It is not just federal government intelligence officials who are warning of terrorist or hostile nation-state cyberattacks on U.S. defenses or critical infrastructure. It is terrorists themselves.
A video obtained about a year ago by the FBI, purportedly from al Qaeda, is being circulated by supporters of legislation in the U.S. Senate that would let the government regulate the computer security of critical industries, such as the electric power grid.
The video exhorts al Qaeda followers -- the "covert Mujahidin" -- who have the skill to commit "electronic jihad" -- launch cyberattacks on U.S. and other Western targets. Sens. Susan Collins, R-Maine, and Joseph Lieberman, I-Conn., the lead sponsors of the Cybersecurity Act, told Fox News that they had learned of the video just a week ago.
"It's essentially instructing anybody who's sympathetic with al Qaeda's ideology to engage in cyberattacks, and the tape is telling them how easy it is to do so," Collins told Fox.
Lieberman, in a statement on the website of the U.S. Senate Committee on Homeland Security and Government Affairs, says the video means, "Congress needs to act now to protect the American public from a possible devastating attack on our electric grid, water delivery systems, or financial networks. I urge the Majority Leader to call up for debate and a vote the bill that Senators Collins, Rockefeller, Feinstein, and I authored to set those standards."
The video tells followers that the U.S. is as vulnerable now to cyberattacks as its airlines were in 2001. And Lieberman and others have pointed out the obvious - it doesn't take an army, navy and air force to launch a cyberattack. All it takes is superior hacking skills. It calls for attacks on both infrastructure and media targets.
The video also includes a U.S. television clip featuring cyber analyst James Lewis and former Navy admiral and past head of both the National Security Agency and director of National Intelligence Mike McConnell discussing the vulnerabilities of government and private networks.
McConnell has been preaching that message consistently. At a panel on cyberespionage at the Bloomberg Link Cyber Security Conference in April, expressed the need for government and industry to cooperate with information sharing, since cyberattacks occur at light speed. "If you're going to be successful, you have to see it and react in milliseconds," he said. "It's about 30 milliseconds from Tokyo to New York."
But he was pessimistic about Congress passing legislation. "That debate will only end when a catastrophic attack occurs," he said. "Those bills [in Congress] are necessary, but not enough. We're going to talk but not act, sufficiently."
The Lieberman-Collins bill is backed by the White House but opposed by Republicans in Congress, who complain that it calls for too much regulation on business.
Meanwhile, Government Security News reports that at an April government security conference in Washington D.C., Kevin Helmsley, vulnerability handling lead for the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), said, "ICS-CERT has recorded a 300% increase in vulnerability disclosure reports from water and power companies since 2008, from nine incidents then to 198 in 2011."