Panetta warned last year of the possibility of a “cyber Pearl Harbor.” He told business leaders attending a meeting of the Business Executives for National Security that the country is increasingly vulnerable to foreign computer hackers who could attack the country’s transportation system, government, financial networks, and power grid.
In a recent report, the Department of Homeland Security (DHS) estimated that more than 40 percent of all reported cyber attacks on critical infrastructure in 2012 targeted the energy sector. Many of the incidents reported to the DHS targeted information that could facilitate remote access and unauthorized operation.
Sustained cyber attacks targeting the websites of a dozen U.S. banks, including Wells Fargo, JP Morgan Chase, and Bank of America, exemplify the growing threat to the financial sector. What makes these attacks suspicious is that they are not carried by opportunists trying to steal data or money, but instead by experts keen on creating significant disruptions. Computer-security specialists say that the attacks showed a level of sophistication that exceeded that of amateur hackers, making it more likely that they were orchestrated by a nation.
“There is no doubt within the U.S. government that Iran is behind these attacks,” former Commerce and State Department official James A. Lewis told the New York Times this month. According to Lewis, the attacks are probably in retaliation for previous cyber attacks on Iran as well as sanctions imposed on the country.
After the intensifying wave of attacks, major U.S. banks have turned to the National Security Agency for technical assistance in an effort to protect their computer systems, the Washington Post reported.
The banks’ request follows a similar push by a trade group for more collaboration between the private sector and government. The Business Roundtable, which represents the chief executive of top U.S. companies, has recently called on Congress to pass legislation aimed at improving the sharing of information between government and industry so companies can thwart cyber attacks quickly. The group, however, cautioned against a “static compliance based regime” that would undermine a more dynamic solution based on information sharing.
Before the Senate vote in November, Lieberman warned of the possibility of an executive order issued by the president if the Senate voted against moving the bill forward. Reid also noted that the order would fall short of what the bill could accomplish, including liability protection that would protect companies from legal action if they are hit by a cyber attack.
In a letter sent to the president in October, a group of Republican senators urged Obama to work with Congress on cybersecurity legislation instead of acting unilaterally in a way that “will solidify the present divide” among stakeholders. The White House is expected to roll out the executive order as early as the end of this month.
As new leaders assume command of the congressional committees in charge of cybersecurity legislation, the prospects of reviving the debate have begun to emerge. A coalition of Senate Democrats, led by longtime cybersecurity legislation supporter Sen. Jay Rockefeller (D-W.Va), introduced on Wednesday a new resolution tackling the issue. “The new Congress has a real opportunity to reach needed consensus on bipartisan legislation that will strengthen our nation’s cybersecurity,” the senators said in a joint statement announcing the bill, called the Cybersecurity and American Cyber Competitiveness Act of 2013.
The new bill outlines legislative intent but does not provide any specific solutions beyond some recommendations to improve collaboration between the private sector and the federal government.