The Internet security company Symantec revealed recently that a group of hackers known as Dragonfly infiltrated malware into legitimate software belonging to three manufacturers of industrial control systems – the stuff that controls factories and power grids.
This kind of cyberattack is not new, but it is audacious and dangerous. One of the first such assaults was the Stuxnet campaign, which had sabotage as its primary goal, against the Iranian nuclear program. By contrast, Dragonfly was a multi-pronged infiltrator, aimed at cyber-espionage and gaining long-term access to computers, with sabotage as a future option. Dragonfly probably was state-sponsored from somewhere in Eastern Europe.
Not alarmed? Then take a look at a proposal from the Securities Industry and Financial Markets Association. According to Bloomberg, Wall Street’s biggest trade group has suggested setting up a high-level U.S. government-industry council to deal with cyberthreats. What do they fear? Attacks that destroy data and machines and could lead to runs on financial institutions, loss of confidence in the banking system and devastating consequences for the economy.
A torrent of cyberattacks is costing U.S. business and government billions of dollars.
For several years, it has been clear to many in government and the private sector that the nation needs to vastly improve protection of its private networks and that only government has the sophisticated tools to do that.
But Congress has balked at legislation that would ease the necessary cooperation.
Thus it was encouraging to see the Senate Select Committee on Intelligence vote 12-3 last week to approve a cybersecurity bill that would begin to bridge the gap. Its prospects in the full Senate are uncertain. A similar bill passed the House last year.
Understandably, the legislation has triggered alarms about invasion of privacy. There are legitimate fears that the National Security Agency and U.S. Cyber Command will, in pursuit of cybersecurity, scoop up too much information about Americans. Certainly, the disclosures by former contractor Edward Snowden about how much the NSA vacuumed up in telephone and Internet data have undermined confidence in the government. But this supercharged privacy debate should not stand in the way of a good cybersecurity bill. Rather, it is a reason for Congress to build in workable and sufficient privacy protections and get on with passing legislation that is long overdue.