Is the U.S. Congress Capable of Passing Cyber Security Legislation?

Power Substation outside Denver, COProbably not, barring a major crisis. Until then, Americans will have to rely on vendors’ voluntary efforts to keep the national infrastructure safe.

25 Vulnerabilities in U.S. Power and Water Systems

Last fall, researchers found over two dozen cyber vulnerabilities in the software running the “critical infrastructure systems of the United States.

What do we mean by critical infrastructure, exactly? The Patriot Act defines that phrase as the “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of [which] would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

Water and power definitely qualify.

The weaknesses were discovered in the Supervisory Control and Data Acquisition (SCADA) systems that vendors use to administer U.S. power substations and water systems. Attackers exploiting these could, for instance, “crash a system or send the master server into an infinite loop, preventing operators from monitoring or controlling operations” (source). That’s just one example.

This is not an unanticipated problem. Two years ago (2011), Director of Symantec Global Intelligence Network Dean Turner said that “businesses and governments around the world should be very aggressive in their efforts to promote and coordinate protection of critical industry cyber networks.”

More recently, Matt Rhoades, director of the cyberspace and security program at Truman National Security Project, floated the idea of passing legislation to do just that.

To make his case, he simulated a series of crises in which “a major cyberattack hits two generators in Florida on 4 April 2015, disrupting power in Coral Springs and St. Augustine, Florida; leading to multiple deaths and millions of dollars lost. A month later, Congress is tasked with presenting a bill to the president to fix the vulnerability, but political gridlock, media histrionics, and aggressive lobbying from industry makes passage of a bill unlikely.”

In the end, however, “Rhoades told Defense One that it seems unlikely that Congress will pass a major bill on cybersecurity without a crisis” (emphasis ours).

What kind of crisis would that take?

Good question.

Security matters. That’s why Netop lets you set granular permissions for hundreds to thousands of vendors, so no one can perform an operation that you didn’t authorize. Click to learn more.

Leave a Reply