Homeland Security Secretary Janet Napolitano warned on Thursday that a major cyber attack is a looming threat and could have the same sort of impact as last year’s Superstorm Sandy, which knocked out electricity in a large swathe of the Northeast.
Napolitano said a “cyber 9/11” could happen “imminently” and that critical infrastructure – including water, electricity and gas – was very vulnerable to such a strike.
“We shouldn’t wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage,” said Napolitano, speaking at the Wilson Center think tank in Washington and referring to the September 11, 2001, attacks.
Napolitano runs the sprawling Homeland Security Department that was created 10 years ago in the aftermath of September 11 and charged with preventing another such event.
She urged Congress to pass legislation governing cyber security so the government could share information with the private sector to prevent an attack on infrastructure, much of which is privately owned.
A cyber security bill failed in Congress last year after business and privacy groups opposed it. The measure would have increased information-sharing between private companies and U.S. intelligence agencies and established voluntary standards for businesses that control power grids or water treatment plants.
Business groups said the legislation was government overreach. Privacy groups feared it might lead to Internet eavesdropping.
New cyber legislation is being considered, but it is unclear whether it will get through the gridlocked Congress.
President Barack Obama is expected to soon issue an executive order that would set up a voluntary system to help protect some critical infrastructure and offer incentives to companies that participate.
But without a new law, companies cannot be granted any kind of legal immunity for sharing information with the government and within the industry about potential threats.
Officials have pointed to recent hacking attacks on U.S. banks as a sign that the cyber threat is real and growing.
“The clarion call is here and we need to be dealing with this very urgently,” said Napolitano. “Attacks are coming all the time. They are coming from different sources, they take different forms. But they are increasing in seriousness and sophistication.”
neverquit
OK, I’ll jump in here with my fireproof suit on.
First of all, I *hate* government intrusion into our lives. I am a strict Constitutionalist, always have been, always will be, will never change.
That said, threats to our National Security are not the same as they were last week, last month, last year, last decade, and so on.
The resistance to proposed security measures “last time” were that ISP’s and websites as well as phone companies were going to provide the ID of users. Some users saw that as a serious threat to their privacy.
I saw it as a serious threat to corporate security, *IF* the corporations did not use their own security measures regarding their proprietary valuables. Secured servers, (such as only accept incoming from registered processors, etc) For personal privacy, people can use encryption for their messages if they so desire. Personally, I don’t care who sees my messages.
Open for discussion.
The only issue I have is that if “they” can see my “messages”, then I am not secure doing anything confidential on the internet. I view my funds, transactions and identity as top secret and I only want to share it with those I conduct normal aspects of daily life. Nothing beats the old handshake and hand over fist gentlemanly business transaction. It helped build the Nation.
Very true. Four years ago we moved our financial affairs from banks to a local credit union for exactly those reasons. Even so, just like the banks, they have to decide whether any transfer +10G is for legitimate business or has markers of illegal activity that is required to be reported.
When you tap in the URL of your banking account and the financial institution has SSL installed on those pages your business is encrypted from your keyboard to your account. Indcators on your browser tell you if it is secure. If present government recomendations are enacted it will only mean the transaction (or whatever) is being stored for examination.
Can anyone take a wild guess how many new government employees, at an elevated pay grade, it would take to perform Manager Exception review of all the transactions, messages, exchanges that take place every day? Presently government security is dependent on a serious limitation of the venues they are monitoring. It’s a daunting mission. Officers working their buts off trying to keep up with terrorists, scammers, organized crime, and the lone-wolf threats must have moments of frustration.
When sending sensitive messages to sensitive destinations several methods of encryption are readily available, some good ones are free. Although most are subject to decryption by a determined opponent, it is easy to use methods that would delay that process into the next decade somewhere and require expensive resources to accomplish. Some time ago when our friend Zimmerman produced his last version of PGP and went into Security Consultation and