There's nothing quite like wielding scare tactics as a weapon to get people to drink cybersecurity Kool-Aid meant to induce eye-popping fear. As Joel Gordes, president of West Hartford consultant Environmental Energy Solutions, formerly stated, the message is, "in a nutshell; be scared, be very scared." Pike Research previously claimed "utility cybersecurity is in a state of near chaos" and that a "$60 piece of software can bypass an entire defense-in-depth implementation" and bring mass chaos. So now let's pretend we are in the midst of a killer heat wave and electricity goes poof. Oh and not a temporary brownout, but a prolonged blackout that could possibly have deadly effects. "Disastrous effects," according to the chairman of the Ponemon Institute, by "potentially severing communications, crashing life-saving medical equipment and destroying networks that run financial institutions."
Behind closed doors Wednesday evening, senators witnessed such a scenario, a mock cyber attack on New York City's power grid during a heat wave "to push for tougher cyber-security measures to protect the nation's water, electrical and telecommunications grid." Caitlin Hayden, a spokeswoman for the White House National Security Council, announced the White House coordinated the Senate demonstration of a "hypothetical cyber attack against United States critical infrastructure networks." Hayden stated, "The classified scenario is intended to provide all senators with an appreciation for new legislative authorities that would help the U.S. Government prevent and more quickly respond to cyber attacks."
The FBI, NSA, DOJ, DHS Secretary Janet Napolitano and White House counterterrorism adviser John Brennan all took part in the simulated New York City power grid attack which was undoubtedly meant to scare the stuffing out of senators and win support for cybersecurity legislation. In fact Senator Susan Collins told Bloomberg, "The mock attack on the city during a summer heat wave was 'very compelling.' It illustrated the problem and why legislation is desperately needed."
The White House supports Senate bill S. 2105, introduced by Senator Joe Lieberman, which would give Homeland Security the power to oversee critical infrastructure and ensure that private computer systems meet specific standards. ISPs are opposed to that cybersecurity bill and in favor of S. 2151, introduced by Senator John McCain, which promotes "information-sharing through incentives such as protection from lawsuits." Politico reported, the "two competing Senate cybersecurity bills both aim to protect the nation's water supply, utility companies and other critical infrastructure from cyberattacks. But the measures diverge in one key area: whether the owners of critical infrastructure networks should be required to follow new government security standards."
While discussing a potential cyberattack on NYC's power grid, Lawrence Ponemon, chairman of the Ponemon Institute LLC told Bloomberg, "I would project that you would have literally thousands of people dying. A cyber attack on electrical grids that was sustained for three to four weeks would be like returning to the dark ages." The article also referenced "a blackout that swept parts of North America in August 2003 left 50 million people in the dark for as long as four days." According to security consultant Joe Weiss, "Hackers could cause blackouts 'on the order of nine to 18 months' by disabling critical systems such as transformers."
FBI Director Robert Mueller told a House appropriations subcommittee, "To date, terrorists have not used the Internet to launch a full-scale cyber attack, but we cannot underestimate their intent." Such hacking attacks were discussed at the 2012 RSA conference where Mueller warned, "In the not too-distant-future we anticipate that the cyberthreat will pose the greatest threat to our country." He expects cybercriminals to pose a threat that will rival terrorist groups like al Qaeda. While discussing cyber attackers and breaches, Mueller added, "There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again. Maintaining a code of silence will not serve us in the long run."
Interestingly enough, at that same RSA Conference, security guru Bruce Schneier said "people who are taking advantage of technology to further their own business models threaten the Internet." Schneier said, "I think there's going to be a lot more security." According to eWeek, Schneier expects security products to become less for consumers and more for web companies like Facebook and Google. "These companies will then be responsible for keeping users safe. The fundamental problem of security will go away, and there will be more government involvement, he said. Worst of all, much of the government and business activity online will be shrouded in secrecy."
Cybersecurity is essential to our nation. After the secret demonstration for senators which simulated a cyberattack on NYC power grid, will the Obama administration get the added backing for their cybersecurity bill?