Anonymous Set to Do Real Damage?
Report: Gen. Keith Alexander Fears Attack on Electric GridIs Anonymous in search for some respect?
See Also: Webinar | Prisma Access Browser: Boosting Security for Browser-Based Work
Gen. Keith Alexander, who has the dual-hatted jobs as National Security Agency director and military cybercommander, reportedly says the hacking collective known as Anonymous might target the United States electric grid in the next year or two to earn the respect it feels it hasn't received from the government and business establishment.
In private meetings at the White House and elsewhere, Alexander said he's worried that Anonymous could develop the capability in the next year or two to disrupt the United States power grid, according to a Feb. 21 story in the Wall Street Journal.
"The thinking isn't that [Anonymous] would do it because they're trying to create a national security emergency, but more because they think that would be a prank or a way to show that they have more potency than they've been given credit for," the story's reporter, Siobhan Gorman, says in an interview.
Anonymous is famous - or infamous, depending on your viewpoint - for distributed denial of service attacks that have shuttered temporarily scores of government and business websites as well as infiltrating government and business servers, exposing passwords and personally identifiable information. But, Anonymous isn't known to cause the significant harm inflicted by digital spies who pilfer government, military and trade secrets, something hackers from China are accused of doing.
The revelation of Alexander's jitters comes at a time when Congress is divided over how the government should protect the nation's critical IT infrastructure that's mostly owned and operated by business.
At a Senate hearing last week on the just-introduced Cybersecurity Act of 2012, Sen. John McCain said he and the ranking Republican members of committees with IT security oversight will shortly introduced their own legislation that would be less burdensome on the businesses that operate the vital networks that control the flow of energy, transportation, money and other stuff society depends on to function [see Partisan Showdown over Cybersecurity].
The Cybersecurity Act would have critical infrastructure business owners define the security standards they should implement and the government would be poised to enforce them. Opponents, including the United States Chamber of Commerce, fear the processes the bill delineates could evolve into onerous regulations. Besides, opponents ask, who but these network operators know how best to protect them? Not government bureaucrats, they answer.
Still, some highly regarded IT security policy experts contend the legislation isn't tough enough, arguing the private sector in assessing the risk of cyberattacks may consider the impact on their own enterprises but not necessarily the harm they could impose on the greater society.
With the debate over cyber regulation heating up, was the leaking of Alexander's views intentional, perhaps to build support for tough regulations, far more stringent than the legislation proposes? After all, the White House and top military leaders back the Senate bill. Creating public anxiety over the security of vital networks could build support for a stronger role of government in determining how best to protect the critical infrastructure.
Till now, developing cybersecurity legislation had been mostly a bipartisan pursuit, a different tone than that of other lawmaking. Let's hope the respect all sides have shown one another in this debate so far doesn't get lost to partisan bickering, and a workable compromise can be found on how to assure business secures the nation's critical infrastructure.