In one of the latest efforts to protect the country’s critical internet infrastructure, the House of Representatives overwhelmingly (422-5) passed a bill designed to strengthen domestic defenses and protect the country from increasingly sophisticated internet attacks. Titled the Cybersecurity Enhancement Act of 2009, H.R. 4061 highlights recruitment and education as vital to protection from cyberattacks.
Likening the effort to a virtual battlefield, Representative Michael Arcuri said that the federal government will need to hire between 500 and 1,000 more “cyber warriors” each year to keep up with ongoing threats. Mr. Arcuri, who argued in favor of the bill on the House floor, said that troops online “are every bit as important to our security as a soldier in our field.”
The struggle to protect the country’s internet frontiers highlights the disparity between agile hackers and the generally sluggish bureaucracy. Lawmakers compete with attackers who process information at the speed of the internet. A bill must make it through both the House and the Senate, and be signed by the President before it can become a law. Even if they were to have a dial-up connection, internet attackers have a significant advantage! Although some say that the best defense is a good offense, locating and pursuing hackers becomes increasingly difficult as technology advances.
A government study last year concluded that current cybersecurity measures are insufficient to protect the country from hackers and cyberattacks. The four-year review reported that large-scale cyberattacks could substantially disable or injure the financial, commercial and physical infrastructure on an international scale.
In an effort to prevent such attacks, H.R. 4061 significantly increases the authority and responsibility of the National Institute of Standards and Technology (NIST). Among other measures, the NIST is charged with developing an education program to teach individuals, businesses and government employees how to keep their computers safe.
H.R. 4061 is the first major cybersecurity legislation passed by the House this year. Though a Senate version of the bill has yet to be drafted, senators are working on several information security bills with similar policy information. Whether these efforts to rally the troops will be successful remains to be seen. Though the average user will not feel or see the effects of the bill for some time, if ever, its passage sets forth a clear agenda and objectives for the government and industry to follow.