In an interview with Reuters, former National Security Agency Director Mike McConnell claimed that the US has already used cyber attacks against an adversary successfully. And it's just a matter of time before someone unleashes cyber attacks on US critical infrastructure, he warned.
McConnell didn't spell out who exactly the US had attacked with its offensive capabilities. However, RT.com reports that security experts have "all but confirmed" that the US was at least partially behind the Stuxnet worm that damaged Iran's efforts to enrich uranium, working in concert with Israel.
Now a vice-chairman at Booz Allen Hamilton and leading the firm's cyber work, McConnell is on a campaign to raise awareness of the threat of such attacks being used against the US. "There will be a thousand voices on what is the right thing to do," he told Reuters. And, he added, it will likely take a crisis to achieve consensus—a consensus that would arrive too late.
Booz Allen has a major footprint in the Defense Department, and recently launched a "Cyber Solutions Network" service targeted at helping commercial and government clients build defenses against the sorts of network penetration, exploitation and espionage that McConnell says US intelligence and military are capable of conducting. According to McConnell, the US, Britain, and Russia all have well-developed capabilities when it comes to gaining access to electronic communications such as e-mail without being detected. But he added that the NSA and other agencies conducting surveillance of emerging threats on the Internet are currently "powerless to do a thing" to assist private companies outside of the defense industrial base when they discover threats, "other than to issue a report."
A bill approved by the House Permanent Select Committee on Intelligence in December, the Cyber Intelligence Sharing and Protection Act (H.R. 3523), would give intelligence agencies permission to share classified information on cyber threats with "approved American companies." It doesn't, however, authorize intelligence and defense agencies to provide protection against those attacks. A broad cyber-security bill is expected to be introduced in the Senate later this year.
reader comments
30