Cybersecurity legislation should be passed before a catastrophic cyberattack causes the United States to overreact, the head of U.S. Cyber Command said on Monday.
Changes to cybersecurity policies should be done while lawmakers can think calmly and rationally about securing American networks while protecting civil liberties and privacy, Gen. Keith Alexander told an audience at an American Enterprise Institute event.
“I’m afraid we’ll argue about this until something bad happens, and when something bad happens, we’ll jump way over here, where we don’t want to be,” he said. “Let’s do it now. Let’s get it right.”
The House has passed several limited pieces of legislation designed to increase cyber information sharing and boost federal network security. But more comprehensive proposals from both sides of the aisle in the Senate have been bogged down.
Democrats, backed by the White House, are pushing the Cybersecurity Act of 2012, which includes new authority for the Homeland Security Department to set and oversee security standards for certain critical networks. Republicans have introduced a bill that is very similar to the Cybersecurity Act, but does not include new government authority. After months of delay, Senate leaders are eyeing the last two weeks in July for floor debate.
Alexander declined to take a position on specific legislation, but he said that legislation is needed to streamline information sharing between businesses and government agencies.
In order to stop cyberattacks, officials need to know about the attacks at “network speed,” he said, comparing cyberattacks to an attack by a missile.
“You can’t use snail mail,” Alexander said. “Cyber is at the speed of light. I’m just saying we need to move a little faster.”
Many information-sharing measures, however, have been bogged down by concerns that they could give businesses and government officials access to Americans’ personal communications.
Alexander acknowledged that privacy and civil liberties are important concerns, but he said they don’t have to be mutually exclusive.
“We can do the protection of civil liberties and privacy and cybersecurity as a nation,” he said. “Its not only something we can do, we must do.” Many privacy fears are founded on the misperception that personal information like e-mails would need to be shared, Alexander said.
He observed that there are “fundamental” differences between the various bills, but he said he believes lawmakers from both parties genuinely want to do more to boost cybersecurity.