Congress Considers Cybercrime Legislation for Infrastructure
Under a new bill in Congress, companies with responsibility for important sections of the private infrastructure would have to meet security standards set by the department of Homeland Security.
Cybercrime encompasses a broad range of computer related activities, from credit card theft to Denial of Service attacks on websites and hacking of computer systems to obtain confidential data.
The focus of this legislation is infrastructure, some of it operated by private entities, like financial networks, rail switching networks and the electrical grid.
The Department of Homeland Security would develop regulations that would require private companies to implement procedures to protect the integrity and functioning of these systems. It is unclear what penalties would be imposed on companies that failed to comply with the regulations.
Of particular concern is the electrical grid. As has been demonstrated by large-scale blackouts, from the 1977 and 2003 blackouts in New York and the North East, to the rolling blackouts in California in the early 2000s, few problems are more debilitating.
In our modern society, the dependence of virtually every piece of critical infrastructure, from stoplights and refrigeration to cell phones and the internet, on electricity is hard to overstate.
Many companies will be forced to comply on their own business necessity, as the cost for failing to protect their systems or data could be catastrophic. (Imagine a bank having a significant segment of their records or transfer systems disabled or destroyed?)
The danger here is that, like many areas related to cyber crime; the reaction will be an overreaction. Google recently announced it has received a significant increase in requests to censor online content. The requests are not just from nations with repressive government, like China.
“It’s alarming not only because free expression is at risk, but because some of these requests come from countries you might not suspect – Western democracies not typically associated with censorship,” said Dorothy Chou, Google’s senior policy analyst.
A Dangerous Confluence
The danger posed by threats like cyber attacks on the electrical grid is that the governmental reaction can be nearly as damaging to our liberty as an actual attack. The changes brought about by the terror attacks of 2001 continue daily, from invasive searches at airports to the expansion of electronic communication examined by warrantless FISA searches.
While it is essential to protect important computer infrastructure, we must be vigilant of laws and prosecutions that may overreach. As Benjamin Franklin said, “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”