By Steve Largent and Rick Boucher @CNNTechMarch 5, 2013: 11:00 AM ET
The debate on cybersecurity has produced a sideshow centered around the belief that added security means a reduction in privacy.
Such views are nonsense. Quite simply, digital privacy cannot exist without cybersecurity. Weak security equals weak privacy. Want better privacy? Raise your security game to prevent hackers from stealing private data. Let the experts from the private sector and government communicate with each other so when they see threats, they can alert others and work together to create a solution.
Former Congressmen Steve Largent (left) and Rick Boucher. Largent lobbies on behalf of the telecommunications industry, and Boucher helps telecom companies develop public policy strategies.
Despite this common-sense connection, a seemingly never-ending debate drags on about how our nation can improve its cybersecurity. There is lots of talk, but little action to support privacy's enabler.
That could change if Congress passes The Cyber Intelligence Sharing and Protection Act (CISPA) and the President signs it into law. CISPA passed the House (248-168) about a year ago, and since then has been the subject of considerable discussion, with no discernible progress.
Critics don't like the fact that CISPA enables information sharing between the federal government and the private sector in order to prevent cyberattacks and to pursue cybercriminals, hackers, fraudsters and others intent on harm. As they see it, such cooperation constitutes a potential privacy invasion that is so egregious as to merit no further consideration.
Their concerns are, no doubt, well intended. But they are also out of touch with reality and risk unintended consequences that only serve to allow cybercriminals to operate with impunity.
The breadth and scale of the threat of cyberattacks on our nation's critical infrastructure -- financial institutions, electric and water utilities and air traffic control systems, to name just a few -- to say nothing of consumers' personal data, is no longer in debate. Meanwhile, the avenues and opportunities by which hackers have to penetrate our networks are growing hand in hand with our increasingly mobile communications ecosystem. On the consumer side, for example, a recent study concludes more than 40% of U.S. smartphone users will click on unsafe links this year, potentially spreading malware that can steal data and dollars to their friends, family and colleagues.
Attempts to breach networks happens tens of thousands a time a day, every day. Cybercriminals are smart, nimble and unencumbered by regulations. There's no penalty, and comparatively little risk, for failed attempts. That is, they only have to succeed once, whereas we -- the defenders -- have to prevail every time.
Hacking scale 'we've never seen before'
Does that sound like a dynamic we would be well served to leave unaddressed? Should we keep our fingers crossed and hope things go OK? Or should we work together to provide the nation with the most effective reality-based cybersecurity we can achieve?
Clearly, the latter is what we need: a cooperative approach, one that allows for lawful sharing of information on where, how, from whom, and in what guise cyberattacks and other forms of cybercrime are emerging so defenses can be prepared.
At its heart, good security starts with good communication. When it comes to securing our critical infrastructure, shouldn't all parties be able to communicate with one another about what they are seeing and how attacks can be repelled?
Of course they should. That is why it so critical that Congress passes CISPA and the President signs it into law.
Those who prefer a fingers-crossed or (euphemism alert) more "measured" approach -- that is, allowing some communication, but not too much -- should consider that public-private information sharing for the purpose of protecting critical networks already exists in the U.S. and dates back more than 50 years.
The National Security Telecommunications Advisory Committee (NSTAC), which has its roots in the JFK era, makes possible information sharing between the public and private sectors related to threats to our national telecommunications infrastructure and emergency preparedness. If you've used a telephone since 1963 when NSTAC began, in the wake of the Cuban missile crisis as the National Communications System, you've done so on networks that, as NSTAC's charter states, allow for "public/private partnerships, resulting in mutually beneficial information sharing." Somehow, democracy has survived.
Debate is useful when it advances a discussion and removes obstacles to positive outcomes. However, to be constructive the debate must be based on reality, not abstractions. It's time to stop posturing about cybersecurity and take reasonable steps to improve it, starting with allowing the public and private sectors to communicate, lawfully and with liability protection. The House has already passed CISPA. Now the Senate should pass it and the President needs to sign it into law.
Continued stasis serves no one, except hackers and those who would seek to do us harm.
Steve Largent is president and CEO of CTIA-The Wireless Association, a lobbying group representing the interests of the telecommunications industry in Washington, D.C. Largent served as a member of Congress from Oklahoma from 1994-2001.
Rick Boucher served in the U.S. House for 28 years and chaired the Subcommittee on Communications and the Internet. He is head of the government strategies practice at the law firm Sidley Austin.