Presidential Cyber-security Policy Outlines Revolutionary Threat
On Tuesday, July 26th, United States President Barack Obama put in place a Presidential Policy Directive (PPD-441), which aims at coordinating emergency preparedness and response following any large scale cyber-security attack.
This measure, though having been in the works for several years, has recently been instituted amid large breaches in cyber-security networks in the United States, specifically the breach into Democratic candidate Hillary Clinton and her emails.
Such attacks on the cyber-security of the United States and its private and public enterprises are not new. The hacking into the Department of the Treasury and Internal Revenue Service in 2015, which lead hackers to gain access to more than 700,000 taxpayer accounts, allowed thieves to gain access to Social Security numbers, birth dates, and other personal identification data. Additionally, private companies in the United States have been vulnerable to attack; for example, when Juniper Networks – a technology company that builds software for Federal government operations – was hacked into in December of last year.
Juniper reported the incident to the Department of Homeland Security and believed that hackers had been able to gain unprecedented access to communications between the U.S. and privately contracted companies for the past three years. According to reports following an FBI investigation, the hackers had installed a ‘master key’ back door to Juniper’s supposed secure system, which ultimately gave the cyber criminals access to almost any agency that had been using Juniper software.
Though in both instances the United States government or its subsequent companies did not list or mention where the hack originated from or which individuals or entities were involved, as recent as March of 2016, the United States was able to indict seven Iranian hackers who conducted an attack on dozens of American banks between 2011 and 2013. The Iranians implicated in the crime were directly linked to their government and specific organizations within it, such as the Islamic Revolutionary Guard Corps.
These are just a few examples of the many breaches into the secure systems of the United States government or private United States companies. Ultimately, such recent instances beg the question of why significant measures are just now being implemented to prevent future attacks.
Yet, the current administration is not aiming its new PPD at directly securing United States networks from attacks, but is instead directing its plan on how to respond to more frequent and harmful hacks.
The policy initiative establishes six levels of severity for attacks; the levels of threat are color-coded and correlate to the proceeding Federal response. The directive’s guidelines, which place the Department of Justice, Department of Homeland Security, and Office of the Director of National Intelligence in control, can be be triggered in the event of an attack likely to affect public health, safety, economic, or national security. This could mean that prior hacks into American Banks, political officials’ emails, or the IRS warrant a major coordinated response by the U.S government.
In releasing the policy directive, Lisa Monaco, President Obama’s homeland security and counter-terrorism adviser, indicated that the United States is on the cusp of a major cyber attack, one that is near “revolutionary.” She even indicated that threats to U.S. cyber networks from state actors are becoming more aggressive and sophisticated, specifically from China and Russia, and that the threats to the United States networks are becoming more diverse by the day.
The policy itself also discusses the United States’ response to a level-five hack, which constitutes any emergency that poses an “imminent threat” to critical infrastructure, government stability, or U.S. lives. This particular kind of hack could occur to the United States electric grid through the hacking of protective relays that shield motors and generators from faulting large sources of power. Joseph M. Weiss, an international cyber-security authority, recently discussed the vulnerability of these relays to being hacked and the potential that they could pose such an imminent threat. If breached, such as when Iranian hacked the hydroelectric dam in March, the access to protective relays would enable entities to shut down large sectors of power across the United States.
If Weiss is correct, the entirety of the United States infrastructure is at risk. The control of operational systems that enable power throughout thousands of U.S cities could be shut down in mere seconds. Similarly, any breach that could remotely control the operational supply of gas, electricity, and water to hundreds of millions of Americans would allow enemies of the United States to dismantle the country from the inside out.
Though President Obama has previously instituted cyber security measures through policy directives, July 26th PPD gave new indications of the dire nature of U.S online security. And it outlined the probability of future catastrophic hacks on United States critical infrastructure, some that could be so sophisticated that they are currently in place without the U.S government’s knowledge.
- Ukraine Anticipating Russian Offensive - August 9, 2016
- Pakistani Taliban Kills Dozens in Hospital Bombing - August 9, 2016
- Iran Executes Nuclear Scientist - August 8, 2016