'Cyber 9/11 imminent' warns DHS chief; suggests CISPA-like laws

'Cyber 9/11 imminent' warns DHS chief; suggests CISPA-like laws

Summary: Homeland Security Secretary Janet Napolitano suggested Congress should pass legislation similar to CISPA, in order to avoid a calamitous end to American civilization.

SHARE:
TOPICS: Security
40

A "cyber 9/11" that could hit critical US national infrastructure--including water, electricity, and gas networks--could happen "imminently," the US government's cybersecurity chief has warned.

Homeland Security Secretary Janet Napolitano warned that such networks were vulnerable to hackers and cyberattacks in a speech today at the Wilson Center, Washington, a think tank focused on international affairs and development.

And this is coming from someone who doesn't even use email.

nuke
Boom! Goodbye to Wisconsin, worries the Homeland Security chief in regard to hackers taking over gas pipelines and other critical networks. (Credit: World in Conflict/Ubisoft)

First reported by Reuters, Napolitano was quoted as saying: "We shouldn't wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage."

She also urged Congress to pass legislation governing areas of cybersecurity so that the US government could share information with the private sector, which may help prevent cyberattacks on infrastructure critical to US national security.

Banks, for instance, have recently suffered a spate of cyber attacks, ranging from hacks and breaches to denial-of-service attacks that have crippled Web sites for hours, or even days at a time.

"Attacks are coming all the time. They are coming from different sources, they take different forms. But they are increasing in seriousness and sophistication," she added.

And she's probably right.

In fact, the chances are that the US alone is probably being hit by state-sponsored cyberattacks on a daily basis. There could even be one happening right now (as you read this, or at the time of writing). The US government doesn't want us to know just yet in case we worry about our banks or Internet connection, or even the gas supplies to our home and apartments.

We, the people, may not need to know the details, but the industries that provide these critical services to our everyday lives probably do need to know.

But you know where that's heading, right? Internet eavesdropping and restrictions on the free-flow of data around the United States and abroad--along with other seemingly possible Draconian measures that would put the "land of the free" back in the digital stone-age.

Read this

How SOPA protests were used to push CISPA

How SOPA protests were used to push CISPA

CISPA authors and supporters have tried everything they can to avoid another SOPA protest - except tell the truth about their bill.

Cast your mind back to April last year. The US House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA), but it subsequently stalled at the hands of those in the US Senate. It likely won't pass Congress and land on the President's desk after the whole Stop Online Piracy Act (SOPA) episode caused much of the Web to go dark for a day in order to protest the measures.

And even then, it likely won't be signed by President Obama anyway, considering his opposition to the Bill.

Everyone, from Web inventor Sir Tim Berners-Lee to the American Civil Liberties Union (ACLU), Firefox-maker Mozilla, and Reporters Without Borders, opposed the Bill, and thankfully, they won--kind of--in spite of the strong support from AT&T, Facebook, IBM, Intel, Oracle, Symantec, Verizon, and so on. (Google never publicly stated its position on the draft CISPA Bill, though it opposed SOPA publicly on its main Google.com Web site.)

There are smidgens of draft Bills and suggested laws in the pipeline, but it will likely be beaten and surpassed by (yet another) executive order from President Obama. As the past has dictated, if Congress doesn't play ball, the President will just take it and sign it anyway.

The new executive order could see a voluntary system help protect some areas of critical national infrastructure through a carrot-and-stick approach of incentives.

"The clarion call is here, and we need to be dealing with this very urgently," Napolitano said.

Sure, just not at the expense of the freedoms, liberties, and democracy we have. And, try not to annoy the Internet too much, yeah?

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

40 comments
Log in or register to join the discussion
  • Important stuff

    Nice article, Zack.

    CISPA is quite problematic, as have been many of the laws Congress has fielded, but the potential of a devastating cyberattack is all too real. I've been shouting that clarion call since at least 2007, and it just gets scarier and scarier.

    My concern is that Congress is using this to appease their lobbyist interests, rather than setting forth a strong and sustainable battle plan, along with a plan for safeguarding the rights that define the Union.

    --David
    David Gewirtz
    • Agreed

      Until anyone flagging you or anyone else responding can put out better reasoning to challenge and defeat your claims, yours pretty much hits the proverbial nail on the head right now...
      HypnoToad72
      • What's the deal?

        You were apparently flagged for calling out inapporpriate flagging. Maybe they have made it too easy to do?
        Bill4
    • Flags? Votes?

      Ok, so I clicked on the flag hoping something would come up to explain what they indicate and all it did is add one to the flag count. So what the heck do the flags and votes mean? I have searched on this page and there is no explanation.
      GKSeifert
    • Flags? Votes? More.

