Can simulated attack on NYC power grid bridge the partisan divide?

Apparently hoping that there are no partisans in the foxholes, the Obama administration recently gave a group of senators a demonstration of what could happen during a cyberattack on New York City’s power systems during a heat wave.

The idea behind the March 7 simulated attack was to stress the need for cybersecurity legislation that would help the United States protect itself against such attacks, Bloomberg reported.

Cybersecurity bills have abounded in Congress in recent years, but all have stalled so far.

Related stories:

GOP's alternative cyber bill sets up 'classic Washington duel'

Senators spar over who should lead on cybersecurity legislation

Representatives of the White House, Homeland Security Department, FBI and National Security Agency took part in the demonstration, the details of which were kept secret. But White House spokeswoman Caitlin Hayden told Bloomberg the exercise was “intended to provide all senators with an appreciation for new legislative authorities that would help the U.S. government prevent and more quickly respond to cyberattacks.”

Dozens of cybersecurity bills of one stripe or another have been introduced in Congress over the past several years, but none have emerged, failing for reasons ranging from partisan wrangling, to opposition to a supposed presidential “kill switch,” to plain old inaction.

Most recently, Sen. Joe Lieberman (I-Conn.) in February introduced the Cybersecurity Act of 2012, what he called a compromise, a bipartisan bill that would clarify DHS’ role in overseeing the security of privately owned critical infrastructure and reform the Federal Information Security Management Act.

Republican senators immediately objected, saying Lieberman’s bill bypassed hearings before the eight GOP-controlled committees that have some jurisdiction over cybersecurity and was too heavy with regulations on industry.

On March 1, a group of senators led by John McCain (R-Ariz.) introduced an alternative bill, the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology, or Secure IT Act, which stresses voluntary information sharing between the public and private sectors but sets no requirements for securing private critical infrastructure.

The question of regulatory requirements on private companies is shaping up as the sticking point between the two bills. At a hearing March 7 before the House Energy and Commerce subcommittee on Communications and Technology, network executives said that regulation would hurt, rather than help, cybersecurity by limiting innovation.

The White House’s own cybersecurity proposal, introduced in May 2011, states that the administration prefers cooperation with industry over regulation, and proposes ways to encourage security efforts among the owners of private infrastructure.

The simulated attack on New York’s power grid apparently was an effort to emphasize the extent of the potential threat. Fears of infrastructure attacks have been heightened since the Stuxnet worm successfully attacked centrifuges used in Iran’s uranium enrichment program, and an information-gathering Stuxnet variant, Duqu, was found in the wild.

The threat of infrastructure attacks are seen as most likely coming from nation-states, such as China, which has been the source, in terms of IP addresses at least, of numerous attacks against websites in the United States. A report released March 8 by Northrop Grumman for the U.S.-China Economic and Security Review Commission states that China has developed significant cyber warfare capabilities.

But such attacks could come from other sources as well. National Security Agency Director Gen. Keith Alexander said recently that he’s worried that the hacktivist group Anonymous could develop the ability to attack the U.S. power grid within two years.  

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

inside gcn

  • cybersecure new york city

    Cybersecurity for smart cities: Changing from reactionary to proactive

Reader Comments

Mon, Mar 12, 2012 Cowboy Joe

All out cyber warfare might just be a bit like all out nuclear warfare - the collateral and retaliatory damage might be more than an up and coming nation-state would want to bite off. State TRAINED rogues with nothing to lose on the other hand ... that worries me.

Mon, Mar 12, 2012

This is one of those: I'm from the government and I'm here to help you! Watch for it to be over budget, late, and not solving the problem.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group