Techiezine

Newt Gingrich and the Cyber World

Newt is at it again. No stranger to controversy, the Republican presidential candidate spoke openly about cyber warfare (among other topics) on a recent episode of the podcast Coffee & Markets. With respect to cyber security, Gingrich stated the following:

“I think that we have to treat state-based overt activities as the equivalent of acts of war…I’m much more inclined to find a way for us to systematically and methodically develop capabilities that are both much more robust on the defense side but also to develop capabilities that allow us to punish countries that engage in this kind of behavior.”

The man does not mince his words. He was also quick to implicate China and Russia as major perpetrators of cybercrime. And it is not only Gingrich who is worried about possible attacks to American infrastructure. This past December, the House Intelligence Committee passed the Cyber Intelligence Sharing and Protection Act of 2011, which is aimed at fostering the open exchange of cybersecurity information between the private sector and the government. Advocates of the bill state that the legislation will go a long way in providing added measures to safeguard computer networks from cyber attacks. Opponents, however, argue that individual privacy rights could be infringed upon, despite the fact that the volunteering of information from the private sector is not mandatory. Michelle Richardson, an American Civil Liberties Union counselor, suggests, “The concern is that the government will be able to create records of people’s Internet use in the name of cybersecurity.” Yes, like so often is the case with government legislation, you take one step forward, two steps back.

Cyber Attacks on the Local Front

But how serious is the threat? In a Wired online article from January 24, 2012, it was reported that a security researcher was able to map and locate more than 10,000 control systems across the U.S. that were hooked up to the Internet, many of which were apparently susceptible to hacker attacks. (One always wonders if reporting such things in counterproductive, but then again, those who want to know, already know.) The article goes on to say that the researcher could did not determine how many were working systems, but in the hacking game, all it takes is one point of entry.

In November of last year, the control system of the Springfield, Illinois, water utility was allegedly infiltrated by hackers in Russia (the IP addresses originated there). The attack supposedly caused the Supervisory Control and Data Acquisition System (SCADA) to repeatedly shut down, which eventually led a water pump to burn out. This was the first reported attack on an industrial control system since the Stuxnet worm shut down systems in Iran’s uranium-processing plants in January of 2010. What frustrated officials about the supposed cyber attack in Illinois was the lack of information that was shared with other facilities that might also be vulnerable to the same type of security breach. But as it turned out, the ‘hacker’ was not Russian at all, but an American contractor vacationing in Russia. And the ‘hacking’ was simply a remote access that was in fact requested by the utility.

(Are you taking note, Mr. Gingrich?)

In December a similar attack was perpetrated against a Northwest rail company, which resulted in the disrupting of signals for two days. Although the disruptions did not cause major problems for the company, it again points to the vulnerability of national infrastructure systems. Whether this particular attack originated in Russia or China, as Mr. Gingrich might have you believe, what is clear is that legislation needs to not only affect policy but also the day-today realities that are found on the frontlines.

Understanding the issues surrounding cyber security are vast and complex, the Obama administration set up the National Initiative for Cybersecurity Education (NICE) to encourage cyber awareness, training, and education. However, this is an election year, and wordy government reports by organizations with nice acronyms are not going to cut it. This is where Newt steps in. Mr. Gingrich finds himself in a heated and controversial Republican race that has more ebb and flow than the Potomac. In this context, cyber security is not simply a matter of policy, legislation, and debate. It becomes a sound bite to mobilize the media. And with the Republican primaries in full swing, Mr. Gingrich is starting to buckle down for an old-fashioned war of words.