Houston Chronicle

It's not every day that we hear that a bill regarding a major issue of great importance to American industry, society and national security has sailed through the House of Representatives with overwhelming bipartisan support, but that's exactly what happened earlier this month with passage of House Resolution 4061, the Cybersecurity Enhancement Act of 2009. Sponsored by Rep. Daniel Lipinski, D-Ill., and nine others, including the representative for Texas' 10th District, Michael McCaul, the bill represents a concrete set of steps that government can use to confront the threat that Director of National Intelligence Dennis Blair chose to lead off with in his annual intelligence briefing on Capitol Hill last month.

This is not the first major legislation proposed on the cybersecurity issue. Last April 1, Sens. Jay Rockefeller, D-W.Va., and Olympia Snowe, R-Maine, delivered their own blueprint for cybersecurity. Coinciding the introduction of their bill with the activation date of the much-hyped Conficker Internet attack, their initiative withered on the vine. Conficker, while still a real threat, was essentially a bust and left those who gave the gravest warnings about it looking like April fools.

Also, provisions of the Rockefeller-Snowe bill, which would have permitted the federal government to take control over or shut down computer networks, including parts of the Internet, in times of crisis, was viewed by Internet service providers and just about anyone else relying on a large computer network to do their business as government overstepping its bounds. The telecoms and Silicon Valley argued, and rightly so, that recovering from a cyberattack was not a job in which the federal government should step in and exert its control, but rather a more nuanced process where industry and government work together to sort out the mess.

What the House of Representatives has gotten right is to begin assembly of a piecemeal strategy to develop our capabilities over time. This is legislation that accepts that there is no silver bullet or broad act of government that will solve the problem overnight. It provides funding for the training of technology workers who will pay off their educations in national service. It brings together universities, the country's rich resource and development resource pool and industry, funds them and thereby creates a pipeline from the labs to the desktop, the BlackBerry and beyond. Most important, it tasks civilian agencies, including the National Science Foundation and the Department of Commerce's National Institute for Standards and Technology, with delivering solutions to the cyberproblem. Moving forward, we will need to embrace such thinking as most of what constitutes cybersecurity is not cyberwarfare and therefore does not fall within the purview of the Defense Department.

For those here in Houston who may argue that this is a problem for the bureaucrats in Washington or the techies on the West Coast, that is simply not the case. This threat is real. It is real to my daughter's preschool teacher, who awoke one recent morning to find herself locked out of her e-mail. She heard from friends that someone had hijacked her Facebook account. Cleaning up the mess, she must now worry about the integrity of her online accounts, credit rating and identity, while every step of the way proving again and again that she is who she says she is.

The threat is also real to our energy industry. We are in the process of a revolutionary overhaul in the way we produce, buy and consume electricity: the “smart grid.” Smart grid will allow us to confront our energy dependency issues by bringing the same sorts of IT-delivered efficiencies to the electricity business that have allowed retailers like Wal-Mart to manage their supply chain and inventory to enormous profitability. What is risky is that the smart grid will connect the electrical grid's supervisory control and data acquisition (SCADA) systems to wired and wireless networks, including the Internet. While my colleagues and I argued here last spring that we had little to worry about regarding a cyberattack against the electricity grid as it is currently configured (Houston Chronicle, “Is U.S. vulnerable to a cyber attack?” Page B10, May 3), connecting SCADA to the Internet will change that.

A number of good things have happened on the cybersecurity issue in the past few months. President Barack Obama has chosen to tap a leading cybersecurity thinker and doer, Howard Schmidt, to serve as his top adviser on the issue. Google has very publicly pointed the finger at those attempting to steal its intellectual property and is working with the State Department and National Security Agency in what one diplomat called “21st-century gunboat diplomacy.” We are even talking about cyber arms control with the Russians.

Cybersecurity is now approaching where it ought to be on the national agenda. Now the same needs to be said of every Fortune 500 company's boardroom, including those with headquarters here in Houston.