Obama administration unsure about new cybersecurity laws
IDG News Service - Current laws addressing cyber crime aren't adequate to address growing attacks on the government and businesses, a representative of U.S. President Barack Obama's administration said Tuesday.
But when a U.S. senator questioned what additional laws the Obama administration needed, James Baker, associate deputy attorney general at the U.S. Department of Justice (DOJ), said he wasn't sure yet.
"Are all of you, or any of you, satisfied with the existing legal structure under which you are operating?" Senator Sheldon Whitehouse, a Rhode Island Democrat, asked a panel of four government officials working on cybersecurity.
"Senator, that's a complicated question," Baker answered during a hearing before a subcommittee of the Senate Judiciary Committee. "I think the answer to it is no."
Whitehouse asked whether the Obama administration planned to offer proposals for changes in laws or new laws to address cybersecurity concerns.
The DOJ is "debating these kinds of issues ... with a view toward deciding whether we should propose changes, and if so, how," Baker said. "We do not want to mess up, to put it bluntly, the existing authorities that we have that provide a huge amount of capability to collect both law enforcement information and foreign intelligence information."
The Obama administration does not want to make mistakes, "because this area is so complicated," Baker added.
Senators heard conflicting views on what kind of new laws are needed. The U.S. Congress should not pass laws, as some lawmakers have suggested, mandating cybersecurity efforts at private businesses, said Larry Clinton, president of the Internet Security Alliance, a cybersecurity advocacy group.
Market-based incentives should be able to improve cybersecurity, while government mandates could harm the Internet, he said.
"Federally mandated cybersecurity standards not only would not work, but they would be seriously counterproductive to our national economic interests and our national security interests," Clinton said.
But Larry Wortzel, vice chairman of government advisory group the U.S.-China Economic and Security Review Commission, said some mandates may be necessary for private companies associated with national security.
There is some good news, another DOJ employee, Steven Chabinsky, told senators, as U.S. law enforcement officials have brought charges against two large cyber-criminal rings in recent weeks. Chabinsky, deputy assistant director of the Cyber Division at the U.S. Federal Bureau of Investigation, said the agency's work with foreign law-enforcement groups and private organizations has led to "increased and repeatable successes" in fighting cyber crime.
Catching cyber thieves is important, but the U.S. government needs to do a better job of preventing attacks, suggested Senator Benjamin Cardin, a Maryland Democrat. "The good news is we've brought indictments against those who were able to rob us," Cardin said. "The bad news is they were able to rob us. Every day, as I understand it, there is money being stolen through cyberspace."
The subcommittee hearing was supposed to be partly focused on preventing terrorist attacks in cyberspace, but Chabinsky told senators the FBI has not yet seen a "high level" of sophistication necessary for terrorism groups to attack the U.S. cyber infrastructure. The agency, however, is tracking people sympathetic to al-Qaida who've expressed interest in developing the skills necessary, he said.
Other nations and potentially some cyber-criminal groups do have significant capabilities, Chabinsky added. These groups have the ability to alter software, conduct remote intrusions, reroute and monitor wireless communications, and "position employees within our private sector and government organizations as insider threats, awaiting further instruction," he said.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts