Cyber attacksNYC cyberattack simulation to spur Senate cybersecurity legislation

Published 12 March 2012

Last Wednesday, in an attempt to bolster support for cybersecurity legislation, the White House staged a mock cyberattack on New York City’s power supply for the Senate

Attack simulation "knocked out" power in NYC for three days // Source: mashable.com

Last Wednesday, in an attempt to bolster support for cybersecurity legislation, the White House staged a mock cyberattack on New York City’s power supply for the Senate. Bloomberg reports that Senator Susan Collins (R – Maine) said the mock attacks which took place in New York amidst a heat wave was “very compelling.”

“It illustrated the problem and why legislation is desperately needed,” said Collins, who is sponsoring a cybersecurity bill supported by President Obama.

Senators from both sides of the aisle were in attendance for the mock attack as well as DHS Secretary Janet Napolitano and FBI Director Robert Mueller along with other administration officials.

According to Lawrence Ponemon, the chairman of the cybersecurity research firm Ponemon Institute, a cyberattack that left New York without power for several weeks could have “disastrous” effects, severing communications, crashing life-saving medical equipment, and destroying critical financial infrastructure.

“I would project that you would have literally thousands of people dying,” Ponemon told Bloomberg. “A cyberattack on electrical grids that was sustained for three to four weeks would be like returning to the dark ages.”

Joe Weiss, the managing director of Applied Control Solutions, added that hackers could cause blackouts on the order of “nine to eighteen months” by disabling critical systems like transformers.

As for the financial consequences of such a prolonged blackout, “the dollars are incalculable,” Weiss said.

In August of 2003 much of the northeastern United States was left in the dark following a massive blackout. Nearly 50 million people had no power for as long as four days and a study by the U.S. and Canadian governments estimated that economic losses were as high as $10 billion.

Caitlin Hayden, a spokesperson for the White House, said in a statement that the simulated attack “was intended to provide all senators with an appreciation for new legislative authorities that could help the U.S. government prevent and more quickly respond to cyberattacks.”

The Obama administration is currently supporting the Senate cybersecurity bill introduced by Senators Collins and Joe Lieberman (I – Connecticut) on 14 February. The bill appoints DHS as the lead agency responsible for regulating critical infrastructure operators’ cybersecurity plans, but Senate Republicans have introduced a competing cybersecurity bill that is vying for passage.

Eight Republican Senators including John McCain of Arizona and Saxby Chambliss of Georgia argue that the Collins-Lieberman bill does not go far enough with its “self-reporting” measures and Senator McCain contends that placing an additional cybersecurity department within the “regulatory leviathan at DHS” would be a mistake.

Following the mock cybersecurity attack, Senator Roy Blunt (R – Mississippi) said the demonstration was “helpful because it got a whole bunch of senators thinking about the same thing at the same time.” But he was careful to note that the exercise did not persuade him to choose between the two competing Senate bills.

Senator Kay Baliey Hutchison (R – Texas), a supporter of the GOP cybersecurity bill, acknowledged the similarities between the two Senate bills but echoed McCain in her criticism of the “big new bureaucracy and regulatory scheme” that the McCain-Lieberman bill would create.