The hearings also mentioned the report from last December that hackers in China had breached the U.S. Chamber of Commerce's castle walls, and gained access to information on its three million members, and pretty much everything else stored on its systems. The complex infiltration involving at least 300 different Internet addresses occurred and continued during a six-month period ending in May 2010, when it was finally shut down after the FBI got involved. Although it doesn't seem to get a lot of attention, what happened to the Chamber of Commerce is just one skirmish of an apparently well-known war between Chinese hackers and American companies. We live in era where personal identifying information and intellectual property are the hottest commodities, and the ancient battle for superpower preeminence has transformed into digital ninjas' attacks. My point here is really very simple: Why can't the 21-year-old Iranian student be cooperating with the Chinese hackers and sending e-mails masquerading as the AICPA to you and me? Talented young hackers are the equivalent of someone who finds a skeleton key for all the safe deposit boxes in a bank. All they have to do is figure out a way to get into the bank in the first place, and then they can loot the treasure of all the depositors, regardless of whether that depositor is an individual, or a business, or a power grid.
The cybersecurity hearings are necessary and informative, and have produced predictable results in that competing pieces of legislation to deal with the problem have already been introduced in both Houses. Equally predictable: Everyone is arguing about how our security systems can be protected, and what the appropriate role of the federal government is in creating those protections—or forcing them to be established by the private sector. Senator Joe Lieberman introduced legislation that would grant the Homeland Security Department regulatory authority over private sector entities with systems deemed critical to the nation's infrastructural security. That proposal was immediately attacked by Senator John McCain, who, fearing that the Lieberman bill would turn the DHS into a counterproductive "super-regulator" said, "If the legislation before us today were enacted into law, unelected bureaucrats at the DHS could promulgate prescriptive regulations on American businesses, which own roughly 90 percent of critical cyber infrastructure…"
[Related Article: The Real SOPA Opera Should Be ID Theft]
Private sector representatives seem to agree with McCain (shock). Internet Security Alliance President Larry Clinton said in written testimony: "Traditional approaches, including federal regulation, will not solve the problem as it will be largely reactive and not stay ahead of the changing nature of the threat. Worse, bad regulation could be counterproductive, leading companies to expend their limited resources on building in-house efforts to meet regulatory demands over actually dealing with the threat proactively. Fundamental to stopping the advanced cyber threat is to understand that our biggest problems are not technological, but economic."