The bill would require US companies that run 'critical infrastructure' to buttress their cyber security and share certain information with the government. Critics say that's risky and unnecessary, but the Pentagon is all for it.
What keeps Pentagon planners today up at night, even more than the threat of a terrorist attack? It is the prospect of an act of cyberwarfare – an incursion into America’s financial systems, water treatment plants, or the electrical grid that keeps lights on and homes heated.
“Cyber will overtake terrorism as the persistent, gnawing, constantly-at-us kind of threat and danger,” warned Ashton Carter, deputy secretary of Defense, at a conference last month in San Francisco. He was relaying the fears of FBI Director Robert Mueller, who has been describing the dangers of cyberincursions in the same stark terms for months.
On this front, Pentagon officials have become increasingly vocal. They routinely hire teams of professional hackers to find vulnerabilities in computer systems. And they have lobbied to pass legislation currently circulating on Capitol Hill to step up information-sharing between the government and private industry to increase cybersecurity, especially when it comes to “critical infrastructure” such as power plants.
Yet this information-sharing raises eyebrows among some critics outside the Defense Department, who say private companies have enough incentive to improve cybersecurity without legislating it, and that such exchanges between the Pentagon and industry have the potential to compromise privacy.
The Pentagon, for its part, makes no secret of the fact that, even in a time of fiscal restraint, there is money to be had for firms that can help make the cyber realm more secure. In the midst of tense defense budget negotiations, “I can just tell you that at no time in the deliberations ... was it even considered to make cuts in our cyber expenditures – not even considered,” Mr. Carter said.