By U.S. Sen. Angus King
(I-Maine)
We live in one of the most technologically advanced societies in the world, and while that technology allows us to share information and connect with each other faster than ever before, it also opens us up to potential attacks from hackers, foreign adversaries, and other cyber-criminals.
For example, a cyber-attack on our Industrial Control Systems used to regulate water management, oil and gas pipelines, electrical power distribution, and mass transit would be devastating. These threats are real, they are very serious, and they must be addressed.
Cyber-attacks also pose a significant threat to our economic security. As cyberspace continues to evolve as the primary theater for innovation and business activity around the world, cyber-crime and foreign collection of sensitive economic information is a significant and growing threat to our prosperity and security. It’s an all-too-familiar story: foreign government hackers and cyber-criminals steal our personal information, our technology blueprints, our business plans – in effect, our ideas – and in the process put Americans in manufacturing states like Maine out of work. This type of attack hurts public confidence in the economy and slows the global pace of innovation.
Furthermore, these incidents are not isolated to large-scale businesses. In its 2013 technology survey, the National Small Business Association found that 44 percent of 845 business owners said their business has been targeted by some form of cyber-attack, which means that we must work to ensure that small businesses are also protected from attack.
Unfortunately, we’re not immune to these attacks in Maine. This past summer, the media reported on the potential exposure of consumer payment card information due to data breaches at several Maine businesses. To better understand the level of concern in Maine regarding cyber-intrusions and how best to measure the costs to our economy, over the last several months my office reached out to a variety of businesses in the health, defense, financial, education, and consumer products sectors. All but one of the companies we spoke with had serious concerns, and most have already experienced some sort of cyber-intrusion.
One Maine health care provider we spoke with spends about a million dollars each year to fend off daily attempts to steal confidential data. Another Maine financial institution estimates that nearly 70 percent of the emails they receive represent an attempt to compromise their security systems. According to the Maine Credit Union League, over the past year data breaches in Maine have cost credit unions around $2 million to replace payment cards and an additional half a million for covering fraud.
We simply cannot afford the status quo any longer. It’s time for Congress to get off the sidelines and into the game by enacting cybersecurity legislation to more rapidly identify and respond to these threats. In July, the Senate Intelligence Committee passed the Cybersecurity Information Sharing Act (CISA) by a vote of 12-3. This bipartisan bill, which I supported, would allow companies to share cyber-threat information and defensive measures, provide liability protection for sharing that information, and require companies to remove personally identifiable information from cyber-threat-related material before sharing it with the government.
Passing this legislation would be an important step toward improving our ability to detect and respond to cyber-intrusions. But it’s going to take more than government action to protect us from hackers and criminals. We need active engagement from businesses and other community organizations. Luckily, we have a shining example of that engagement here in Maine.
The University of Maine System was recently recognized by the National Security Agency (NSA) and the U.S. Department of Homeland Security (DHS) for its efforts to educate and train the next generation of cyber-experts who will help protect our economic and national security. UMaine is the first public university system to be named a National Center of Academic Excellence in Information Assurance/Cybersecurity, highlighting just how much they have to contribute to this important mission.
I had the honor of recognizing this achievement in Portland earlier this fall when I toured the Maine Cyber Security Cluster located at the University of Southern Maine. UMaine’s impressive network of labs – and the students who are honing their skills there – will prove to be an invaluable resource as we work to shore up our nation’s cyber defenses.
Ultimately, this isn’t a fight the government or the private sector can win alone – we need to work together to combat these very real and very grave cyber-threats facing our community.