If Phishing Email Can Kill NY Power Grid, Lack Of Cybersecurity Legislation Is Not The Problem

from the oh-come-on dept

During a classified briefing in the Office of Senate Security, Homeland Security Secretary Janet Napolitano and White House counterterrorism adviser John Brennan showed lawmakers how a hacker could breach control systems of the city’s electric system and trigger a ripple effect throughout the population and private sector, according to a source familiar with the scenario.



“The fact that we could be subject to a catastrophic attack under the right circumstances and we now know some of the things that would help us to protect against such an attack, that’s why it’s important now for the Congress to take this up,” Napolitano said in an interview with POLITICO.

During the simulation, the hacker gains access to the electric supply’s control system through a simple “spearphishing” attack, in which a worker merely clicks on a link in an email that appears to be from someone they know.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

We've been talking about the faux urgency to pass some cybersecurity legislation coming from the federal government, with plenty of fear mongering from politicians who never seem to want to point out anybasis for why we need such new laws. Instead, it's all been about Hollywood movie script-style scenarios about planes falling from the skies . It appears that the White House is heavily involved in this bogus fear mongering as well, having recently set up a "simulated cyberattack on New York City's power supply" to convince elected officials to move forward on the legislation.Now that's interesting. Justcould a hacker breach control systems of the power grid? Apparently withUm, there's your problem. If the NYC power grid is attached to the public internet in such a way that it can be taken down, then um,? This isn't about cybersecurity, this is about common sense, where things like the power grid should not be accessible via the internet -- and I'm pretty sure(back here in reality). But in the world where we need fear, uncertainty, doubt and the ability for the federal government to spy on private networks, we have to pretend such a scenario is likely.Of course, I also question why the White House chose NYC as the showcase for the simulation and suggested that there would be deaths and other massive harm from such a power grid takedown. After all, it was just about a decade ago that the power grid in the Northeast did, in fact, fail . It was an inconvenience for many people, certainly, but it was hardly damaging in the way the White House seems to have implied with this scare tactic.So, once again, can we take a step back and ask some simple questions: what's thethreat and therisk here? If it's that the NYC power grid is accessible by a simple password over the public internet, then the problem isn't cybersecurity, it's whoever was stupid enough to connect the power grid to the internet. Let's fix that. But let's not regulate and spy on large segments of the public internet to cover for a few bad decisions.

Filed Under: cybersecurity, fear mongering, hype, nyc, phishing, power grid, terrorism, white house