Al Qaeda cyber attack video shows urgent need for protections, says Sen. Lieberman
An Al Qaeda-produced video uncovered by the FBI that calls for cyber attacks on U.S. infrastructure shows the urgent need for Cyber security standards, said the leaders of the Senate Homeland Security Committee.
The video calls for attacks on a range of online targets, from sophisticated attacks on the systems that run electrical grids to primitive distributed denial of service attacks on media Websites. Sen. Joseph Lieberman (I-CT), chairman of the Senate Homeland Security and Governmental Affairs Committee, released it widely on May 22.
The video, he said, was obtained by the FBI last year through open sources.
It calls on the “covert Mujahidin” to commit “electronic jihad,” and according to Lieberman, underscores the need for Cyber security standards for the nation’s most critical networks. Lieberman and Sen. Susan Collins (R-ME) authored the Cyber security Act which is backed by the White House, but contains provisions that face stiff opposition in Congress. It would draft the Department of Homeland Security to enforce Cyber security standards for critical infrastructure and ask corporations to share information on electronic attacks among themselves and with government authorities.
Cyber attacks on industrial control systems (ICS) at critical infrastructure facilities, particularly water and energy plants, have already skyrocketed in the last two years as attacks from state-sponsored, criminal and amateur hackers alike try to force their way in, said members of the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at an April government security conference in Washington D.C. Kevin Helmsley, vulnerability handling lead for ICS-CERT said in a panel discussion at the event that ICS-CERT has recorded a 300 percent increase in vulnerability disclosure reports from water and power companies since 2008, from nine incidents then to 198 in 2011.
Lieberman said DHS received more than 50,000 reports of cyber intrusions or attempted intrusions since October last year, an increase of 10,000 reports over the same period the previous year. Recent attacks on natural gas pipelines also underscore the vulnerability of critical infrastructure, he said.
The video calls for cyber attacks against the networks of both government and critical infrastructure companies, including the electric grid, and compares vulnerabilities in U.S. critical cyber networks to the vulnerabilities in the aviation system before the 9/11 attacks. It notes previous attacks in 2000 by Canadian high school student Michael Calce, also known as“mafia boy,” and a 2007 attack on U.S. government sites as models for electronic mayhem.
Calce, a “script kiddie,” launched brute-force DDOS attacks on Yahoo, Amazon and Dell that showed commercial networks were largely unprepared to deal with electronic assaults. The more sophisticated attacks on U.S. government defense and high tech sites in 2007 resulted in the pilfering of Terabytes of information by unknown electronic assailants.
Lieberman said the video was the clearest evidence that Al Qaeda and other terror groups are taking aim at critical infrastructure targets and called for Congress to act on Cyber security standards.