According to a former top U.S. intelligence official, it may take a cyber-calamity to spur the United States to get serious about cybersecurity, including getting the U.S. government and businesses to cooperate closely when dealing with threats and attacks.
"Until we have a banking collapse or electric power goes off in the middle of a snowstorm for eight weeks, or something of that magnitude, we're likely just to talk about it and not do much," said Mike McConnell, former director of National Intelligence, in a Reuters interview. Government agencies have tremendous capabilities, he said, but are generally prohibited from working within the United States, even to protect U.S. companies from foreign attacks.
If, for instance, the National Security Agency (NSA) today detected a threat against a U.S. corporation, it "is powerless to do a thing other than issue a report," he said.
McConnell noted the government has unique skills -- such as codebreaking -- that the private sector lacks. It also has advanced cyberwarfare capabilities that could be used to protect critical infrastructure and intellectual property from overseas attacks.
But getting legislation passed to increase private sector and governmental cooperation is likely to be difficult in Washington's current political gridlock.
According to Reuters:
The House intelligence committee in December approved a bill that would allow U.S. spy agencies to share cyber-threat intelligence with private companies. Some critics worry that could lead to government surveillance of private data.
Senate Majority Leader Harry Reid has said the Senate will take up "comprehensive" cybersecurity legislation this year.
"There will be a thousand voices on what is the right thing to do," McConnell said, warning that a crisis may be necessary to reach consensus. "All I'm arguing is the government has unique capability -- figure out a way to harness the capability in the defense of the nation," he told Reuters.
The former DNI and NSA chief is now vice chairman of Booz Allen Hamilton, where he works on the consultancy's Cyber Issues practice.
Analysis: McConnell is right. After something bad happens we will get the cyber-equivalent of the Patriot Act, which has proven highly controversial since its passage in the wake of Sept. 11, 2001, and subsequent reauthorization.
It would be great if there was some path that might lead to well-considered legislation this year, but given the upcoming election and Washington's inability to get technology right (witness SOPA and PIPA), there is little hope until at least 2013 -- or until after the cyber-disaster that is almost certain to occur someday.