Cyberattacks Emerge as Key New Threat to U.S. Security, Says 9/11 Commission in New Set of Recommendations

The 2004 report (http://bit.ly/1A2xUGg) focused on how to protect the U.S. from terrorism, said former Rep. Lee Hamilton, D-Ind., vice chairman of the commission. Recent conversations with many national security leaders “highlighted” a new “major threat,” Hamilton said. “That is of course the relentless cyberattack from foreign countries and criminal elements,” he said. The vulnerabilities of U.S. cyber systems and “the vast stealing of intellectual property” over the Internet “pose a huge national security challenge."

"One lesson of the 9/11 story is that, as a nation, Americans did not awaken to the gravity of the terrorist threat until it was too late,” the update said (http://bit.ly/1jTIDxQ). “History may be repeating itself in the cyber realm. The Internet’s vulnerabilities are outpacing the nation’s ability to secure it.” The report cites a warning from one former agency head: “We are at September 10th [2001] levels in terms of cyber preparedness.”

The commission cited numerous recent incidents of cyberattacks as signs of the need for improved security, including Iran’s hacking into the U.S. Navy computer systems last year and an attack involving the Shamoon virus, “attributed by many to Iran,” which infected and made inoperable 30,000 computers at a state-owned oil company in Saudi Arabia. “Denial-of-service attacks have tied up companies’ websites, inflicting serious economic losses,” the report said. “A Russian teenage hacker may have been behind the massive malware attack on the U.S. retailer Target, compromising the credit-card data of 40 million customers."

The report also cited an “urgent” need for improved oversight of government collection of data from U.S. citizens. “Data collection and analysis are vital tools preventing terrorist attacks,” Hamilton said. “But effective counterterrorism must be balanced against civil liberties.” The government must explain to Americans why data is being collected and the balance that has been struck between security and privacy, he said.

Data collection and analysis are “vital tools for preventing terrorist attacks,” the report said. Data collection programs are “worth preserving, albeit with additional oversight,” the report said.

"I don’t understand why the Congress of the United States has not come together on the issues of cybersecurity,” said commission member James Thompson, former governor of Illinois. “Every American has either had an experience where they've been hacked or the people with whom they deal have been hacked."

The U.S. is safer today in part because of the recommendations of the 9/11 Commission, said Rep. Michael McCaul, R-Texas, chairman of the House Homeland Security Committee, who also spoke Tuesday. Cybersecurity is an issue that keeps him awake at night, McCaul said. “You know we have tremendous capability to shut things down,” he said. That capability “in the wrong hands” is dangerous, he said.

McCaul said he hopes cybersecurity legislation will be brought to the House floor within the next month. “It’s something the country really needs right now,” he said. McCaul’s committee cleared HR-3696, the National Cybersecurity and Critical Infrastructure Protection Act of 2013, in February.

Commission member Tim Roemer, D-Ind., a former member of the House, said there are many things Congress could do to make the U.S. safer, including approving cybersecurity legislation and simplifying the oversight of the Department of Homeland Security. “We are past frustration on this, especially when it’s a national security issue,” he said. “Congress must do something and do it soon.”