John McClane (Bruce Willis): Hey, what’s a fire sale?
Matt Farrell (Justin Long): It’s a three-step… it’s a three-step systematic attack on the entire national infrastructure. Okay, step one: take out all the transportation. Step two: the financial base and telecoms. Step three: You get rid of all the utilities. Gas, water, electric, nuclear. Pretty much anything that’s run by computers which… which today is almost everything. So that’s why they call it a fire sale, because everything must go.”
Live Free or Die Hard
There is a war being waged today in this country, one that could have severe repercussions for each and every one of us. It is costing us billions of dollars a year and yet neither business nor government wants to spend the money necessary to fight back.
This week on Capitol Hill lawmakers are getting down to debating the pros and cons of passing one of several versions of a cyber-security bill. Everyone hopes the eventual legislation will launch a counterattack on an army of highly sophisticated hackers bent on some serious mayhem. The debate boils down to who is going to pay for a defense system that will prevent the bad guys from accomplishing a “fire sale,” a la the last Die Hard film.
The Obama Administration backs a Senate bill sponsored by Sens. Joe Lieberman, (I- CT) and Susan Collins, (R-ME) that would implement new rigorous standards and require companies to notify the government when their networks have been breached. The business community opposes it as just more intrusion into the private sector which will mean more costly regulations on top of more regulation. Instead, they would prefer a bill promoted by Senator John McCain (R, AZ), which wants the government to issue alerts about imminent cyber-attacks but would not require a company from acting on the information unless they thought it was a threat to their business.
Unlike other wars the United States has fought this one is on our territory and the frontline troops are increasingly the IT departments of American Corporations. To date, those troops have been both outnumbered and out-fought by the enemy. The rates of infiltration by organized gangs or state-sponsored hackers are escalating. In a multinational study by the Center for Strategic and International Studies the three countries ranked as most vulnerable to attacks were the U.S., Russia and China, while the biggest potential source of attacks was our own country.
Today, we only hear of the biggest cyber-attacks such as the 2011 theft of over 200,000 customer names, account numbers and contact details from Citigroup or the 100 million accounts pilfered from Sony Online Entertainment’s PlayStation Network. I was on the receiving end of the Citigroup theft, and believe me, it drives home the danger like nothing else.
These attacks are costing American companies big money. It costs on average over $7.2 million in costs (lost business, legal defense and compliance) or $214 per customer record in costs. If it is a first time breach, it can cost 30% more, not to mention the inconvenience to its customers like me. Yet, the real danger is not in the consumer sector. It is in the potential for a breach in the nation’s infrastructure system.
As you read this, for example, our natural gas pipeline companies are currently battling a major cyber-attack from a single source, which was launched in December, 2011. Don’t dismiss this threat. As early as 1982, the U.S. CIA managed to blow up a Siberian gas pipeline by using what was called a “logic bomb” involving the insertion of a portion of code into a Russian computer system overseeing the pipeline.
Those involved in cyber security worry that our infrastructure companies (power, water, nuclear, etc.) do not realize how vulnerable their systems are to outside invasion. Computer systems and safeguards that were originally installed years ago are out-of-date. But managements are loathed to upgrade their systems simply on a bet that someday maybe their company might be targeted by hackers. It is a persuasive argument since to safe-guard a company against all possible dangers—earthquakes, tornados, floods, nuclear fallout, to name a few—would be cost prohibitive.
On the other hand, no one wants another 9/11. Maintaining a head-in-the-sand attitude until something happens is just the kind of strategy that has organizations such as Homeland Security experiencing perpetual nightmares. It is a tough one but somewhere in the debate lurks a compromise. I just hope we can find it.