      David, sorry about that flag. It was an error.

      Looking for some explanation of flags and votes I found another post which contained the following very important line:

      "And there is still no Edit button to correct error. People are complaining about the missing Edit button since the change to the site a few months ago."

      If there were and edit button I could have added this the my previous post, or perhaps taken back the flag. But, no can do as it is now.
      GKSeifert
      • Flags evolved into anti-votes me thinks

        Since votes only appear to allow us to vote in one direction. I think that flags are now being used for the purpose of down voting. I suspect that the administrators are aware of this and are playing along and allowing this form of expression.
        Astringent
        • Anti-votes should be allowed separately

          As it is, I do try to reserve flags for the stuff that should be deleted (unfortunately, there's a good deal of that), rather than using them to express mere disapproval.
          John L. Ries
  • Important thing to know

    What sort of information does Secretary Napolitano propose to share with private industry? Does she say?

    David is right, however, that the law be drafted for the specific purpose of network protection, instead of allowing it to be turned into a wishlist for intellectual property lobbyists and "we shouldn't need no stinkin' wiretap warrants" advocates.
    John L. Ries
  • Well, with the amount of hackings, ID theft, etc,

    We've had pearl harbor, 9/11, mayan doomsday, supernova, and everything else already.

    Never mind how much infrastructure is offshored, and source code of closed-source properties from private corporations subsidized by US tax dollars to so-called "enemy nations"?

    Why the hyperactivity only now?
    HypnoToad72
    • Boiling frogs

      They have been working on us for a very long time now with endless attempts to slowly turn up the heat. If at first they did not succeed they have tried, tried again, and have been fairly successful. Can you feel the heat?

      Something is changing however. People are waking up. Opposing forces such as Anonymous are fighting back. The dark forces would prefer to label the good guys as bad guys, and due to the fact that they control the media they have been wildly successful in the past, but that is changing.

      To answer you question: Why the hyperactivity now?

      Recent defeats have stricken them with a sense of desperation. Like animals being driven into a corner they are striking out in desperation with increasing intensity. I am not talking about the fictional terrorists. I am talking about those who created them.

      What is about to happen he asks? Answer: Something wonderful.
      Astringent
  • shoot their own foot?

    The problem with this article is that it suggst hackers will take out the very thing they need to continue hacking...the infrastructure, especially the electrical infrastructure. Why would hackers shoot themselves in the foot?
    david gojira
    • Ever Heard of Suicide Bombers, David?

      I agree with David that ordinary criminal hackers would not try to bring down the networks that bring them their loot. However, the alert was regarding TERRORIST and/or NATIONAL actors, whose very purpose, we can assume, would be to take down our networks. In other words, acts of WAR, not theft.

      That being said, the columnist and I are wary of anti-citizen and anti-listener (i.e. copyright fanatics) measures such as Homeland Security and the entertainment industry have tried to pass. We have already seen irreparable damage (i.e. forever lost or inaccessible data) to innocent users of a cloud storage/backup system that allowed a few bad customers to abuse its facilities. We need both legal upgrades (such as allowing the most destructive hackers to be charged with terrorism) and voluntary adoption of common sense security measures by targeted industries (utilities, air traffic control, and more recently, self driving vehicles).

      One possibility is to charge these critical infrastructure industries a premium in exchange for federal bailout in case of emergencies, like the FDIC for banks turned individual bank failures from the depression-triggers they were in the 1920's to the consumer nuisances and page 14 news items they are today. The industries doing the most to protect themselves and their customers would be charged the lowest premiums, and federal technicians would be available, free or low cost, to help upgrade security measures to the latest standards.

      As for intellectual property rights, I believe we should go back to the older standard for reversion to the public domain, 30 years after the original author's death (not that of the current holder, since corporations are immortal), rather than the current 70+ years. The reason it was extended was so that Disney Corporation would be able to stop comical and satiric takeoffs on their characters that were beginning to appear after the original term had expired (e.g. porn cartoons with Mickey and Minnie). Personally, I think the minor harm (and it WOULD be minor) to Disney is outweighed by the stifling of creativity and the loss to consumers of rights in digital media that we had in print and hardcopy media. I can sell, give or lend a book, painting or physical movie to a friend, borrow it back, return it, etc. without getting the publisher's permission every time; and I can copy media to a more convenient or less perishable form as long as I do not enjoy both copies at the same time or give one copy to another person. In the old vinyl days, picky listeners copied their favorite albums to audio tape in order to protect them from the wear of repeated playback with a needle, and to take them away from home; nobody cared unless they sold the copies and made more. Now, the online booksellers not only make it difficult and illegal to play music or read books on more than one platform, they can remotely destroy what you have already paid for on a whim (after preventing you from making a backup that can be used on their software).

