White House wages mock cyberattack on NYC to push security bill


Senior White House officials late Wednesday held a mock cyberattack on New York City’s power grid for a group of US senators, as part of the Obama administration’s push for a new cybersecurity bill. If passed, the legislation would give the federal government greater control over the nation’s critical computer infrastructure.

While most information on the demonstration remains classified, reports indicate that the mock scenario showed how the federal government could respond to an attack on the NYC electrical system during a heat wave, when the network is overloaded by air conditioners, and most vulnerable.

Between 25 and 30 senators from both parties attended the private demonstration, which was carried out by Homeland Security Secretary Janet Napolitano, and FBI Director Robert Mueller, Deputy Attorney General James Cole, National Security Agency Director Gen. Keith Alexander, and several top terrorism and cybersecurity officials.

“The classified scenario was intended to provide all Senators with an appreciation for new legislative authorities that could help the U.S. Government prevent and more quickly respond to cyber attacks,” said Caitlin Hayden, a spokesperson for the White House National Security Council, as quoted by The Hill. “Only Congress can modernize our underlying laws and give us the full range of tools our cybersecurity professionals need to more effectively deal with this growing and increasingly sophisticated threat, including risk-based performance standards to ensure the nation’s most vital of critical infrastructure systems meet a baseline level of security. As the President emphasized in the State of the Union, we need Congress to act swiftly to provide the authorities we need to protect the nation’s critical infrastructure from the growing danger of cyber-threats.”

The 205-page bill being pushed by the White House, called the Cybersecurity Act of 2012 (officially S. 2105), was introduced by Sen. Joe Lieberman (I-CT) and Sen. Susan Collins (R-ME), and gives the Department of Homeland Security the power to require certain private computer systems — those deemed critical to national security — to maintain “cybersecurity performance requirements.” It also establishes a system for companies and the government to more easily share information about security threats. Unlike the Stop Online Piracy Act (SOPA) or the PROTECT IP Act (PIPA), Lieberman’s bill is tightly worded, and excludes regulations on the broader Internet.

Even though the Cybersecurity Act of 2012 lacks severe the implications for the Web that SOPA or PIPA could have had, the bill does worry one group: Anonymous. After a report in the Wall Street Journal linked the hacktivist collective to “stateless” terrorist groups like al Qaeda, Anonymous has grown increasingly wary of bills that address cybersecurity and cyberattacks, Lieberman’s bill in particular.

While the demonstration appears to have convinced some senators, many Republicans argue that the bill would lack effectiveness, and put undue financial constraints on businesses. Both AT&T and Comcast, two of the largest Internet service providers (ISPs) have come out against new regulations.

“Such requirements could have an unintended stifling effect on making real cybersecurity improvements,” said Edward Amoroso, chief security officer for AT&T, during a hearing before the House on Wednesday. “Cyber adversaries are dynamic and increasingly sophisticated, and do not operate under a laboriously defined set of rules or processes.”

Sen. John McCain (R-AZ) and Sen. Kay Bailey Hutchison (R-TX) have offered a competing piece of legislation (S. 2151), which doesn’t include greater regulations, but instead encourages private companies to voluntarily share information as a way to help combat cyber threats, and offers immunity from lawsuits as an incentive for doing so. The shared data would be collected by the National Security Agency’s Threat Operations Center and the US Cyber Command Joint Operations Center, both of which are part of the military.

Though McCain’s bill may appease businesses, the legislation has triggered alarm bells among civil rights advocates.

“This is a privacy nightmare that will eventually result in the military substantially monitoring the domestic, civilian Internet,” said Michelle Richardson of the American Civil Liberties Union. “It is absolutely critical that if the government wants to collect information, it go through a civilian agency.”

A spokesperson for McCain said these concerns are exaggerated.

“Senator McCain’s priority in crafting this bill has been to make sure it strengthens our security while continuing to safeguard the privacy of consumers,” Brian Rogers, a McCain spokesperson, told Reuters. “He remains open to addressing legitimate concerns as this process moves forward.”

Senate Majority Leader Harry Reid (D-NV) said he plans to bring the Lieberman-Collins bill up for a vote as soon as possible. Sen. McCain’s bill is still in committee hearings.

Read the Lieberman-Collins bill here: pdf.

[Image via alexskopje/Shutterstock]