Homeland Security Secretary Janet Napolitano warned on Thursday that a major cyber attack is a looming threat and could have the same sort of impact as last year’s Superstorm Sandy, which knocked out electricity in a large swathe of the Northeast.
Napolitano said a “cyber 9/11” could happen “imminently” and that critical infrastructure – including water, electricity and gas – was very vulnerable to such a strike.
“We shouldn’t wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage,” said Napolitano, speaking at the Wilson Center think tank in Washington and referring to the September 11, 2001, attacks.
Napolitano runs the sprawling Homeland Security Department that was created 10 years ago in the aftermath of September 11 and charged with preventing another such event.
She urged Congress to pass legislation governing cyber security so the government could share information with the private sector to prevent an attack on infrastructure, much of which is privately owned.
A cyber security bill failed in Congress last year after business and privacy groups opposed it. The measure would have increased information-sharing between private companies and U.S. intelligence agencies and established voluntary standards for businesses that control power grids or water treatment plants.
Business groups said the legislation was government overreach. Privacy groups feared it might lead to Internet eavesdropping.
New cyber legislation is being considered, but it is unclear whether it will get through the gridlocked Congress.
President Barack Obama is expected to soon issue an executive order that would set up a voluntary system to help protect some critical infrastructure and offer incentives to companies that participate.
But without a new law, companies cannot be granted any kind of legal immunity for sharing information with the government and within the industry about potential threats.
Officials have pointed to recent hacking attacks on U.S. banks as a sign that the cyber threat is real and growing.
“The clarion call is here and we need to be dealing with this very urgently,” said Napolitano. “Attacks are coming all the time. They are coming from different sources, they take different forms. But they are increasing in seriousness and sophistication.”