In April, the House passed four cybersecurity bills by strong majorities, thanks to work by Members on both sides of the aisle. Although these bills do not solve all of the problems in cyberspace -- and they were not intended to do so -- they were important first steps toward making the country more secure.
Since that time, we have waited on the Senate to debate and pass its version of cybersecurity legislation. There seemed to be renewed hope when a revised version of the Senate bill was introduced in mid-July. It reinvigorated the debate and improved the prospects of action.
But, the Senate bill was unable to find consensus on the difficult issues related to government involvement in the private sector. The overwhelming majority of the infrastructure of cyberspace and of the infrastructure we are trying to protect is in private hands. Yet, the private sector on its own cannot protect itself and the country from the broad range of cyber threats that are growing in quantity and in sophistication. There must be interaction between the government and private sector, but it must be carefully considered or the nation could become more vulnerable to attacks, not less.
Unfortunately, we do not dictate the terms of the cyber war we are in, and the tempo of the fight does not slow down to wait for Congress to act. Cyber threats pose a significant risk to our national security as well as our nation’s critical infrastructure and our economy. Every day, government and private networks are being attacked. Valuable information is being stolen from American companies, making them weaker and less competitive.
We know that the cyber war is one that we can never fully win, but it is certainly a war that we can lose. Such a loss could be catastrophic, and can only be waged by constant vigilance and an ability to quickly prepare, adjust, and react to the latest threats. We have the best technical capability of anyone in the world. Our vulnerability is not created by some superior capability or technology of our adversaries; instead, it is largely a result of our failure to find common ground with each other on laws and policy.
We should not overlook the considerable amount of consensus on the things that should be done. Both of the primary proposals in the Senate share many similarities with the four House-passed bills that were adopted in April. These include removing barriers to information sharing with privacy protections, pushing the federal government to do a better job of protecting its own networks through continuous monitoring, and increasing the focus of federal research and development in cybersecurity. These changes would immediately begin to make a difference right away.
The four House bills do not encompass all provisions in the unsuccessful Senate package, nor do they include all of the recommendations of the House Cyber Task Force. But, they are an important first step, and each of them passed the House with overwhelming bipartisan votes. They are a beginning, but a beginning that will help make our country more secure and is therefore worth doing.
The Senate should pass the four House-passed bills. This issue is too important to let attempts to find the perfect bill prevent us from taking good, significant steps in the right direction. We should at least do those things and agree to continue to work on issues where we may have differences. If we do not, we may look back in astonishment that when we had the chance to act, we failed to do so. America’s security and our economy depend on it.
Thornberry serves as vice chairman of the House Armed Services Committee and as a senior member of the House Permanent Select Committee on Intelligence.