WASHINGTON — The mysterious caller claimed to be from Microsoft and offered step-by-step instructions to repair damage from a software virus. The electric power companies weren’t falling for it.
WASHINGTON — The mysterious caller claimed to be from Microsoft and offered step-by-step instructions to repair damage from a software virus. The electric power companies weren’t falling for it.
The caller, who was never traced or identified, helpfully instructed the companies to enable specific features in their computers that actually would have created a trapdoor in their networks. That vulnerability would have allowed hackers to shut down a plant and thrown thousands of customers into the dark.
The power employees hung up on the caller and ignored the advice.
The incident from February, documented by one of the government’s emergency cyber-response teams, shows the persistent threat of electronic attacks and intrusions that could disrupt the country’s most critical industries.
The House this coming week will consider legislation to better defend these and other corporate networks from foreign governments, cybercriminals and terrorist groups. But deep divisions over how best to handle the growing problem mean solutions are a long way off.
Chief among the disputes is the role of the government in protecting the private sector.
The U.S. Chamber of Commerce and other business groups oppose requiring cybersecurity standards. Rules imposed by Washington would increase their costs without reducing their risks, they say.
Obama administration officials and security experts say companies that operate power plants, communication systems, chemical facilities and more should have to meet performance standards to prove they can withstand attacks or recover quickly from them.
The rift echoes the heated debate in Washington over the scope of government and whether new regulations hamper private businesses.
Homeland Security Secretary Janet Napolitano said Friday that without standards for critical industries, there will be gaps U.S. adversaries can exploit. “That system, which is mostly in private hands, needs to all come up to a certain baseline level,” she said.
The proposed formation of a system that allows U.S. intelligence agencies and the private sector to share information about hackers and the techniques they use to control the inner workings of corporate networks also is contentious.
Civil libertarians and privacy advocates worry a bill written by the Republican chairman and top Democrat on the House intelligence committee would create a backdoor surveillance system by giving the secretive National Security Agency access to private sector data.
The agency, based at Fort Meade, Md., is in charge of gathering electronic intelligence from foreign governments but is barred from spying on Americans. Army Gen. Keith Alexander, the NSA’s director, also heads the Pentagon’s Cyber Command, which protects military networks.
Intelligence agencies say the bill grants no new power to the NSA or the Defense Department to direct any public or private cybersecurity programs. But committee leaders said they are open to making changes to ease privacy concerns as long as the alterations don’t undermine the goals of the bill.
Businesses including Facebook and the Edison Electric Institute support the bill because it leaves it to individual companies and industries to decide how best to prevent attacks.
House Republicans last week scaled back a separate piece of legislation that would have given the Department of Homeland Security and other federal agencies responsibility for ensuring that critical industries met security performance standards. But those requirements were dropped from the bill during a meeting of the House Homeland Security Committee.
The GOP-led House appears to be heading for a showdown with the Democratic-run Senate over an approach on cybersecurity.
A bill sponsored by Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, would give Homeland Security the authority to establish set security standards. Their bill is backed by the Obama administration but it remains stalled in the Senate.
The legislation faces stiff opposition from senior Senate Republicans.