US needs cyber-emergency response, lawmaker says

The U.S. needs a cybersecurity emergency response capability to help businesses under major attacks, a U.S. senator said Monday.

"Who do you call if your CIO is overwhelmed, if you're a local bank or utility?" Senator Sheldon Whitehouse said during a forum on cybersecurity at the University of Rhode Island (URI). "How can we preposition defenses for our critical infrastructure, since these attacks come at the speed of light?"

Whitehouse, a Rhode Island Democrat, didn't lay out details of a cybersecurity emergency response unit, but he said he hopes the U.S. Senate will pass a comprehensive cybersecurity bill this year.

Whitehouse also called for the U.S. to develop "rules of the road" for Internet use. While unsafe cars are not allowed on highways, no one stops unsafe computers from connecting to the Internet, he said during the URI webcast.

"We allow computers dripping with malware and enslaved to botnets unrestricted access on most of the information highway," he added.

Coordinated cyber-attacks could shut down the U.S. power grid, stock exchanges and the Internet, added General Keith Alexander, director of the U.S. National Security Agency and U.S. Cyber Command.

Alexander was responding to an audience member who asked him what was the worst that could happen if several nations banded together to attack U.S. cyberspace. The power grid and Internet are "vulnerable," he said.

"I don't think any nation out there right now wants to attack us, but we have these vulnerabilities, and we've got to address them," Alexander added. "These are significant problems."

Asked about cyberterrorism, Alexander said terrorists' cybercapabilities are "at the lower end of the spectrum today." But terrorists could be a much stronger threat in as little as 18 months, he said.

Another audience member asked Alexander about the U.S. government's offensive cybercapabilities and how much the offensive efforts inform the defense. U.S. Cyber Command, launched in May 2010, brought together offensive and defensive capabilities in the U.S. Department of Defense, Alexander said.

"If you think about it, the best defense is made by having your offense help your defense," he said. "Our offense ... has some great capabilities."

Whitehouse and Representative James Langevin, also a Rhode Island Democrat, both talked about huge dollar losses in the U.S. because of cyber-attacks.

There are 1.8 billion attacks on U.S. government servers every month, Langevin said. During 2010, researchers tracked 662 data breaches at large companies or government agencies, with 16.2 million records exposed. Cyber-attacks cost the U.S. economy an estimated US $8 billion a year, he said.

In addition, 9 million U.S. residents are victims of identity theft each year, and cybercrime costs large businesses millions of dollars each year, Whitehouse said. Cybercriminals have stolen about $1 trillion worth of intellectual property from U.S. businesses, he added.

"I contend that we are on the losing end of the biggest transfer of wealth in history as a result of theft and piracy," Whitehouse said.

Langevin encouraged students to consider cybersecurity careers at URI, which has a digital forensics center.

"All the best ideas won't keep us secure without the right people to execute them, and our nation's cyberworkforce is not large enough to match the scale of these threats," Langevin said. "Experts have estimated that the U.S. has fewer than 1,000 people with the advanced security skills to effectively compete in cyberspace, but the reality is that we need 20,000 to 30,000."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.