Rising cyberthreats set backdrop for latest cybersecurity bill

As the Senate prepares to take another stab at passing a comprehensive cybersecurity bill, a new report shows the number of cyberattacks growing dramatically from China.

China has accounted for the largest percentage of attacks since the last quarter of 2011, according to the latest State of the Internet report from Akamai, which provides one of the largest global networks for Internet content delivery. In the third quarter of last year, China accounted for 33% of cyberattacks, more than double the previous quarter.

By comparison, the combined percentage of the second and third countries, the United States and Russia, respectively, was less than 18%, Akamai reported.

"China's growth from the second quarter was fairly significant, and somewhat surprising," the report said.

Akamai is only the latest study to bolster arguments that the U.S. needs to bring private and public organizations together to protect telecommunication systems, government and corporate networks, and power plants, water filtration systems and other critical infrastructure. Adding to the urgency is the rising number and sophistication of cyberattacks.

An example of advanced threats includes dedicated denial of service (DDoS) attacks over the last several months that has sent an unprecedented amount of bogus traffic against the websites of major U.S. banks.

Over the last three years, security experts have identified three highly effective complex viruses -- Duqu, Flame and Stuxnet -- that have struck government systems around the world.

[Related news: Employees put critical infrastructure security at risk]

The growing risk is behind efforts in the U.S. Senate to try again at passing a comprehensive cybersecurity bill. A committee in the upper house is in the process of writing the Cybersecurity and American Cyber Competitiveness Act of 2013, which will eventually go to the full Senate.

Sens. John D. Rockefeller IV, chairman of the Commerce, Science, and Transportation Committee; Tom Carper, incoming chairman of the Homeland Security and Governmental Affairs Committee; and Dianne Feinstein, chairman of the Select Committee on Intelligence, introduced the proposal this week.

Experts agree on the need for legislation that would establish processes for public and private organizations to share information that would help build better defenses against attacks.

"Given the continuing attacks that we are seeing against a variety of industries, some sort of legislation is an inevitable necessity, as these businesses will all have to be on the same page to stem the tide," said Al Pascual, analyst for Javelin Strategy & Research. "The cyberthreats facing our nation are real, and we need to start getting real about a solution."

To protect the nation, security can no longer be an option for private industry in charge of critical infrastructure.

"For a law to be successful it has to address data sharing between organizations and include provisions that address/force organizations to have security," said Murray Jennex, an associate professor at San Diego State University and an expert in critical infrastructure security.

While security should be mandatory, the government cannot expect private industry to share information without protection from lawsuits related to customer privacy, Jennex said. There is also the issue of protecting data that a competitor could use.

"What I would like to see is a presidential order that allows companies and industries to work together, share attack information and risk information, and come to a consensus on what to do; all without the fear of being sued by customers," Jennex said.

Also, to avoid laws that become outdated quickly, Congress should focus on establishing data-sharing processes and security requirements, without dictating which technology is used, he said.

Congress failed last year to pass the Cyber Security Act of 2012. Opponents that managed to derail the bill included business groups that argued it contained unnecessary and onerous regulations and privacy advocates who said it did not go far enough to protect personal communications.

The latest proposal has drawn support from Janet Napolitano, secretary of the Department of Homeland Security. In urging Congress to pass legislation, Napolitano told the Wilson Center think tank in Washington that lawmakers should not wait for a "9/11 in the cyber world."

"There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage," a Reuters report quotes Napolitano as saying.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cybersecurity Act of 2012Akamai Technologiescybersecurityapplicationscritical infrastructuresoftwaredata protectioncybercrimecyberattacksData Protection | Malwaresecurityphysical securitylegal

More about Akamai TechnologiesJavelinReuters AustraliaTransportation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts