Experts Address Growing Cyber Threat to National Security


February 22, 2012

Panelist sitting in chairs in front of Homeland Security Policy Institute backdrop

From left to right: Kevin Gronberg, Tom Corcoran, Nick Rossi, Michael Chertoff, Frank Cilluffo, Mike McConnell, Tommy Ross and Jeffrey Ratner

Some of the nation’s leaders and policymakers in the fields of homeland security, defense and intelligence gathered at George Washington’s Jack Morton Auditorium Wednesday to discuss the challenges of legislating cybersecurity.

Retired Vice Admiral Mike McConnell, M.P.A. ’86, former director of national intelligence and former director of the National Security Agency, and Michael Chertoff, former secretary of homeland security, joined senior congressional staff for a roundtable discussion analyzing cybersecurity legislation recently introduced in Congress.

The event, which concluded with a question-and-answer session, was hosted by George Washington’s Homeland Security Policy Institute and moderated by HSPI Director Frank Cilluffo, associate vice president for homeland security. 

Broadcast live on C-SPAN, “A Conversation on Cybersecurity Legislation” also featured congressional staff members leading the cybersecurity legislative efforts, including Tommy Ross, intelligence and defense advisor to Senate Majority Leader Harry Reid, (D-Nev.); Jeffrey Ratner, counsel to the Senate Homeland Security and Governmental Affairs Committee; Nick Rossi, minority staff director of the Senate Homeland Security and Governmental Affairs Committee; Tom Corcoran, B.A. ’91, senior policy advisor to the House Permanent Select Committee on Intelligence; and Kevin Gronberg, senior counsel to the House Committee on Homeland Security.

A bipartisan Senate bill, introduced a few weeks ago, would require companies that run computer networks critical to U.S. economic and national security to have better defenses against cyber threats. Under the bill, the Department of Homeland Security (DHS) would also have the authority to identify and regulate networks that have the potential to cause mass damage if attacked.

In contrast, two bills recently introduced in the House of Representatives promote information-sharing between companies on cyber threats without being subject to DHS regulations.

Threats to the nation’s cybersecurity could have catastrophic consequences in the area of economics, national security and individual privacy.Mr. McConnell called the bills “necessary but insufficient.”

Acknowledging concerns over information-sharing and individual privacy, he said there is “not a corporation in the nation that can successfully defend itself,” noting that the industry and private sectors are “truly, truly dependent on the digital age.”

“There are unique things that only the government can do, and we need to harness that capability,” he said.

Stressing there is an “urgent need” for cybersecurity legislation, Mr. Chertoff said the bills are a “good starting point” to addressing cybersecurity but also highlighted the difficulties of policing cyberspace.

“The fundamental architecture of the Internet is the presumption of openness and accessibility,” he said. “You can get data anywhere as long as it’s connected in some way to a network.”

“If you think about it from a security standpoint, that is the exact opposite of what we have accepted as the premise of security in prior centuries, where you lock things up if they are valuable or put them in a safe, and someone had to get into your space physically to see what you had,” he added. “So that presumption of openness—which is a good thing—challenges us in terms of how our security operates.”

While there are opposing ideas about how to legislate cybersecurity, Mr. Cilluffo said everyone can agree the cybersecurity threat is “significant” in both scope and scale.

“We need to do more in this space,” he said. “We need to ensure our ability to protect networks and as much as possible keep pace with the advances in networking.”

In his welcoming remarks, GW President Steven Knapp noted the importance of researching cybersecurity, adding that the university was in the process of rolling out “a university-wide cybersecurity initiative, which will bring together policy, research, education and training.”