Cybersecurity Legislation Needed to Prevent Inevitable Attack

Saturday, April 28, 2012

Dan Dieterle


Cybersecurity experts warned congress on April 24th that unless strong legislation is passed to enforce basic security standards for critical infrastructure, this country could face a major cyber attack. 

If we don’t do that this year, an attack is inevitable,” Center for Strategic and International Studies Senior Fellow James Lewis told the congressional committee.

According to an article on Government Computer News, the attacks that the public is seeing are only the “tip of the iceberg”, and it is the attacks that the public does not see that are very disconcerting.

Shawn Henry, former executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch, echoed what the NSA said a few years ago, that network operators “need to assume that they have or will be compromised”:

“The threat has reached the point that a determined adversary will access any system that is directly accessible from the network,” said Henry, who now is president of CrowdStrike Services, a cybersecurity intelligence start-up. “They will keep coming until they come in.”

The article also mentions that though China and Russia are a major concern, that are not the top threat to American networks. Lewis said, “I don’t worry about China and Russia, they aren’t going to start a war just for fun. I don’t know if we can say that for Iran and North Korea.”

Though many main stream computer security experts would counter the statement that a major attack is inevitable, the key really lays in the fact that a lot of information causing the concern is not released publicly.

Even the NSA caught a lot of flack recently about their concerns about the hacker group Anonymous. But you have to realize the NSA has access to information that the public will never see, and if they are concerned, there really has to be something to it.

U.S. networks would be much stronger if companies did enforce basic standard security procedures. But my question is why hasn’t critical infrastructure entities already implemented it?

And why would we need more legislation passed to force them to do it, when it should already be done?

Cross-posted from Cyber Arms

Possibly Related Articles:
Cyberwar Cyber Security Network Security Infrastructure legislation Congress National Security NSA
Post Rating I Like this!
e. charles sterling CISSP This concern flows with my concerns over the security levels "implemented" within the Smart Grid realm. We are a long way from being able to manage existing networks much less that of new designs of national if not global utility networks.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.