On a scale of one to 10, the United States scores about a three in how prepared its infrastructure is for a cyber attack.
That’s according to Gen. Keith Alexander, the director of the National Security Agency and commander of the United States Cyber Command, who spoke at the Aspen Security Forum on Thursday.
The government needs to be able to identify a threat and respond with speed, but the current legislation makes it a legal liability for the private sector to share detailed information with the government. It’s nobody’s fault but it’s everybody’s problem, Alexander said.
There are cyber attacks occurring regularly, some from nation states and some from criminal hackers, and the possibility of an attack has increased with more people getting smart phones and iPads, Alexander said. It’s going to take efforts from both the private sector and the government to combat the cyber attacks, he said.
One way to combat it, he said, is for Congress to pass the Cybersecurity Act, which aims to protect critical infrastructure such as the electrical grid, banking systems, transportation networks and others.
The bill proposes to establish a program where companies operating critical infrastructure would certify that they meet security standards approved by a government-led agency in exchange for incentives, such as liability protections. The bill has been criticized by the U.S. Chamber of Commerce and IBM for imposing additional regulations to the industry.
Alexander argued the bill isn’t an attempt to regulate the industry, but a chance to get both the private and public sectors on the same page when it comes to cybersecurity, he said.
The bill also won’t allow the government to make dossiers on every person, either, which is something the government has been accused of attempting, he said. The point is to identify people who are trying to exploit the infrastructure through hacking and it doesn’t impact privacy, he said.
“If we all technically understood that this would be an easy debate,” he said.