From Homeland Security NewsWire comes an interview with James Lewis of CSIS:
U.S. always ends up regulating new technologies for public safety; the Internet is no exception
29 August 2012
Homeland Security News Wire’s executive editor Derek Major talked with CSIS’s James Lewis about the cybersecurity challenges the United States faces, Stuxnet, China’s hacking campaign, cyber arms control efforts, and more; on the stalled cybersecurity bill, opposed by critical infrastructure operators as being too burdensome, Lewis says: “It takes America about 20-40 years to come to terms with a new technology, but we always end up regulating it for public safety. This will be no different. We are in year 17.”
Homeland Security News Wire: Why did the cyber security bill fail to gain majority support on the Hill? Do you see the bill passing before the presidential election?
James Lewis: People had doubts about DHS, the business lobbies were strongly opposed, and the Republicans couldn’t resist proposing amendments on health care. It came very close.
HSNW: Do you think the bill is will be an issue of debate before the election? Should it be?
JL: We aren’t going to have any serious debates on national security.
HSNW: It is easy to see why private operators of critical infrastructure facilities would object to the bill, seeing in it another burdensome government imposition. But haven’t we been here before? The airline industry and the chemical industry both adamantly opposed the imposition of government-formulated security standards, preferring instead what they described as “voluntary, industry-designed” security measures. Both industries eventually agreed — or were made to agree, by Congress — that uniform and mandatory government security standards were essential. Do you foresee the same process with regard to critical infrastructure?
JL: It takes America about 20-40 years to come to terms with a new technology, but we always end up regulating it for public safety. This will be no different. We are in year 17.
HSNW: Do you view Stuxnet as a game changer? If so, why?
JL: It really wasn’t a big deal. Weaponized code successfully tested in 2007.
HSNW: Do you know whether the Chinese have already planted “sleeper” malware in the U.S. critical infrastructure system, malware that could be activated at the outset of a U.S.-China conflict in the future?
JL: Probably not, although they have probed it for reconnaissance purposes.
HSNW: What government body in the U.S. should monitor critical infrastructure cybersecurity compliance — DHS? NSA? A new body?
JL: A new body, if DHS can’t get its act together soon.
HSNW: Where do you stand on the issue of a cyber arms control treaty among the major industrial countries? Traditional arms control can be verified (you can count missiles, nuclear warheads, etc.); how do you verify whether or not a country has developed offensive cyberwar options?
JL: Treaties are unverifiable, so there is no sense in agreeing to one. When people invent a weapon they tend to use it unless it is truly horrific, an cyber attack is not in that category....
There is much more here, with other relevant links for more information, on an issue that will directly impact our national security. We all need to be paying close attention.