As if we didn’t have enough to worry about, serious cybersecurity concerns are quietly but steadily growing. And it was the President himself who has sounded the latest alarm. Several days ago, President Obama issued a warning in an op-ed piece for the Wall Street Journal. Evoking the devastation such a successful series of attacks would have, he even mentioned several instances that showed there is already something to worry about:
Foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day. Last year, a water plant in Texas disconnected its control system from the Internet after a hacker posted pictures of the facility’s internal controls. More recently, hackers penetrated the networks of companies that operate our natural-gas pipelines. Computer systems in critical sectors of our economy—including the nuclear and chemical industries—are being increasingly targeted.
The President’s alarm definitely raised some concerns. He called for the passage of the Cybersecurity Act of 2012, a bill designed to develop and implement basic security standards for the nation’s online infrastructure that he says would balance safety with civil liberties.
The bill has gone before the Senate before. Originally it contained requirements for the power, gas pipeline, and water supply industries to meet certain benchmarks or face penalties. But Republicans opposed it on the grounds that the government was unfairly forcing companies to make expensive security, so those provisions have been dropped. Under the new version, companies can voluntarily ask the government to inspect their arrangements and suggest improvements.
Experts say that the compromised bill will do little to protect the nation from hackers and cyberspies. Without actual government enforcement, the bill is effectively toothless, so companies have little immediate incentive to do the right thing. While Senator Joe Lieberman, one of the sponsors, stoutly defends it, most experts like James Lewis, senior fellow of the Center for Strategic and International Studies, said, “The problem is the bill doesn’t give the government any new capabilities. You don’t need this bill. Nothing really changes.”
Yet the threat appears to be growing. A report for Homeland Security’s emergency response team issued last month shows an increase from about 40 attempts to break into critical facilities in 2010 to about 200 last year. Ironically, however, it’s not just foreign enemies and domestic terrorists that need to be worried about. Cyberwar has already begun in the shadows. Though the United States has only recently admitted developing cyberweapons but not their actual use, according to The New York Times, the US has repeatedly deployed them against Iran.
The infamous Stuxnet virus, 50 times the size of a “normal virus” was likely developed by the US and Israel as part of an operation named “Olympic Games”. The virus was upgraded at least twice during the attacks, and another one called Flame may also have been launched by the West. The President, who has overseen a massive ramping up of the cyberwar effort during his term, expressed concerns about this new arena.
Entering it offers justification for other countries and hackers for their own attacks. But even more dangerous than the precedent, is that the code, having “escaped” into the wild, can now be analyzed and duplicated. The danger is that the same controls that run the Iranian uranium centrifuges manage many industrial plants and factories in the US. What is to prevent them from re-engineering it against us?
In launching these cyberattacks, the nation may have put the Islamic Republic’s enrichment program back a year or two, but the genie is now out of the bottle. It’s probably just a matter of time before what goes around will come back around.
The US is scrambling to get ready. By an executive order signed by President Obama in early July, it has taken the first step though few noticed. Now along with most other resources, the White House can now seize all of the country’s information infrastructure, including, of course, the Internet, and not just during wartime either.
Having sown the wind, the United States must prepare to reap the whirlwind, and there appears to be a storm brewing.