|The Department of Defense unveiled its first strategy for operating in cyberspace on Thursday.|
WASHINGTON, D.C. ( TheStreet) -- The threat of a "cyber war" against critical U.S. infrastructure looms larger than ever, according to Rep. Jim Langevin (D., R.I.), co-chair of the congressional cyber-security caucus, who warns that the country's power grid remains an attractive target. "We are already beginning to see interest among the hacking community in the massive and often shocking vulnerabilities and lax mindset that plague our power, water, transportation and other utilities," he said, during a speech at the Brookings Institution on Wednesday. "It used to take a sophisticated hacker to pull off a distributed denial of service attack; now all you need is an Internet connection, tools such as the Low Orbit Ion Cannon and an angry mob."
"My gut tells me we will see a similar progression against our critical infrastructure," he added. An open source app for stress testing networks, the Low Orbit Ion Cannon was reportedly used by WikiLeaks supporters to unleash cyber attacks last year following the arrest of the Web site's founder, Julian Assange. Langevin also pointed to Stuxnet, a Microsoft ( MSFT) Windows worm that last year targeted industrial software and equipment, most notably within Iran's nuclear program. Experts have already warned that a successor to Stuxnet could wreak havoc in the U.S. power grid. "As Stuxnet has shown the world, a serious attack through cyberspace is all too real a possibility, yet many companies have still not confronted this risk, focusing on reliability and profit over protection," warned Langevin. "If we cannot convince policymakers and the private sector that security must be a priority, then we will suffer the consequences." Langevin called for a more robust private-public partnership, with government taking the lead in issuing standards and guidance for protecting critical infrastructure and utilities. "I have worked hard to bring this model of a federal lead in cybersecurity to the electric grid, but it applies across other sectors as well," he said. "I introduced a bill earlier this year that echoed the White House model for establishing frameworks for various critical infrastructures, guided by best practices developed across industries." Specifically, Langevin pointed to the role currently played by the North American Electric Reliability Corporation (NERC), an industry standards body that aims to keep the country's power systems up and running. "There needs to be robust regulation," he said, noting that NERC is a self-regulating body.
Langevin also called for the creation of a locked-down Internet domain for key U.S. infrastructure, similar to the military's .mil domain, which would be called .secureinfrastructure. "It would be a closed network - there are only a few people that need access to the electricity grid," he said. "I think we should look to make a much more transparent system, a reduction in anonymity for those that go on critical infrastructure networks." -- Written by James Rogers in New York. >To follow the writer on Twitter, go to http://twitter.com/jamesjrogers. >To submit a news tip, send an email to: firstname.lastname@example.org.