Cyber-Attackers Aim at Critical Infrastructure, Homeland Security Department Says
Cyber-attacks have already come close several times to shutting down parts of the country's critical infrastructure, according to the U.S. Department of Homeland Security Secretary.
The number of cyber-attacks on financial systems, transportation and other networks is growing, Secretary Janet Napolitano said at an Oct. 28 event on cyber-security in Washington, D.C. hosted by The Washington Post. When asked how many attacks may have occurred during the course of the 45 minute question-and-answer session at the event, Napolitano told the audience, "Thousands."
Some cyber-assaults had come close to crashing key infrastructure. There have been attempts on Wall Street, transportation systems, and "things of those sorts," Napolitano said. The Wall Street attack may be a reference to an attack on the Nasdaq stock exchange a year ago.
"I think we all have to be concerned about a network intrusion that shuts down part of the nation's infrastructure in such a fashion that it results in a loss of life," Napolitano said, noting that it was still theoretical and there hasn't been any deaths yet as a result of these attacks.
In fiscal year 2011, the United States Computer Emergency Readiness Team responded to more than 100,000 incident reports and released more than 5,000 actionable cyber-security alerts and information products, she said.
Department of Homeland Security networks have been probed by adversaries attempting to breach systems. Napolitano declined to discuss the specifics of the intrusion.
Congress needs to act to enact legislation to protect critical infrastructure, Napolitano said. One of the problems facing the United States in defending against cyber-attackers is the fact that current international law, rules of conflict and government policies have not really kept up with the changes in cyber-threats.
The Obama administration has released a proposal in May outlining how the private sector should work with DHS to develop cyber-security plans to protect critical infrastructure. The proposal also includes requirements for a federal data breach notification law and a call for tougher penalties for computer crimes.
There are several cyber-security bills in both houses of Congress focusing on critical infrastructure in circulation, none of them have reached the floor yet. Congressional observers are not sure if they would come up for a vote this legislative session.