has budget authority and the support of 23,000 employees, NSA is well-positioned to address the increasingly diverse cyber threats to our military systems. We need a similar structure for government agencies and private companies.

Our army of computer geeks fighting what could be our toughest battle needs one comprehensive mission and one commander leading the charge. The current scattered strategy just won’t cut it. Too much is at stake.

U.S. Rep. C.A. Dutch Ruppersberger, a Democrat, has represented Maryland’s 2nd District since 2003. He can be reached at http://www.dutch.house.gov.