House Passes Cyber Security Bill - A Good Start?

Only a short time ago headlines reported Google’s claim of a cyber attack originating in China. More recently it was National Intelligence Director Dennis Blair and CIA Director Leon Panetta who testified before Congress, warning of increasing cyber threats and vulnerabilities in our nation’s critical systems. And on February 4 the U.S. House of Representatives overwhelmingly passed H.R. 4061, The Cybersecurity Enhancement Act, by a rare bipartisan vote of 422-5. All of this evidence seems to point to a recognition of the very real threats that face our government, businesses, and individual citizens every day.

However, there are two sides to every coin. (And this is the federal government, so it can’t be straight forward!)

First, if we look to the Senate, we won’t find a companion bill to the House’s version. This would indicate that the issues addressed in the House Bill were a priority for the Congress as a whole. More troubling was the Obama administration’s budget proposal to Congress, which cut funding for the DHS cybersecurity arm.

For those of us who are aware of the threat to our businesses or personal information, how do we read into this? President Obama gave the first presidential speech to focus solely on cybersecurity, he appointed the first cybersecurity tsar, and now looks to cut funding for DHS. The real problem might be public awareness of the issue. It’s possible the issue isn’t a priority for the government because it doesn’t seem significant to the American people (those are the same people the elected officials need to vote for them!). Cybersecurity isn’t jobs, it’s not the economy, or banker’s bonuses, or health care. Although it should, it doesn't scare people enough, it does not produce an emotional response.

There has been a significant and steady increase of cyber attacks targeting small businesses. No longer is this a threat reserved for billion dollar corporations. Attackers are increasingly operating under the assumption that it is easier to steal many times from small, and often times poorly defended businesses, than it is to attack a robust system with greater value one time. Unfortunately the American public often needs a drastic catalyst to become interested in a topic. Hopefully it will not take a cyber 9/11 to convince the public and our elected officials that this is an issue deserving of priority and our full attention.

Hopefully what we are seeing in Congress is at least the beginning of an understanding of the depth of the cybersecurity problem, and not simply a response to national headlines about Google (not that we don't want Google safe, but we all know Google has the resources of most nation-states as compared to your average small business.) Small businesses are just as likely to be a target of cyber "bad actors." We suggest you read the bill summary, found here. H.R. 4061 is a good start, but more needs to be done. If this seems to make sense to you, contact your Senators or Representative and let them know how important comprehensive cyber security legislation is to your small business.