Crossroads Blog | Institute National Security and Counterterrorism

cyber attack, Cyber Command, regulation

Cyber Roundup (10/2): Electric grid threat overblown, EO build steam, and FBI on White House hack . . .

Red eye edition.  You know the deal . . .

***

On 10/1, Douglas Birch wrote for Foreign Policy and questioned whether the threat of electric grid failure via cyberattack is overblown.  We’ve all seen the hypothetical . . . a state sponsored or terrorist cyberattack could target the electric grid, cause cascading failures, and throw us into mass chaos.  However, is this a credible and likely threat, or has “fear of full-blown cybergeddon at the hands of America’s enemies become just another feverish national obsession — another of the long, dark shadows of the 9/11 attacks?”

Birch pointed to two recent power failures: (1) a “derecho” storm that hit the U.S. in late June, cutting power to 4.2 million homes and businesses, and (2) when India suffered a power outage affecting 670 million people.  Birch cited these outages as support for the idea that we can suffer a massive grid failure with the results being “less terrifying than imagined.”

Birch correctly noted that a state-sponsored cyberattack that effects the physical world (like Stuxnet) could be completely different.  In that case, a nation-state could physically destroy the generators that power our electric grid.  Rebuilding those generators would likely take months.  In that scenario, we’re without electricity for months.  But as long we don’t see one of those types of attacks . . . maybe he’s right.

***

The LA Times on how the cyber EO is “building steam.”  That thing has been building steam for like a month, when is it getting here.

Along similar lines, Brendan Sasso reports for The Hill that Senate Republicans are urging President Obama to not issue the order.  The article cited a letter from several Senators sent to the president:

An issue as far-reaching and complicated as cybersecurity requires all stakeholders to work together to develop an enduring legislative solution through formal consideration and approval by Congress . . . Yet, rather than build confidence and unity among key stakeholders, an Executive Order will solidify the present divide.

 

***

Sick of the phrase “information sharing?” Want to know what types of information will be shared?  Well Foreign Policy’s John Reed has an article for you.

According to Reed, lawmakers and DoD officials want threat signatures, not personal information.

Reed quoted Gen. Alexander (CyberComm):

We’re arguing over a bad guy putting something in your email, sending it to somebody else to do something to him that you didn’t know was going on, so ironically, both of you want to know that  that’s occurring . . . What happens is, the machines can [automatically] see signatures, they can see those go by and send out an alert that a bad signature has been spotted.  There is nothing about the traffic or the communications that the government will get . . . If signature A goes by, all the government needs to know — DHS, FBI, NSA and Cyber Command — is that an event occurred, we don’t need to know anything more about the communications than A occurred” and that the signature went “from one point to another.”

***

Bill Gertz, of The Washington Free Beacon, on how the FBI, NSA, and Secret Service are looking into that White House hack.  That attack apparently didn’t get beyond a non-classified network (which was subsequently isolated).

Leave a Reply

Bitnami