The Threat Is Real and Must Be Stopped

The threat of a cyber attack on our electric grid, water supply system, financial networks, or oil and gas lines is anything but hype. I have been concerned about this threat for years, and the evidence has grown exponentially that sophisticated adversaries could paralyze the nation with targeted cyber attacks on critical networks. Some have even penetrated networks in the oil and natural gas sector. That's only a few keystrokes away from causing damage.

National security experts from Republican and Democratic administrations -- privy to our best intelligence and analysis -- all agree this threat is real. So, I am mystified by claims that it is not. Free, downloadable hacking tools, like the nefariously named Metasploit and Shodan, are becoming more powerful and easier to use every year. A researcher who used one of those tools found over 10,000 industrial control systems connected directly to the internet. Many of the systems, which run critical networks like hospitals and power plants, had little to no security.

In other words, you don’t have to be a skilled techie to wreck cyber havoc, particularly since these hacking tools are readily available on the Internet. In 2010 and 2011, an unemployed, high-school dropout in New York City attacked companies like Visa, MasterCard, PayPal and Sony. Known by his online moniker “Sabu,” he also participated in attacks on computers belonging to the federal government, as well as the governments of Tunisia, Yemen, Algeria and Zimbabwe. If a dropout can manage such exploits, imagine what a well-financed hostile nation or terrorist group could do.

Many companies operating critical infrastructure have made the investment to defend their systems adequately. But many more have ignored basic protections that cost little to nothing – for example, disconnecting their industrial control systems from the internet. A study out last month found that 87 percent of small and medium businesses don’t even have written cyber security policies. General Alexander, the head of Cyber Command and the National Security Agency, has said that 80 percent of attacks can be stopped by taking basic steps – complex passwords, frequent patching -- that often cost very little.

This isn’t about pointing fingers. It’s about making our country safe. That’s why my cybersecurity bill offers incentives, like liability protections, to assist owners of critical infrastructure in reaching a level of security to protect our electricity supply, our water, our financial networks, and, in fact, our modern American way of life. Nothing less than our economic and national security is at stake.

Join Room for Debate on Facebook and follow updates on twitter.com/roomfordebate.