Last February a mysterious caller said that he was from Microsoft. This caller offered step-by-step instructions to fix the damage caused by a software virus. The electric power companies he called did not fall for the trick.
It turned out that the caller helpfully stepped the companies through processes in their computers, which would have actually helped create a trapdoor in the companies’ security networks. The resulting vulnerability would have enabled hackers to shut down a power plant and cause massive blackouts. The caller was never identified or traced.
The power employees the caller contacted merely hung up on the caller and ignored his advice.
The incident above, documented by a branch of the government’s cyber-response emergency units, highlights the persistent threat posed by intrusions and electronic attacks that could harm the country’s key industries and infrastructure.
The US House of Representatives is currently considering new legislation that will do a better job of defending public infrastructure and corporate networks from threats posted by terrorist groups, cybercriminals, and foreign governments. Still, there are deep divisions existing on how to best handle growing cyber security problems. All this means that solutions are quite a ways off.
One key area that needs resolving is determining the proper role of the government in protecting the private sector from cyber threats. The US Chamber of Commerce and other business advocacy groups oppose government required cybersecurity standards. They claim that rules issued and mandated by Washington would boost their costs without necessarily reducing the cyber threat risks they face.
The Obama administration’s position is that companies which operate sensitive and crucial infrastructure like chemical facilities, communication systems, power plants, and similar infrastructure should have to meet certain security performance standards to show that their systems can withstand attacks or quickly recover from such attacks.
The division over this issue is a classic issue that revolves around whether regulation is excessive and hampers private business. The head of Homeland Security, Janet Napolitano, said that the absence of standards for critical industries poses key gaps US enemies can exploit. Since the system is outside of the government’s hands, she argues that the private players should all meet certain baseline standards. This is not the only bone of contention among interested parties. Another are causing debate is the proposed formation of a system which will allow US intelligence agencies to share information with the private sector regarding hackers and the means they use to gain control over corporate networks.