Cybersecurity
Using only a few computers,
researchers at the federal Idaho National Laboratory
managed to launch a cyberattack
that crippled an electricity generator earlier this year.
The test, performed on a replica of
common power plant control systems
that operate over the Internet,
tricked the machine into operating at levels
that caused it to smoke and then destroy itself.
Funded by the Department of Homeland Security (DHS),
this was an unsettling demonstration
of how vulnerable America's
critical infrastructure is to online assaults.
As early as this week,
the federal government is expected
to request significant new funding
to strengthen its cybersecurity efforts.
Under a new initiative,
a broad set of federal agencies
would coordinate the monitoring
and defense of government networks,
as well as private systems
that operate key services like electricity,
telecommunications, and banking.
But officials are divided over
how much of the program,
which will be run by DHS,
to discuss publicly because of the sizable involvement
of U.S. intelligence agencies.
The sensitivity also reflects
how officials increasingly view cybersecurity
as a national security concern,
with threats coming not only
from whiz-kid hackers
but also foreign intelligence agencies
and militaries.
The nation's computer networks
"are under persistent attack now,"
warns Joel Brenner,
the nation's top counterintelligence official.
In just the past year,
officials reported that the number of cyberattacks
on government computer networks
more than doubled.
"The adversaries are becoming more swift,
more focused, and more sophisticated
in their attempts to exploit our vulnerabilities,"
says a DHS source. But in some ways,
the private networks
that operate critical infrastructure
could be even more vulnerable.
"There is no government entity
that can require cybersecurity controls be put
in place in the private sector,"
says Rep. Jim Langevin,
chairman of a House cybersecurity subcommittee.
Currently, the government's leading experts
in cybersecurity,
who work at the supersecret National Security Agency (NSA),
are responsible only for guarding classified networks.
As first reported in the Baltimore Sun,
the new effort envisages expanding
NSA's cyberdefense efforts
to unclassified government systems
and private industry.
The proposal, however,
has sparked some concerns about privacy,
because defending networks is
such an invasive process.
"In order to defend the cyberspace on
which these critical systems depend,
we have to be able to both monitor
nd control them,"
says Sami Saydjari, a former NSA official
who runs the Cyber Defense Agency,
a private consulting firm.
"That's an intelligence system,
and one could use that intelligence system
for good or for evil."