Not much has been done to protect the nation’s electrical grid from hackers in the more than six months after National Security Agency Chief Adm. Michael Rogers warned Congress of the potential for “catastrophic failures” from such attacks, and now lawmakers want to jump-start efforts to find a solution.
“The threat is growing so quickly both in sophistication and in magnitude that it’s hard to keep up with. But we’re not catching up right here,” said House Armed Services Chairman Mac Thornberry, R-Texas.
“This is serious when people steal our information. But that’s basically what’s happened so far,” he said, referring to a massive federal data breach this month allegedly by Chinese hackers. “As serious as this drumbeat of intrusions has been, we have not yet gotten to the most serious things. And we need to get our act together before we get there.”
Though President Obama has ordered the creation of a new agency to coordinate government response to cyber attacks, and lawmakers are considering funding better security for the electrical grid and other infrastructure, the administration and lawmakers say more needs to be done.
After meeting with Israeli security experts last week to share ideas on how to better protect U.S. infrastructure from cyber attacks, Rep. Robert Pittenger, R-N.C., told the Washington Examiner he would push for a greater congressional focus on securing the grid.
“This needs to get on the priority list,” said Pittenger, chairman of the Congressional Task Force on Terrorism and Unconventional Warfare. “We need a major focus, a major task force, to make sure that this is funded, that this is addressed.”
Thornberry, who served as chairman of a congressional cyber task force that recommended legislation to cope with the problem, which was never enacted, said that while Congress has made strides in helping improve the military’s ability to fight in the cyber domain, “What we have not really come to grips with, as a Congress, as a government, is the military’s role to defend private infrastructure.”
The threat by hackers to critical infrastructure such as the power grid or water systems came into sharp focus Nov. 20, when Rogers publicly revealed that China and at least one other country were capable of potentially causing “catastrophic failures” that could kill Americans or damage property with cyber attacks, saying it was only a matter of time before such an attack occurred.
Rogers did not mention Iran by name, but two recent reports by cybersecurity firms noted that Iranian hackers’ skills had increased to the point where they could pose such a threat.
A December report by the cybersecurity firm Cylance Corp. referred to Iran as “the new China” and said hackers working for the Iranian government have penetrated critical U.S. computer systems over the past two years, including those belonging to airlines, educational and transportation networks, chemical, energy and utility companies, and parts of the defense industrial base.
Cyberattacks from Iranian Internet addresses increased 128 percent from January 2014 to mid-March, according to a report released April 18 by the American Enterprise Institute and the Norse Corp. The study on which the report was built used a network of several million sensors around the world to lure hackers into making attacks and detect their methods.
The report also found a 508-percent increase in the infrastructure in Iran devoted to hacking, which co-author Frederick Kagan of AEI suggests is an alarming sign that the ruling Shiite Muslim theocracy is seeking a nonmilitary way to retaliate against any attempt by the United States or its allies to limit its activities.
Current and former officials also have named hackers associated with the Islamic State as another potential cyberthreat against the electrical grid and other infrastructure.
Tom Fanning, CEO of Southern Co., one of the nation’s largest electric utilities, told a Washington audience last month that partnership with the government is essential to securing the grid from cyber attacks because the industry cannot beat back the threats on its own.
But that partnership depends partly on information-sharing legislation that has languished in Congress since it was introduced in 2011, both because of privacy concerns and partisan politics. Though Obama now urges lawmakers to act quickly on the bill, his threat to veto it in 2012 is one of the reasons previous attempts to enact it into law have failed.
This year, lawmakers are trying again, prodded by the recent data breaches. The House passed its version of the bill in April, and Senate Majority Leader Mitch McConnell has promised a vote in his chamber this week.
