May 7, 2012 by Vance Taylor
Once again, America is officially under attack. According to multiple reports, including an “incident response” report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), U.S. natural gas pipeline companies are at the center of a major cyber attack campaign. The campaign may have begun as early as last December and continues to move full speed ahead.
Centered around an attack vector known as “spear phishing,” the campaign being waged on natural gas pipeline companies threatens an infrastructure that ensures the reliable delivery of more than 25 percent of our national energy supply – now that is a problem.
The question now is: What are we going to do about it?
While I’m certain that some in Congress will use this latest cyber attack campaign as fodder to further their cyber security legislation, I do not believe we can legislate our way out of this problem.
These attacks aren’t coming because of any real or perceived lack of cyber security protocols in the private sector. The attacks are coming because we allow countries like China to use cyber space to lie to us, steal from us, cheat us and even physically harm us without consequences or repercussions. It has to end.
If Congress wants to do something productive to address cyber security, it should work (along with the Administration) to establish deterrents that will make countries like China think twice before taking our lunch. Two such deterrents could include:
– Banning businesses that are headquartered in countries that hack into our CIKR networks from competing on projects in the U.S. sectors where American networks have been compromised or attacked.
– Instituting economic sanctions (equaling up to 10 times the costs of the financial implications of a given cyber attack) on any foreign country attacking America or her industries.
In short, Congress should stop legislating the private sector as a means to giving the nation the illusion that it’s doing something about cyber security. Instead, it should do something to prevent future attacks and actually bring perpetrating countries to justice.