It appears that all the expert cyber threat warnings and media coverage–and now a realistic cyber attack simulation on New York’s power grid–has gotten the attention of Washington.
In the latest example, according to an account published March 8 by Politico, Homeland Security Secretary Janet Napolitano and White House counterterrorism adviser John Brennan, during a classified briefing in the Office of Senate Security, showed lawmakers how a hacker could breach control systems of New York City’s electric system and trigger a ripple effect throughout the population and private sector.
The question is, what actions will result from their new awareness? Is legislation the answer? I am not so sure.
What is needed is accountability. We also need threat awareness training, executive leadership, creativity and nearly continuous innovation to address the current threat and prepare ourselves for cyber threats that will evolve in the not so distant future.
It is not possible to legislate those key attributes. While this threat has gotten attention in Washington, the question remains, has the serious nature of this national security threat really sunken in? to prompt real action?
Recently the National Security Agency (NSA) asked for increased authority and responsibility that they believe they need to protect our nation from the growing threat of cyber attacks. Their request was rejected by the Obama administration.
In January of this year, the White House blocked draft legislation that would have enabled the National Security Agency to monitor private sector networks for malicious software and activities as well as to operate “active defenses” to mitigate these threats.
The NSA has unique cyber threat intelligence and other advanced cyber capabilities that are able to detect malicious software that is targeting the nation’s critical infrastructure that is over 80 percent owned by the private sector. In many cases this cyber intelligence is classified and cannot be openly shared due to the sensitive methods used to collect it or the risks to the assets which sourced the information.
Everyone would have to agree that this is a very difficult balancing act and a tougher job. I hope everyone remembers our cyber defenses have to get it right 100 percent of the time and our adversaries only have to get it right once!
Kevin G. Coleman is a long-time security technology executive and former Chief Strategist at Netscape. He is Senior Fellow with the Technolytics Institute, where he provides consulting services on strategic technology and security issues. He writes weekly for Breaking Gov on the topic of cyber intelligence.