The federal government and private businesses must be allies, not adversaries, in the ongoing fight to improve the nation’s cybersecurity infrastructure, a top Justice Department official said Tuesday.
“The attackers we face range in sophistication, and when it comes to nation states and terrorists, it is not fair to let the private sector face these threats alone,” said John Carlin, assistant attorney general for national security.
Almost all Fortune 500 companies have been hacked at some point, Mr. Carlin told the U.S. Chamber of Commerce’s annual Cybersecurity Summit.
“Have you thought ahead to the day when you will have to face your customers, your employees, your board, and your shareholders?” he said. “If that day was today, could you tell them that you’ve done everything in your power to protect your company’s future?”
Mr. Carlin said cyberattacks are on the rise, citing a study by the accountancy firm PricewaterhouseCoopers that found attacks in 2014 were up 48 percent over 2013.
“We are on notice, we are all targets,” Mr. Carlin told the business leaders. “You are on the front lines of these battles, but we are with you.”
The federal government and Justice Department are working to shore up cybersecurity protection, as well as launching efforts to prosecute cybercriminals, be they lone wolves, terrorists or members of foreign governments, Mr. Carlin said. He also noted several steps businesses could take to protect themselves, including the growing trends of buying “cyber insurance” to help mitigate financial loss.
“At the department, we want to arm ourselves for the threats of today, but also prepare ourselves for the threats we can see coming over the horizon,” he said. “It’s a race against time, and one with high stakes consequences The threats aren’t letting up, and neither should we.”
But the law also needs to change to adapt to the growing field of cybercrime, including becoming more adept at working on multijurisdictional cases since cybersecurity knows no boundaries, he said.
“Many of our laws on the books were not written with cybersecurity in mind,” Mr. Carlin said. “New cyber legislation in several areas, including information sharing, is needed.”
Sens. Dianne Feinstein, California Democrat, and Saxby Chambliss, Georgia Republican, have worked together to craft the Cybersecurity Information Sharing Act, which would revamp how the agencies share cybersecurity data with each other, the private sector and the public.
“This is serious, it has huge financial consequences,” Mr. Chambliss told the summit. “This is not a short term project, with the way that technology changes in the world of cyber on virtually an hourly basis.”
The proposed bill would help unify the ways that businesses and the federal government detect, report and share information on cyber breaches and hacks. The legislation is waiting to be brought for a vote before the full Senate, but both Ms. Feinstein and Mr. Chambliss expressed concerns that its momentum could be killed following the November elections.
“If we don’t do it this year, I fear it’ll be at least another year,” Mr. Chambliss said. “If we wait another year, we are really risking the economy of the United States.”
In 2012, the U.S. Chamber of Commerce helped lead an effort to kill a similar bill that they deemed too intrusive to businesses. Now, after some reworking by Ms. Feinstein, the lobbying group said it supports the current version.