The threat is real. This time we have to see it coming.
By Cong. Michael McCaul
Texas Insider Report: WASHINGTON D.C. Today advances in technology that connect utilities industries and information in real time have changed the nature of the threats facing the nation. Digital networks could be used as a conduit to gas lines power grids and transportation systems
to silently deliver a devastating cyber-attack to the U.S.
Before the devastating attacks of Sept. 11 2001 it was difficult for most Americans to fathom such a tragedy on U.S. soil. It later became clear that we had not seen the warning signs.
Nation states that mean America harm are sponsoring cyber espionage and are targeting the fastest route to the countrys most sensitive information and critical infrastructure: wireless networks. Cyber-Warfare is no longer an abstract threat to the homeland it is happening now.
Last year an al Qaeda operative called for electronic jihad against the U.S. and compared the countrys technological vulnerabilities to those in American security before 9/11.
A common military tactic by which an attacker attempts to disable or weaken a target before an invasion is referred to as prepping the battlefield. Digital warfare is one way that foreign nation states disable critical infrastructure to make it vulnerable to conventional assaults. Stephen Flynn of Northeastern University testifying last year before the House
Committee on Homeland Security described the cascading effect:
When transformers fail so too will water distribution waste management transportation communications and many emergency and government services Dr. Flynn said. He added: Giving the average of twelve-month lead that is required to replace a damaged transformer today with a new one if we had a mass damage of that scale at a local regional level the economic and society disruption would be enormous.
Whether foreign hackers cause a widespread energy shutdown or worse activate a nuclear meltdown the U.S. cannot be complacent simply because a life-altering attack has not yet occurred
A report released last month by Mandiant a U.S. cybersecurity firm identified China as the source of nearly 90 of cyber-attacks against the U.S. Last fall these hackers targeted a company that provides remote access to more than 60 of North Americas oil and gas pipelines. Their attack was detected but the company failed to stop the hackers from stealing project files. The nations Air Traffic Control system has also been attacked by hackers who stole both personal information and penetrated the ATC servers in 2009. Imagine the damage possible if enemies took command of U.S. commercial aviation.
Cyber-attacks on the U.S. and its allies have also come from Iran and Russia. In December Iranians targeted the state-owned Saudi Aramco with the goal of stopping Saudi Arabias oil production. This year Iran conducted multiple denial-of-service attacks on major U.S. banks.
The Department of Homeland Security and the Obama administration have made progress in promoting information-sharing. But the executive branch lacks constitutional authority possessed by Congress to provide the necessary liability protections that industry needs to freely and systematically share cyberthreat information with the federal government. To thwart attacks we have to see and connect the dots. Congress has a responsibility to establish the statutory processes necessary to solidify and encourage this participation.
Additionally Congress must build on the administrations efforts in a way that promotes U.S. commerce while not hindering its expansion and innovation. The public sector and privately owned companies that make up the countrys critical infrastructure are capable of handling this challengeand we must aid them in creating lines of communication with the civilian entities involved in making the American economy and infrastructure work.
The Department of Homeland Security has been building its partnerships with the private sector and increasing its capacity as an effective conduit for threat information-sharing. DHS manages a bottom-up network of entities from local first responders to nationwide threat-analysis and emergency-response centers like the National Cybersecurity and Communications Integration Center. The DHS could become a nerve center for sharing cyberthreat information with owners and operators of critical infrastructurestreamlining the defenses against cyber-attacks.
Homeland Security already has the ability to provide real-time information necessary for instant threat detection and to share emerging threat information to enable industry to act immediately to safeguard critical infrastructure. However legislation that encourages participation by streamlining processes and reducing legal uncertainty for industry is necessary to help the public and private sectors be more responsive and accountable. In the process care must be taken to protect Americans privacy and civil liberties.
One of the primary lessons from 9/11 is that only by working together can Americans detect and deter their enemies. After the attack the walls that prevented agencies from sharing threat information became apparent. In this new era the government cannot allow turf battles to hamper the development of defenses necessary to prevent cyber-attacks.
The House Committee on Homeland Security is working with all stakeholders and colleagues in Congress to foster consensus on necessary bipartisan cybersecurity legislation. Threats to the U.S. homeland are evolving both in the real
and virtual worlds and so too must the defenses evolve. Congress needs to act:
The threat is real and this time we have to see it coming.
Congressman Michael McCaul represents Texas 10th Congressional District and is chairman of the Homeland Security Committee.
