Panetta: DOD Needs Cybersecurity Bill To Help Prevent Cyber 9/11

Sees no substitute for comprehensive legislation along lines of Cybersecurity Act of 2012.

By John Eggerton -- Broadcasting & Cable, 10/12/2012 2:24:19 PM

Calling it a pre-9/11 moment, Secretary of Defense Leon Panetta Thursday told Congress to pass the Cybsecurity Act of 2012, the primarily Democrat-backed cybersecurity bill that failed to pass in this Congress, or we will be vulnerable to terrorist attack.

"The fact is that to fully provide the necessary protection in our democracy, cybersecurity legislation must be passed by the Congress," he said in a speech in New York. "Without it, we are and we will be vulnerable. Congress must act and it must act now on a comprehensive bill such as the bipartisan Cybersecurity Act of 2012..."

Panetta also said DOD was finalizing "comprehensive" changes to its current rules of engagement in cyberspace that "will make clear that the department has a responsibility, not only to defend DoD's networks, but also to be prepared to defend the nation and our national interests against an attack in or through cyberspace.

In the speech, entitled "Defending the Nation from Cyber Attack," Panetta said the Internet was new terrain for warfare, a domain that must be secured today to insure "peace and prosperity" tomorrow.

Panetta conceded there were hackers and criminals stealing personal info to worry about, but that was most worried about a nation state cyberattack, which he said "could be as destructive as the terrorist attack on 9/11." That is the same image invoked by Sen. Joe Lieberman (I-Conn.), lead sponsor of the legislation, in his unsuccessful attempt to reach a bipartisan accord on passage.

Panetta detailed several recent cyberattacks, including the distributed denial of service attacks on U.S. financial institutions in the past several weeks. He said those could be the vanguard of something worse. "We know that foreign cyber actors are probing America's critical infrastructure networks," he said. "They are targeting the computer control systems that operate chemical, electricity and water plants and those that guide transportation throughout this country," and have already gained access to some of those systems.

As to the need for legislation, Panetta said that information sharing, which was the focus of Republican cybersecurity, was not enough. "We've got to work with the business community to develop baseline standards for our most critical private-sector infrastructure," he said.

Those standards, which Republicans were concerned would turn into congressional mandates that would reduce private industry's ability to react quickly and flexibly to evolving threats, were among the issues that hung up the bill.

Panetta said political gridlock was an unacceptable excuse for not passing legislation.

The White House is considering issuing an executive order to mandate guidelines, but Panetta said that is not a substitute for comprehensive legislation.

Responding to the speech, Sen. Jay Rockefeller (D-W. Va.), a co-sponsor of the bill along with Lieberman, added his voice to the call for action: "National security leaders across the spectrum have urged Congress to act," said Rockefeller. "The Chairman of the Joint Chiefs of Staff and the Commanding General of Cyber Command urged us to act. In August, Senate Republicans and beltway lobbyists chose a filibuster over these Generals' urgent requests. Now the Secretary of Defense is urging us again to do what we all know we must do to protect our country from cyber terrorists. This is a time for action, not more political obstruction."