      I agree: we do need to work on PROTECTION of our network and other infrastructure from cyber-attacks, but NOT at the cost of police state surveillance, and NOT at the cost of having an oligarchy of big corporations stifle creativity and make extra revenue by forcing consumers to purchase the same item repeatedly. IP v.6, which will eventually become universal on the public internet, will help, but will not be the entire solution.

      So, how about it? Any more discussion of my FINIS (Federal Infrastructure and Network Insurance System) idea?
      jallan32
  • Oh boy...

    The problem is real, but bills are allways hitting the lobby part, neglecting freedom and installing surveilance for the gvmnt. sake

    I'd say, that using new IP v.6 protocol would raise the level of security much more than various bills, that mostly target some particular lobby interest.

    But that would cost....
    Andrej.G.
  • 'Cyber 9/11 imminent' warns DHS chief; suggests CISPA-like laws

    not unless the designers of those infrastructures are bunch of incompetent good for nothing designers/engineers-by-name-only, the proverbial shutdown of any of those infrastructures is next to non-existent. the need for physical presence on-site to effect maximum damage mitigates much of these worries. and there is no amount of legislation can solve the problem, if engineering a secured system is not doable in the first place ...
    kc63092@...
  • I dont understand why this problem needs a law

    Instead of management measures, including actions towards those whose "expertise" created this vulnerability.
    polarcat
  • And people say I'm a Luddite because I won't bank on-line

    Risk to benefit ratio just doesn't cut it for me for on-line banking.
    Someone wants to pull an ID theft of my dough, they're going to have to visit the bank itself and get their pictures taken.
    Dr_Zinj
  • Critical Infrastructure

    Critical infrastructure requires dedicated networks. Everyone has gone to IP networks to save money since they can use commodity equipment rather than more proprietary (and expensive) solutions and they can interconnect with public for simplicity's sake. Won't look like much of a savings when the big hack happens.

    The rush to enrich the bottom line come what may will end up being the main root cause of these disasters.
    gravitron
    • Rewrite corporate charters?

      Agreed, and the dedicated networks should be 'protected' by both air gaps AND strict media (e.g., USB stick) management procedures. Otherwise:

      "U.S. power plants combat USB malware infections
      http://www.zdnet.com/u-s-power-plants-combat-usb-malware-infections-7000009871/
      "Summary: It is not only online threats that the country's infrastructure has to deal with, but also tainted USB drives, according to the U.S. Department of Homeland Security.

      Apparently, some didn't learn anything from Stuxnet. The U.S. could get nailed the same way that the U.S. and Israel (presumably) nailed Iran, with an infected USB stick.

      Why not modify corporate charters to require responsible behavior on a number of fronts: worker health and safety, environmental protection, public protection from hacks that lead to damage of critical infrastructure, customer protection from hacks that lead to the release of their private data, etc. Poorly managed corporations, using metrics beyond profitability (see the previous sentence), get their charter revoked. Of course, self monitoring and external monitoring, including state and government agencies, would be necessary to ensure that corporations are managed in line with their corporate charters.

      Corporations have responsibilities beyond stockholders, bondholders and the enrichment of top executives.
      Rabid Howler Monkey
  • And the Corporate Stranglehold on the Public Good

    I remember a comedy skit a few years ago (it may have been TV or an internet video, I have forgotten the credits) in which the Enterprise is in the midst of a battle somewhere in the galaxy, and the ship's computer suddenly stops and tells Captain Kirk that Windows needs to be "activated" again because the hardware has been swapped out too many times. Thus, the aliens won the battle before Kirk could call Microsoft back on Earth.

    When critical systems were designed by, and written by, defense contractors under military supervision, they were proprietary, and the operations manuals were classified. Now, if a computer in the military (from a soldier's backpack PC to a missile controller) is using Windows, a hacker OR an employee of the manufacturer can get back door access to control the system; and then when the chips are made in China, who knows what back doors are built into those CPU chips?

    I once speculated to my friends that the Justice Department would never be able to bring antitrust suits against Microsoft, because their office workstations used Microsoft Word, and the program may have logic to thwart any legal briefs that accused Microsoft of any misbehavior from being edited or printed! I am glad to find out it was only a joke, not the actual behavior of the program! I hope...
    jallan32
  • Hegelian dialectic

    Hegelian dialectic - Problem - Reaction - Solution

    Someone would like to see a certain set of circumstances come into being. 1) They create a problem, that 2) Creates a reaction, that 3) Induces the sheep to call for a solution that facilitates the desired circumstances.
    Astringent