Anonymous and other affiliated hacker groups have carried out attacks on websites and released private information of thousands of people in the past as retaliation for the U.S. government’s treatment of Bradley Manning (aka “Chelsea Manning”).
“I don’t know that there’s a logic behind trying to punish America or American institutions for [Snowden’s] arrest, but I hold open the possibility,” Hayden said.
Current and former government officials also worry the ongoing disclosures about the National Security Agency’s secret surveillance programs by Snowden could trigger hasty actions by Congress.
The Obama administration, lawmakers, and the private sector in recent years have been negotiating how the government and industry should collaborate to protect the nation’s critical infrastructure.
Despite the emerging consensus that U.S. defenses against cyber-attacks must be improved, the conversation has stalled amid disagreements over the creation of new industry standards, privacy and liability protections, and other critical elements.
In April, the House passed a bill that would increase the sharing of information about cyber threats between the government and the private sector. In a repeat of last year’s vote on the same bill, the White House has threatened to veto it over privacy concerns and the Senate has yet to introduce similar legislation.
President Obama signed an executive order in February aimed to bolster cybersecurity protections for the nation’s critical infrastructure. The order focuses on three main areas: information sharing, privacy, and adoption of cybersecurity practices.
The presidential directive contains a set of incentives to encourage companies responsible for protecting critical infrastructure — such as the country’s electric grid, drinking water, and transportation — to adopt cybersecurity standards. Some of these incentives include collaborating with the insurance industry to provide cybersecurity insurance, expediting government services to those who put protections in place, offering federal grants, and pushing measures to limit liability, Michael Daniel, White House cybersecurity coordinator, wrote in a blog post last week.
Many of the power executives at the conference said it would be hard to make the business case for enhanced cybersecurity measures. Because of the low probability of occurring, it would be tough for power companies to justify any rate increases to finance cybersecurity measures, especially for a threat that consumers have not actually experienced yet.
Some electric utilities have proposed raising customer rates or taking other steps to recover costs of meeting the government’s demands to protect the power grid from cyber-attacks.
Making sure power generation and distribution networks are protected from hackers could represent “huge investments for companies like Exelon,” Edward Goetz, a vice president for energy provider Exelon, told Bloomberg Businessweek. “We would look for some way to recover some of those costs because this is a national security issue.”
Allowing utilities to recover some of the costs of their cybersecurity investments is also one of the incentives Daniel suggested to encourage companies to better protect their networks.
A survey conducted by Sen. Edward Markey (D-Mass.) and Rep. Henry Waxman (D-Calif.) earlier this year highlighted the threat to the electric grid. According to the report, one power utility said it already fields 10,000 attempted attacks every month.
Business executives, National Guard officers, FBI antiterrorism experts, utility workers, and officials from government agencies in the U.S., Canada, and Mexico will participate in an emergency exercise in November organized by the North American Electric Reliability Corporation (NERC).
The purpose of the drill is to explore how governments would react during an attack on the electric grid and its crippling effect on the supply chain of everyday needs. More than 150 companies and organizations have signed up to participate.