October 22, 2009

Gillibrand Provision To Improve Cyber Security Passes Senate

Language Included in Defense Authorization Bill Would Establish Comprehensive Plan to Ensure Long Term Cyber Defense By Recruiting, Training Proper Experts

Washington, D.C. - To ensure America is fully prepared to prevent future cyber attacks, U.S. Senator Kirsten Gillibrand announced Senate passage of a legislative provision she authored that would require a full assessment of the military's needs for additional cyber security personnel and training and harness private sector resources to strengthen U.S. preparedness. The language was included in the Defense Reauthorization Bill that passed the Senate this evening, and will now go to the President for his signature.

"Cyber security is a top priority for our national security," Senator Gillibrand said. "Devoting more attention to exploring our technological vulnerabilities and mounting an aggressive defense against cyber attacks and cyber terrorism has become a national security imperative.  Additional reports to Congress should focus on these issues. We must have a comprehensive review of our cyber security needs, and the inclusion of this provision will work to ensure that we have the resources we need to protect us from cyber attacks."

The language included in the Defense Authorization bill would require the Secretary of Defense to submit a report to Congress within one year on the state of cyber security and recommendations to increase cyber expertise. The report would specifically include:

  • An assessment of the military's needs for additional cyber security personnel and training.
  • The training and career development process for cyber security professionals.
  • Incentive programs to recruit and retain cyber personnel, and potential obstacles to recruitment.
  • The effectiveness of education and outreach efforts to attract cyber personnel.
  • The use of civilian and military personnel to fulfill cyber security needs.
  • Efforts to coordinate with private sector and industry resources, and establish public-private partnerships to improve the availability of cyber personnel.

According to some estimates, government and industry currently has access to less than 1,000 highly skilled cyber security experts, but the need is as high as 20,000 to 30,000 individuals capable of protecting the nation's networks.

Recent cyber attacks against U.S. intelligence and military targets have resulted in the U.S. Department of Defense (DOD) spending more than $100 million in the first six months of 2009 to repair damage to networks caused by cyber attacks. A report from the Center for Strategic and International Studies says that U.S. companies have lost billions in intellectual property because of cyber attacks.

The CSIS report also stated that cyber attacks have joined terrorism and weapons of mass destruction as one of the new, asymmetric threats that put the U.S. and its allies at risk. A growing array of state and non-state actors, such as terrorists and international criminal groups are targeting U.S. citizens, commerce, and the information infrastructure of America, including the Internet, telecommunications networks, computer systems, embedded processors and controllers in critical industries to steal, exploit, disrupt or destroy information.

Cyber exploitation activity has grown more sophisticated and targeted over the past year and is expected to increase. Relevant international cyber security agreements focus only on issues relating to cyber crime and common operating standards and have not been signed by certain countries from which cyber attacks may be launched.

Earlier this year, Senator Gillibrand introduced innovative legislation to stem the threat of a global cyber attack. The Fostering a Global Response to Cyber Attack Act would bring the U.S. together with its allies in the international community to harness the strength of their partnerships, and create the right defense to protect Americans and the citizens of all nations from cyber attacks.