On the 10th February the Cybersecurity Enhancement Act was put forward to the US Senate in the wake of hacking claims by NASDAQ OMX Group. The stock exchange operator announced that several “suspicious files” were found on a web-based application used at the exchange.
The files were discovered by one of the routine security checks carried out as part of the system of network vulnerability assessments performed on NASDAQ servers.
The events have triggered a rapid response from Washington, with Senator Robert Menendez warning of the immediate threat from cyber attacks:
“Cyber threats are not on the horizon, they are upon us. We cannot allow security breaches to undermine our trust in the US economy.”
Senator Menendez introduced the bill to the Senate last Thursday, only days after the NASDAQ incident, and on the same day that the computer security software provider McAfee confirmed the breach of five multinational oil and gas companies by hackers operating in China.
The aim of the legislation is the increased funding for cybersecurity research and educational campaigns. The bill hopes to create an environment of awareness where information security is concerned.
However, some commentators believe the proposed Act to be a knee-jerk reaction to an already exaggerated issue. Leading security expert and chief security officer at BT, Bruce Schneier, told the BBC that an increasingly emotive rhetoric surrounds the subject, and is serving to blow the issue out of proportion. He expresses his concern over the implementation of legislation such as the Cybersecurity Enforcement Act, which he describes as being “ill-thought out.”
Beyond the individual pieces of legislature being passed around government bodies, there has also been a growing interest in the idea of a cybersecurity equivalent of the Geneva Convention. According to Declan McCullagh, chief political writer for CNET.com, the issue needs to be addressed, acknowledging that “a Geneva convention for cyber war makes sense.” However, he also conceded that “[not] everyone is going to respect it...but at least it starts the discussion and will probably have a positive effect.”