September 05, 2012, 8:39 AM — It should come as no surprise to anyone who follows the news in the U.S. that Congress hasn't moved on cybersecurity. Forces on both sides of the aisle watered down, and then eventually nixed, this summer's cybersecurity bill (also known as the Lieberman/Collins bill, sponsored by Senators Joe Lieberman, I-Conn. and Susan Collins, R-Maine). Sen. John McCain (R-Az.) and others proposed an alternative SECURE IT Act, which now languishes as Congress gears up for the November election.
For his part, President Barack Obama has been doing what he can to prepare the country for the possibility of an attack on our critical infrastructure. In July, he wrote an opinion piece in The Wall Street Journal calling for better exchange of information between government and industry in the event of a cyberattack.
It's also possible, in the likely event of Congressional inaction, that the President might issue an Executive Order calling for such information exchange. Such an order, however, comes with its own political risks, as some consider such a move to impinge on the purview of Congress. The end result of all this political maneuvering, therefore, may be little or no action by the U.S. government on cybersecurity, at least until sometime in 2013.
Parties United in Cybersecurity Bill Opposition
The obvious question is whether such legislation would simply be too little, too late. The unfortunate fact of the matter is that we are already in the midst of a cyberwar. Corporations as well as government agencies are under constant attack from a range of opponents, both economic and political. Furthermore, the 2010 Stuxnet attack on Iranian nuclear infrastructure and the more recent Gauss attack on the Lebanese banking system show that the U.S. (or parties aligned with U.S. interests, Israel in particular) are willing and able to take an offensive posture in this Cyberwar.
Analysis: Why Stuxnet is a Really Bad Weapon