Edward Snowden

US cybersecurity response 'hampered by Edward Snowden'

Whistle-blower's revelations have led to even more attacks, according to officials

PUBLISHED : Tuesday, 04 February, 2014, 5:36am
UPDATED : Tuesday, 04 February, 2014, 7:27am

Several initiatives by the US government regarding cybersecurity have been stopped cold or set back after the Edward Snowden affair broke, leaving the country struggling to respond to the daily onslaught of attacks from Russia, China and elsewhere, according to lawmakers.

US officials rank its cybervulnerability as a greater threat to national security than terrorism.

Snowden "has slowed everything down", said Congressman Mike Pompeo, who serves on the House Intelligence Committee, referring to the former National Security Agency contractor who leaked details of the agency's mass surveillance.

"All the things the NSA wanted to do are now radioactive, even though they were good ideas," said James Lewis, a cybersecurity expert at the Centre for Strategic and International Studies, a Washington think tank.

The Obama administration has said it plans to release this year a list of voluntary best practices in cybersecurity for critical infrastructure, including electric utilities and chemical plants.

But President Barack Obama's warnings last summer to Chinese President Xi Jinping to halt what US officials describe as state-sponsored hacking of US corporations have mostly gone unheeded.

The official position of the United States - that governments hacking governments for military and other official secrets is permissible, but governments hacking businesses for trade secrets is not - is a tougher sell these days.

Leaked documents showing that the NSA spied on Brazil's largest energy corporation, Petrobras, among other targets, have convinced many overseas that the US government "engages in significant espionage related to economic affairs", said Harvard law professor Jack Goldsmith, a former legal adviser to president George W. Bush.

Although Washington insists governments should not spy on businesses, "the rest of the world ignores us because the US position has no basis in international law, it is obviously self-serving and it seems trite in the context of its massive surveillance in other contexts," he said.

No one denies that cyber intrusions are a growing danger.

US Attorney General Eric Holder told a Senate hearing on Wednesday that the Justice Department was investigating the cybertheft of 110 million Target customers' data - including names, addresses, and debit and credit card numbers - during a breach in December.

CrowdStrike, a security technology and services company based in California, said it recently identified a successful Russian campaign to steal data from hundreds of American, European and Asian firms, including energy and technology companies.