by Staff Writers
Washington (UPI) Jul 25, 2012
Ambitious new U.S. legislation to fight cybercrime and cyberterrorism is at risk from revisions that may water it down so much that it is no longer effective, critics say.
The revised cybersecurity bill introduced in the U.S. Senate has drawn criticism for being too soft on the corporate sector, which is likely to be let off easily on what are basically compliance issues, analysts said.
In previous versions of the Cybersecurity Act, businesses and the corporate sector at large were put under various obligations to ensure security of their systems against cybercrime and cyberterrorism.
But Republican objections made those provisions unsustainable and further changes eliminated those clauses.
Security analysis and numerous expert assessments over the past two years have maintained that businesses that run the power grid, gas pipelines, water supply systems and other critical infrastructure elements are most at risk from hostile action aiming either to disable their computer systems or manipulate those systems with adverse outcome.
In earlier versions of the bill the corporate firms were required to meet certain levels of security and, failing that, were warned of penalties.
The lawmakers insist the bill can still be effective but critics within Congress and outside it say they aren't so sure.
In March, National Security Agency chief Gen. Keith Alexander warned Congress the law needed to have more clout because operators of critical infrastructures didn't follow even basic security procedures like updating software.
The U.S. Industrial Control System Cyber Emergency Response Team reported last month computer systems running critical infrastructures were hacked nearly 200 times -- more than four times the reported frequency of attacks recorded for 2010.
U.S. President Barack Obama said last week Congress must pass the bill to address cyberthreats to the country's infrastructure.
In an op-ed in The Wall Street Journal, Obama said "critical infrastructure networks" haven't been disrupted or damaged but "foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day."
"Last year, a water plant in Texas disconnected its control system from the Internet after a hacker posted pictures of the facility's internal controls," he said. "More recently, hackers penetrated the networks of companies that operate our natural-gas pipelines. Computer systems in critical sectors of our economy -- including the nuclear and chemical industries -- are being increasingly targeted."
Obama said an adversary "in a future conflict" might compensate for battlefield military inferiority by exploiting "our computer vulnerabilities here at home."
"Taking down vital banking systems could trigger a financial crisis," the president said. "The lack of clean water or functioning hospitals could spark a public health emergency. And as we've seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill."
Obama said his administration has made cybersecurity a priority, "proposing legislation to strengthen our nation's digital defenses. It's why Congress must pass comprehensive cybersecurity legislation."
"We need to make it easier for the government to share threat information so critical-infrastructure companies are better prepared," he said. "We need to make it easier for these companies -- with reasonable liability protection -- to share data and information with government when they're attacked. And we need to make it easier for government, if asked, to help these companies prevent and recover from attacks."
While the cybersecurity bill awaits passage, some corporate initiatives are addressing the threat. Northrop Grumman and Areva Inc. announced they are working to provide cybersecurity support for U.S. nuclear facilities.
The companies said the pairing, in response to the U.S. Nuclear Regulatory Commission's call for cybersecurity protections, will combine Northrop's cybersecurity capabilities with Areva's extensive regulatory experience to help the industry meet the commission's regulatory requirements.
"Protecting the U.S. nuclear power infrastructure from exploitation and attacks of networks, systems, information and physical assets is an industry concern," said Tom Franch, senior vice president of reactors and services, Areva Inc.
This October will see the third annual observance of Cybersecurity Awareness Month.
Cyberwar - Internet Security News - Systems and Policy Issues
Comment on this article via your Facebook, Yahoo, AOL, Hotmail login.
Finnish firm says new cyber attack may have targeted Iran
Helsinki (AFP) July 25, 2012
A scientist claiming to work for the Atomic Energy Organisation of Iran told a Finnish cyber-security group that Tehran's nuclear programme had been the victim of a new cyber attack, the group said Wednesday. Mikko Hypponen, the research head for the Finnish firm F-Secure, said he received a series of emails over the weekend from Iran. "The only thing we can confirm is that these emails ... read more
|The content herein, unless otherwise known to be public domain, are Copyright 1995-2012 - Space Media Network. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA Portal Reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement,agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement|