Cyber Legislation’s Groundhog Day
Paul Rosenzweig /
Senate majority leader Harry Reid (D–NV) has announced that the Senate will again consider cybersecurity legislation when it returns from its election recess. The move comes in response to another in a series of apocalyptic pronouncements about our cyber vulnerabilities—this one from Secretary of Defense Leon Panetta, who is warning of an imminent “cyber Pearl Harbor.”
We may be forgiven just a small bit of skepticism about the timing of this announcement and its intent. To be sure, vulnerabilities in cyberspace are very real. The recent Shamoon attack on the Saudi oil giant Aramco by Iran left 30,000 computers completely wiped out.
But that doesn’t mean that a crisis is brewing. After all, the phrase “cyber Pearl Harbor” (or some variant of it) has been around for nearly 20 years—the earliest use we know of is in June 1996.
So what is the Reid announcement really about? If it portended a real effort at finding common ground, that would be a good sign. But it isn’t an offer of compromise. To the contrary, Senator Reid used his statement to blame Republicans for the delay in action: “Cybersecurity is an issue that should be handled by Congress, but with Republicans engaging in Tea Party-motivated obstruction, I believe that President Obama is right to examine all means at his disposal for confronting this urgent national security threat.” That kind of name calling just heightens the likelihood of another confrontation without any resolution.
If the Senate were looking for results instead of talking points, they would recognize that there are plenty of reasons to think that cybersecurity regulation by the government is not a good thing. And there is widespread agreement that some types of reform are essential (information sharing, for example).
If Senator Reid were serious about seeking legislation, he would try to forthrightly address the concerns of those who think the regulatory proposals are problematic. Instead he just wants to join in the chorus of crisis.