Government alarm over cyberattacks validated by terrorists

It is not just federal government intelligence officials who are warning of terrorist or hostile nation-state cyberattacks on U.S. defenses or critical infrastructure. It is terrorists themselves.

A video obtained about a year ago by the FBI, purportedly from al Qaeda, is being circulated by supporters of legislation in the U.S. Senate that would let the government regulate the computer security of critical industries, such as the electric power grid.

The video exhorts al Qaeda followers -- the "covert Mujahidin" -- who have the skill to commit "electronic jihad" -- launch cyberattacks on U.S. and other Western targets. Sens. Susan Collins, R-Maine, and Joseph Lieberman, I-Conn., the lead sponsors of the Cybersecurity Act, told Fox News that they had learned of the video just a week ago.

"It's essentially instructing anybody who's sympathetic with al Qaeda's ideology to engage in cyberattacks, and the tape is telling them how easy it is to do so," Collins told Fox.

Lieberman, in a statement on the website of the U.S. Senate Committee on Homeland Security and Government Affairs, says the video means, "Congress needs to act now to protect the American public from a possible devastating attack on our electric grid, water delivery systems, or financial networks. I urge the Majority Leader to call up for debate and a vote the bill that Senators Collins, Rockefeller, Feinstein, and I authored to set those standards."

The video tells followers that the U.S. is as vulnerable now to cyberattacks as its airlines were in 2001. And Lieberman and others have pointed out the obvious - it doesn't take an army, navy and air force to launch a cyberattack. All it takes is superior hacking skills. It calls for attacks on both infrastructure and media targets.

The video also includes a U.S. television clip featuring cyber analyst James Lewis and former Navy admiral and past head of both the National Security Agency and director of National Intelligence Mike McConnell discussing the vulnerabilities of government and private networks.

McConnell has been preaching that message consistently. At a panel on cyberespionage at the Bloomberg Link Cyber Security Conference in April, expressed the need for government and industry to cooperate with information sharing, since cyberattacks occur at light speed. "If you're going to be successful, you have to see it and react in milliseconds," he said. "It's about 30 milliseconds from Tokyo to New York."

But he was pessimistic about Congress passing legislation. "That debate will only end when a catastrophic attack occurs," he said. "Those bills [in Congress] are necessary, but not enough. We're going to talk but not act, sufficiently."

The Lieberman-Collins bill is backed by the White House but opposed by Republicans in Congress, who complain that it calls for too much regulation on business.

Meanwhile, Government Security News reports that at an April government security conference in Washington D.C., Kevin Helmsley, vulnerability handling lead for the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), said, "ICS-CERT has recorded a 300% increase in vulnerability disclosure reports from water and power companies since 2008, from nine incidents then to 198 in 2011."

Read more about global security in CSOonline's Global Security section.

Hundreds of medical professionals targeted in multi-state tax scam

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Fraud Management Solutions

Reduce fraud losses regardless of channel by preventing cybercrime, identity theft, and other threats targeting your customers.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.