Editorial: 'Walking Dead' Reckoning2/18/2013 12:01:00 AM Eastern
It shouldn’t take a zombie attack to make the point
that the U.S. needs a concerted, bipartisan effort to
combat cyber criminals: organizations, individuals,
and state-sponsored hackers and hacktivists.
But last week’s hacking of TV station Emergency Alert Systems to spread the word
on zombies did just that, coming only a day before President Obama signed an executive
order creating a framework for best practices for protecting critical systems.
Following the zombie “attack,” the FCC issued an urgent alert to stations and
cable operators telling them they needed to change the default passwords to
ones that were actually secure, and to make sure their firewalls were as strong as
possible. That is advice we could all use on a personal and professional level (no,
1234567 and your name spelled backwards are not going to get the job done).
The president was issuing essentially the same kind of warning writ large. “Repeated
cyber intrusions into critical infrastructure demonstrate the need for improved
cybersecurity. The cyberthreat to critical infrastructure continues to grow and represents
one of the most serious national security challenges we must confront,” he said.
And “must confront” are the operative words. As a country, we must push past the
politics somehow and agree on a way forward, particularly as we move our checkups
and checkbooks, and yes, our entertainment dollars—billions of them—online.
The president de!ned critical systems as “systems and assets, whether physical or
virtual, so vital to the United States that the incapacity or destruction of such systems
and assets would have a debilitating impact on security, national economic security,
national public health or safety or any combination of those matters.”
Obviously, issuing false emergency alerts falls squarely into that category, but
so do threats that undermine the Internet economy of the security of personal
information. Broadcast and cable operators have both professional and personal
stakes in robust cybersecurity.
That is why we were pleased that: 1) the president forced the issue after Congress
failed to come to an agreement on a cybersecurity bill and 2) the order
makes it a presidential proclamation, in essence, that the framework will be
voluntary, will include plenty of industry input and will be vetted down the road
to make sure it has not had unintended consequences.
The order does not replace legislation, particularly since it does not get into
a key aspect: liability protection for companies sharing cyberthreat information
with each other and the government. No worries there: Republicans and
Democrats plan to go at it once again on Capitol Hill. The scene during the last
Congress was not pretty. Both sides agreed that the threats to critical systems,
including economic ones, were real and growing. Both agreed legislation of some
type was crucial. Yet it was another case of politics trumping policy.
Perhaps now that the president has essentially put his stamp on “voluntary,” there
can be some agreement on how information is best circulated, privacy protected
and liability ensured so that the government can share classified info and companies
can drop their competitive guards long enough to help all of us stay safer online.