menu

In the World of Cyber Security, It's Go Time

Once again, America is officially under attack. According to multiple reports, including an “incident response” report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), U.S. natural gas pipeline companies are at the center of a major cyber attack campaign. The campaign may have begun as early as last December and continues to move full speed ahead.

Centered around an attack vector known as “spear phishing,” the campaign being waged on natural gas pipeline companies threatens an infrastructure that ensures the reliable delivery of more than 25 percent of our national energy supply – now that is a problem.

The question now is: What are we going to do about it?

While I’m certain that some in Congress will use this latest cyber attack campaign as fodder to further their cyber security legislation, I do not believe we can legislate our way out of this problem.

These attacks aren’t coming because of any real or perceived lack of cyber security protocols in the private sector. The attacks are coming because we allow countries like China to use cyber space to lie to us, steal from us, cheat us and even physically harm us without consequences or repercussions. It has to end.

If Congress wants to do something productive to address cyber security, it should work (along with the Administration) to establish deterrents that will make countries like China think twice before taking our lunch. Two such deterrents could include:

  1. Banning businesses that are headquartered in countries that hack into our CIKR networks from competing on projects in the U.S. sectors where American networks have been compromised or attacked.
  2. Instituting economic sanctions (equaling up to 10 times the costs of the financial implications of a given cyber attack) on any foreign country attacking America or her industries.

In short, Congress should stop legislating the private sector as a means to giving the nation the illusion that it’s doing something about cyber security. Instead, it should do something to prevent future attacks and actually bring perpetrating countries to justice.

L. Vance Taylor has worked to advance the mission of homeland security on Capitol Hill and in the private sector. One of only approximately 250 people in the nation with a Master’s degree in Homeland Security, Mr. Taylor combines specialized educational training with real-world experience to leverage successful outcomes for clients and stakeholders. Read More
  • http://twitter.com/merlyn Randal L. Schwartz

    If the attack is coming from “spear phishing”, the real solution is hardening the cyber borders. First, ban the use of Windows in all command and control computing systems, including the offices of the employees. Second, educate the employees to distrust the source of “too good to be true” email.