Mock cyber-attack on NYC a pitch for bill
The Obama administration simulated a cyber-attack on New York City’s power supply in a Senate demonstration aimed at winning support for legislation to boost the nation’s computer defenses.
Senators from both parties gathered privately in the Capitol last week for the classified briefing attended by Homeland Security Secretary Janet Napolitano, FBI Director Robert Mueller and other administration officials.
The mock attack on the city during a summer heat wave was “very compelling,” said Sen. Susan Collins, Rmaine. She is co-sponsoring a cyber-security bill supported by President Barack Obama. “It illustrated the problem and why legislation is desperately needed,” she said as she left the briefing.
U.S. lawmakers are debating cyber-security legislation after assaults last year on companies including New York-based Citigroup Inc., the third-largest U.S. bank by assets, and Bethesda, Md.-based Lockheed Martin Corp., the world’s largest defense company.
The attacks have increased concern that computer networks operated by U.S. banks, power grids and telecommunications companies may be vulnerable to hacking or viruses that may cause loss of life or inflict widespread economic harm.
The Obama administration is backing a Senate measure introduced on Feb. 14 by Collins and Sen. Joe Lieberman, I-conn., that would direct the Homeland Security Department to set cyber-security regulations for companies deemed critical to U.S. national and economic security.
A competing Senate bill from eight Republicans including John Mccain of Arizona and Kay Bailey Hutchison of Texas would avoid new rules while promoting information sharing through incentives such as protection from lawsuits. Rep. Mary Bono Mack, R-calif., is preparing to introduce similar legislation in the House.
Sen. Roy Blunt, R-MO., called last week’s demonstration “helpful because it got a whole bunch of senators thinking about the same thing at the same time.” He said the exercise didn’t sway him to support either of the Senate bills.
After the briefing, Hutchison cited similarities in the two Senate measures while criticizing the “big new bureaucracy and regulatory scheme” in the Obama-backed version.
The simulated attack “was intended to provide all senators with an appreciation for new legislative authorities that could help the U.S. government prevent and more quickly respond to cyber attacks,” Caitlin Hayden, a White House spokesman, said in an e-mail after the briefing.
A cyber-attack leaving New York without power for a prolonged time could have “disastrous” effects, potentially severing communications, crashing lifesaving medical equipment and destroying networks that run financial institutions, said Lawrence Ponemon, chairman of the Ponemon Institute LLC, a research firm based in Traverse City, Mich.
“I would project that you would have literally thousands of people dying,” Ponemon said in an interview. “A cyber-attack on electrical grids that was sustained for three to four weeks would be like returning to the dark ages.”
Hackers could cause blackouts “on the order of nine to 18 months” by disabling critical systems such as transformers, said Joe Weiss, managing director of Applied Control Solutions LLC, a Cupertino, Calif.-based security consulting company.
“The dollars are incalculable,” Weiss said.
Internet-service providers, including AT&T Inc. and Comcast Corp., opposed new cyber-security regulations at a House hearing last week. The companies said they prefer measures to improve voluntary sharing of information about cyber-threats.
Government-imposed rules could impede innovation, the Internet providers said in testimony to a House Energy and Commerce subcommittee.
“Such requirements could have an unintended stifling effect on making real cybersecurity improvements,” Edward Amoroso, chief security officer for Dallas-based AT&T, said in testimony at the hearing. “Cyber-adversaries are dynamic and increasingly sophisticated, and do not operate under a laboriously defined set of rules or processes.”