As a major cyber security bill wends its way
through the congressional chambers, some key
organizations are trying to knock the wind out of
it. Civil libertarians and privacy rights activists
are saying that the measure would do more harm than
good -- a notion that is refuted by its sponsors who
say that time is of the essence.
The matter could hit the floor of the U.S. Senate in
weeks. And while all lawmakers in both the House and
Senate can agree that the country must beef up
protections to its power plants and transmission
lines, that’s where the consensus ends. The measure
now pending is lauded by some who say that it
defends “critical assets” and loathed by others who
say that it is both too onerous and too intrusive.
The Cyber Security Act of 2012 is opposed by 34
different privacy and civil liberties groups from
across the ideological spectrum. They are saying
that if the bill were to pass, it would give
Facebook, Microsoft and Verizon the ability to share
information about their customers -- all in the name
of national security.
“However, in the push to increase security, the bill
would essentially bypass all existing privacy laws
and allow companies to share private, and
potentially sensitive, communications and records
with the government, even if that personal
information is not necessary to describe a cyber
security threat,” says Sharon Bradford Franklin, who
is senior counsel to
The Constitution Project.
Sympathizers in Congress are adding that the pending
measure fails to adequately define “critical
infrastructure.” If the ruling powers decide that it
is something that a private business does not want
included, legal wrangling would begin. This is an
argument to which the
Obama administration is sensitive and to which
it responds by saying that it would work with both
parties to craft a sensible measure.
To that end, its official position paper on the
subject says that the digital infrastructure was
created as a way to share information. And at the
time it was built, little consideration was given to
security. As a result, both national enemies and
corporate thieves are trying to steal or destroy
valuable assets.
The White House, generally, supports the bill about
to be debated on the Senate floor -- one that its
sponsors argue does narrowly describe “critical
infrastructure”: That would be any national asset
that is brought down or destroyed and that would
lead to mass casualties, mass evacuations or
financial collapse.
“We are being bled of our intellectual property
everyday and would-be enemies probe the weaknesses
in our most critical national assets -- waiting
until the time is right to cripple our economy or
attack a city’s electric grid with the touch of a
key,” says Senator Joe Lieberman, I-Conn., the
bill’s co-sponsor, in a floor speech.
Utility Concerns
After collectively identifying the precise systems
that are at high risk, the U.S. Department of
Homeland Security would then work with that “narrow
slice” of the private sector that must join in the
battle, Lieberman adds.
For example, let’s say that Pepco, the electric
company serving the Washington, DC, metro area, had
“critical” systems covered by the bill: Only systems
directly involved in the generation or distribution
of electricity would need to conform to the
increased security standards, the senator notes. But
Pepco’s other systems, like human resources or
customer service, would not be asked to do anything
new.
For their part, power companies are already supposed
to certify with the Federal Energy Regulatory
Commission that they have developed robust systems
that can continue to generate and deliver power if
attacked. To comply, they are describing their
potential risks based on historical accounts.
As with other businesses, utilities are also
concerned about overreach. They prefer voluntary
efforts, as opposed to those mandated by law, noting
that as owners of the assets, they are naturally
motivated to secure them. Moreover, the electrical
structure here is inextricably linked to the health
of the economy: Altogether, more than 800,000
megawatts of power that is transported via 200,000
miles of transmission serve a population of 300
million.
“Cyber threats change so quickly that any
legislation must also protect the ability of the
private sector to be fast and agile in the
detection, prevention, mitigation, and response to
cyber events that can have national or global
impact. Policymakers should not complicate or
duplicate existing security-related industry
standards with government-specific standards and
bureaucracies,” says a letter signed by the
Edison Electric Institute to the House
leadership.
Because there is general consensus that legislative
action is necessary, the partisans are trying to
bridge their differences. Electric utilities are
worried about cumbersome laws. Other interests are
concerned about privacy rights. But the bigger
picture is national security, and it remains unknown
if all of those competing dynamics can be reconciled
so that a cyber security bill could pass.
EnergyBiz Insider is named a 2012 Finalist for
Original Web Commentary presented by the American
Society of Business Press Editors. The column is
also the Winner of the 2011 Online Column category
awarded by Media Industry News, MIN. Ken Silverstein
has been named one of the Top Economics Journalists
by Wall Street Economists.
Twitter: @Ken_Silverstein
energybizinsider@energycentral.com
Copyright © 1996-2012 by
CyberTech,
Inc.
All rights reserved.
To subscribe or visit go to:
http://www.energycentral.com
To subscribe or visit go to:
http://www.energybiz.com