Here’s something worth reading. I am only displaying the first three paragraphs of a fairly indepth piece of reporting.
By Mark Clayton writing in the Christian Science Montior.
A major cyber attack is currently underway aimed squarely at computer networks belonging to US natural gas pipeline companies, according to alerts issued to the industry by the US Department of Homeland Security.
At least three confidential “amber” alerts – the second most sensitive next to “red” – were issued by DHS beginning March 29, all warning of a “gas pipeline sector cyber intrusion campaign” against multiple pipeline companies. But the wave of cyber attacks, which apparently began four months ago – and may also affect Canadian natural gas pipeline companies – is continuing.
That fact was reaffirmed late Friday in a public, albeit less detailed, “incident response” report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an arm of DHS based in Idaho Falls. It reiterated warnings in the earlier confidential alerts made directly to pipeline companies and some power companies.
During the House of Representatives so-called Cyber Week there was disagreement regarding the nature of the cyber threat. Following is a recent Richard Clark quote differentiating an acute threat from a chronic threat:
People keep asking, well, do we have to have a cyber Pearl Harbor in order for people to do the right thing? Implicit in that question is sort of a hope that that will happen and then maybe we’ll fix everything. I don’t know that there ever will be a cyber Pearl Harbor. What I do know is that we’re suffering the death of a thousand cuts in the little Pearl Harbors that are happening every day, where cyberespionage and cybercrime are having a huge cumulative and negative effect. The theft of research and development information, the theft of intellectual property, the theft even of transactional data is giving huge economic advantage to our competitive opponents in other countries. If we all sit around waiting for the apocalypse to do something appropriate on cybersecurity, it may never happen and we may never solve the problem.
… it was the report’s findings about cybersecurity that appeared to be the most troubling, and they continued a drumbeat from the Obama administration about the need for Congress to pass legislation giving the Department of Homeland Security the authority to regulate computer security for the country’s infrastructure.
The report said that cybersecurity “was the single core capability where states had made the least amount of overall progress” and that only 42 percent of state and local officials believed that theirs was adequate.
I hope HLSWatch readers will take the time to read the NPR. I would welcome your comments, concerns, or more here. How should we read it? What are the major take-aways? What are the major questions raised? What should we do with it? What can we do with it? If there is a delta between should and can, what does that tell us?