The cyber threat
The internet security company Symantec revealed recently that a group of hackers known as Dragonfly infiltrated malware into legitimate software belonging to three manufacturers of industrial control systems — the stuff that controls factories and power grids. In one case, the contaminated control software was downloaded 250 times by unsuspecting users before the compromise was discovered.
This kind of cyberattack is not new, but it is audacious and dangerous. One of the first such assaults was the Stuxnet campaign, which had sabotage as its primary goal, against the Iranian nuclear program.
By contrast, Dragonfly was a multi-pronged infiltrator, aimed at cyber-espionage and gaining long-term access to computers, with sabotage as a future option, perhaps flicking off the electrical power to a city or shutting down a factory. Dragonfly probably was state-sponsored from somewhere in Eastern Europe.
Not alarmed? Then take a look at a proposal from the Securities Industry and Financial Markets Association. According to Bloomberg, Wall Street’s biggest trade group has suggested setting up a high-level U.S. government-industry council to deal with cyberthreats.
What do they fear? Attacks that “destroy data and machines” and could lead to runs on financial institutions, loss of confidence in the banking system and “devastating” consequences for the economy.
The group predicts attacks could result in “account balances and books and records being converted to zeros,” Bloomberg reported on July 8.
A torrent of cyberattacks — disruption, espionage, theft — is costing U.S. business and government billions of dollars. This is reality, not science fiction. In March, Chinese hackers broke into the U.S. government agency that houses the personal information of all federal employees.
For several years, it has been clear to many in government and the private sector that the nation needs to vastly improve protection of its private networks and that only government has the sophisticated tools to do that. But Congress has balked at legislation that would ease the necessary cooperation.
Thus it was encouraging to see the Senate Select Committee on Intelligence vote 12 to 3 last week to approve a cybersecurity bill that would begin to bridge the gap. Its prospects in the full Senate are uncertain. A similar bill passed the House last year.
Understandably, the legislation has triggered alarms about invasion of privacy. There are legitimate fears that the National Security Agency and U.S. Cyber Command will, in pursuit of cybersecurity, scoop up too much information about Americans.
Certainly, the disclosures by former contractor Edward Snowden about how much the NSA vacuumed up in telephone and Internet data have undermined confidence in the government.
But this supercharged privacy debate should not stand in the way of a good cybersecurity bill. Rather, it is a reason for Congress to build in workable and sufficient privacy protections and get on with passing legislation that is long overdue.
— The Washington Post
Rules for posting comments
Comments posted below are from readers. In no way do they represent the view of Oahu Publishing Inc. or this newspaper. This is a public forum.
Comments may be monitored for inappropriate content but the newspaper is under no obligation to do so. Comment posters are solely responsible under the Communications Decency Act for comments posted on this Web site. Oahu Publishing Inc. is not liable for messages from third parties.
IP and email addresses of persons who post are not treated as confidential records and will be disclosed in response to valid legal process.
Do not post:
- Potentially libelous statements or damaging innuendo.
- Obscene, explicit, or racist language.
- Copyrighted materials of any sort without the express permission of the copyright holder.
- Personal attacks, insults or threats.
- The use of another person's real name to disguise your identity.
- Comments unrelated to the story.
If you believe that a commenter has not followed these guidelines, please click the FLAG icon below the comment.