Pam Roach: Preparation can shield state’s valued assets from cyberattack

Jan 3, 2016

This guest column was published in the Seattle Times, Jan. 3, 2016. The Legislature tackled cybersecurity during the 2016 session by passing Senate Bill 5628. The bill directs the state chief information officer to devise a process to detect and respond to cybersecurity incidents, and directs the Department of Commerce to advance the state’s leadership role in preventing cybersecurity attacks.

By Sen. Pam Roach, R-Sumner

Sen. Pam Roach, R-Sumner

Sen. Pam Roach, R-Sumner

While concern about terrorism is at an all-time high, what worries national-security experts the most is the threat we face from cyberattacks.

According to the Chapman University Survey of American Fear, many Americans share the experts’ concerns, with almost 45 percent of those surveyed reporting that they are afraid or very afraid of cyberterrorism.

A Wall Street Journal report recently detailed a previously undisclosed 2013 cyberattack in which attackers — likely linked to Iran — had infiltrated the controls of a New York dam. According to the report, this year alone saw the U.S. Department of Homeland Security respond to 295 hacking incidents related to industrial controls.

The consequences of a full cyberattack on our infrastructure could be disastrous — leading to critical failure of the power grid, hundreds of billions of dollars in economic damage and the inability of first responders to act.

But while experts and the public agree on the need to address cybersecurity, too often our elected officials are eerily quiet on the subject

It has long been my job, as a member of the state Senate Government Operations and Security Committee, to keep lawmakers focused on issues related to city and county government.

When I became chair of the committee in 2013, I sponsored a work session on cybersecurity. At that meeting, Scott Eigenhuis, manager of IT security and risk for Puget Sound Energy, testified that the utility experiences ongoing attempts to probe its network, at a rate of more than once a day.

“It’s not what we’re seeing at our firewall that concerns us most; we know we stopped that,” said Eigenhuis. “It’s what we don’t see.”

Because of this increasing threat, last year I added cybersecurity as a primary focus of the committee.

The significant and continued growth of cyberattacks against the United States makes cybersecurity an especially critical issue for Washington, given our state’s reliance on trade and major role in national defense.

Addressing the 2015 Association of Washington Business Policy Summit, Michael Hamilton, with the state Office of the Chief Information Officer, noted: “Washington has half-a-trillion dollars that move in and out of our maritime ports, and because we are very tech-heavy, we are disproportionally attractive to these threat-actors. High concentration of military, and all of these things, paint a target on us.”

State leaders must recognize that cybersecurity is a real vulnerability for our state, counties and cities. They must take immediate action to ensure state and local governments, energy infrastructure and private-sector businesses, as well as individual citizens, are prepared to meet that threat.

Fortunately, Washington has been a leader in cybersecurity protection and preparedness, and there is much that we have done right. In 2012, we launched a statewide cybersecurity program. Washington also was one of the first states to fully utilize its National Guard for help in cybersecurity preparation and response.

But it is important that we continually evaluate the changing nature of the threat and adapt our practices.

This year, I will propose that the Legislature create a “Department of Stateland Security,” with functions akin to those at the federal Department of Homeland Security. Among its responsibilities would be making sure that the state is prepared to thwart cyberattacks — and respond quickly and effectively when one happens.

There are some concrete best practices that we could employ:

  • Make this new department a repository for cybersecurity resources and a facilitator for coordination and information-sharing.
  • Increase close collaboration with our private-sector partners.
  • Identify new tools for law enforcement to investigate, disrupt and prosecute cybercrimes.
  • Strengthen our critical infrastructure and government networks.
  • Adapt existing measures for natural disasters to cybersecurity.
  • Promote practices among utilities that help address their unique risks.
  • Conduct regular cyber audits to better assess risks and identify solutions.

Ultimately, cybersecurity is a threat that is likely to get worse before it gets better. If government hopes to defeat those who seek to use our technology against us, it can’t have the public in the dark.

Our citizens and technology leaders are the best weapons we have in this war. We must bring them to the fight.

State Sen. Pam Roach, R-Auburn, who serves as president pro tempore of the Senate, is the chair of the Government Operations and Security Committee.