Wonder what a cyberattack might look like? Think the post-Sandy east coast.
If some rogue nation or terrorist hacker launched a cyberattack on power plants or water systems, the result could be the same widespread outages and disruptions this week’s hurricane left in its path, according to Homeland Security Secretary Janet Napolitano.
“If you think a control system attack that takes down a utility, even for a few hours, is not serious, just look at what is happening now that Mother Nature has taken out those utilities,” she said Wednesday.
A hack-attack wouldn’t result in the flooding that Sandy unleashed. But it could plunge areas of the nation into darkness; shut down railroads, traffic control and water systems; and disrupt the supply of gasoline.
It’s an ominous threat. There was a 17-fold increase in attacks targeting computers running essential infrastructure from 2009 to 2011, said Gen. Keith Alexander, director of the National Security Agency and head of the U.S. Cyber Command. But Congress has done little to secure the nation against the new style warfare.
Since most of the nation’s critical infrastructure — banking and financial systems, computer and cell phone networks, power grids, railroads, water systems, hospitals — are privately owned, what’s needed is a public-private partnership to toughen digital defenses and share real time information about threats, cyberattacks and defenses.
Unfortunately the bill the House passed in April is inadequate, calling only for voluntary information sharing. Tougher legislation, though still without mandatory digital defense standards, never made it out of the Senate. The Obama administration has pushed for quick action, but talk of cyber-security has been conspicuously absent from the presidential campaign.
The lame-duck Congress will have plenty to do when it convenes after the election. But after Sandy, cyber-security needs to be on the list.