Cyber Attacks Pose Major Threat - Cyber Security Act of 2009
(Page 4 of 4 )
The hearing that McConnell and other experts like him testified at pertained to the Cyber Security Act of 2009, which would "regulate organizations and companies that provide critical infrastructure for the U.S., requiring licensing and certification for cybersecurity professionals, as well as provide funding for grant and scholarship programs."
Though the House of Representatives passed a version of the Cyber Security Act in February of this year, and it was considered a large milestone towards our cyber security as a nation, it was still considered very long overdue, and many were left wondering if a great deal of damage has already been done.
James Lewis of the non-profit organization Center for Strategic and International Studies (CSIS) was quick to point out that the U.S. was--and is--"under attack every day, losing every day vital secrets." This bill would definitely provide a new framework for cybersecurity, but now it's just a matter of the U.S. government acting quickly enough.
Though it sounds dramatic, Lewis' definition of a cyberattack cuts to the heart of the matter, and is actually quite true when you consider the ramifications of a major cyber attack on the U.S. "A cyberattack would be like being bled to death and not noticing it," Lewis said. It's kind of what's happening now. Unfortunately, one doesn't have to look too far for examples of this kind of attack that has wreaked havoc on U.S. finances. Lewis said that a recent attack led to $9.8 million being extracted from ATMs in just a three-day period.
It appears as if cyberattackers intend to hit us where it hurts the most by stealing massive amounts of business information that, according to Lewis, is greatly compromising the integrity and financial stability of U.S. companies and markets. Also, according to Scott Borg, chief economist at the U.S. Cyber Consequences Unit, "Cyberattacks are already damaging the American economy much more than is generally recognized. The loss is greater than losses due to identity theft and credit card fraud combined."
To make matters worse, one of the defenses originally thought to be helpful in monitoring cyberattacks--Supervisory Control and Data Acquisition (SCADA)--are now considered to be quite useless. According to Mary Ann Davidson, chief security officer at Oracle, the world's largest enterprise software company, "SCADA protocols used in control systems were not designed to be attack resistant. They were originally used in electro-mechanical systems where you had to physically access the system, turn the knob, and so on," she said. "Now we are increasingly moving to the IP-based control systems and connecting them to corporate networks that are in turn connected to the Internet. We know some smart grid devices are hackable; we know there are PDAs, digital assistants that talk SCADA because it's just so expensive to send a technician to the plant. Dare I say move the control rods in and out of the reactor? There's an app for that."
Admittedly, the Cyber Security Act was only signed into law last month, and given how major the threats are, it's understandable that the government is still mulling over their options. That being said, the faster something is done, the better, because as we've learned, Americans have a lot to lose should there be a cyber war.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |