Senator Warns that Cybersecurity Threats are "Anything But Hype"

Anthony Freed
By | October 18, 2012

Posted in: Network Security Trends

As Congress ponders the prospect of taking up cybersecurity legislation again during the post-election lame duck session, Senator Joseph Lieberman has unleashed some trenchant rhetoric in a New York Times Op/Ed piece which chides his colleagues for legislative inaction on what he considers to be a national security priority.

Lieberman, who chairs the Senate Homeland Security and Governmental Affairs Committee, denounced naysayers who seek to downplay the eminent threat to critical systems and who continue to delay action on the myriad of cybersecurity bills that have been proposed, writing that "national security experts from Republican and Democratic administrations -- privy to our best intelligence and analysis -- all agree this threat is real. So, I am mystified by claims that it is not."

Chief among the Senator's concerns is the state of security for systems that control critical infrastructure. Industrial Control Systems (ICS), which include supervisory control and data acquisition (SCADA) networks, administer operations for production centers such as manufacturing facilities and utilities.

"The threat of a cyber attack on our electric grid, water supply system, financial networks, or oil and gas lines is anything but hype. I have been concerned about this threat for years, and the evidence has grown exponentially that sophisticated adversaries could paralyze the nation with targeted cyber attacks on critical networks," Lieberman writes.

The Senator lambasted the availability of powerful tools like Metasploit, a favorite of network penetration testers which can be re-purposed for exploitation of system vulnerabilities, and the Shodan computer search engine, which is used to identify insecurities in SCADA systems that are inexplicably connected directly to the Internet. Easy access to these kinds of tools, Lieberman maintains, has lowered the technical savvy required to engage in malicious activities that threaten sensitive networks.

"You don’t have to be a skilled techie to wreck cyber havoc, particularly since these hacking tools are readily available on the Internet," Lieberman said. "In 2010 and 2011, an unemployed, high-school dropout in New York City attacked companies like Visa, MasterCard, PayPal and Sony... he also participated in attacks on computers belonging to the federal government, as well as the governments of Tunisia, Yemen, Algeria and Zimbabwe. If a dropout can manage such exploits, imagine what a well-financed hostile nation or terrorist group could do."

Lieberman had co-sponsored the comprehensive Cybersecurity Act of 2012 along with Susan Collins, John D. Rockefeller IV, and Dianne Feinstein. The bill was blocked late this summer, but Lieberman is adamant that Congress needs to act sooner than later to pass legislation that incentivizes the securing of systems vital to the nation in order to prevent an event of catastrophic proportions.

"This isn’t about pointing fingers. It’s about making our country safe. That’s why my cybersecurity bill offers incentives, like liability protections, to assist owners of critical infrastructure in reaching a level of security to protect our electricity supply, our water, our financial networks, and, in fact, our modern American way of life. Nothing less than our economic and national security is at stake," Lieberman concluded.

You May Also Be Interested In: