Warnings exist all around the industry: Beware critical infrastructure is catching the eye of attackers. Wrong. It already has, according to the Department of Homeland Security (DHS).
Cyber attacks have already come close several times to shutting down parts of the country’s critical infrastructure, said the DHS Secretary.
Cyber attacks on financial systems, transportation and other networks are growing, Secretary Janet Napolitano said at an Oct. 28 event on cyber security in Washington, D.C. hosted by The Washington Post. When asked how many attacks may have occurred during the course of the 45-minute question-and-answer session at the event, Napolitano said, “Thousands.”
Some cyber assaults had come close to crashing key infrastructure. There have been attempts on Wall Street, transportation systems, and “things of those sorts,” Napolitano said.
“I think we all have to be concerned about a network intrusion that shuts down part of the nation’s infrastructure in such a fashion that it results in a loss of life,” Napolitano said, noting it was still theoretical and there hasn’t been any deaths yet as a result of these attacks.
In fiscal year 2011, the United States Computer Emergency Readiness Team responded to more than 100,000 incident reports and released more than 5,000 actionable cyber-security alerts and information products, she said.
DHS networks undergo probing by adversaries in an attempt to breach systems. Napolitano declined to discuss the specifics of the intrusion.
Congress needs to act to enact legislation to protect critical infrastructure, Napolitano said. One of the problems facing the United States in defending against cyber attackers is the fact current international law, rules of conflict and government policies have not really kept up with the changes in cyber threats.
The Obama administration released a proposal in May outlining how the private sector should work with DHS to develop cyber security plans to protect critical infrastructure. The proposal also includes requirements for a federal data breach notification law and a call for tougher penalties for computer crimes.
There are several cyber security bills in both houses of Congress focusing on critical infrastructure in circulation, none of them have reached the floor yet. Homeland Security needs to serve as the nation’s “incident response center” in the event of a major attack.