Representative Ed Markey (D-MA) is urging the Chairman of the House Committee on Energy and Commerce, Fred Upton (R-MI), to take immediate action toward passing the Grid Reliability and Infrastructure Defense (GRID) Act, which Markey calls a bipartisan bill aimed at hardening the nation’s electrical grid and critical infrastructure against cyberattacks.
Broadly put, the GRID Act would give the president the authority to impose emergency defensive measures, with or without notice, on maintainers of critical infrastructure in response to what is perceived as an imminent threat to the nation’s electrical grid.
In a letter to Upton [PDF], who co-sponsored the bill along with him, Markey cites a recent attack targeting the New York Times and a report published shortly thereafter highlighting research carried out by the security firm Mandiant, both of which make serious accusations against the People’s Republic and Liberation Army of China. These incidents, Markey claims, are evidence that the time to act on legislation that would protect our networks from “devastating damage from cyber terrorist attacks” is long overdue.
The Mandiant report and the New York Times hack are not technically related. However, after the Times noticed suspicious activity on its networks, it hired Mandiant, who has experience in dealing with advanced persistent threat-style attacks from China, to determine how hackers managed to infiltrate the Times’ networks and to subsequently remove the malware and backdoors those hackers left behind. In something of an unprecedented move, the Times then published an exposé detailing the facts of the hack based primarily on Mandiant’s analysis.
Mandiant blamed the New York Times hack on China. The following week, Mandiant published a report of its own, based the same sorts of network analyses that they have performed at the Times and on the networks of any number of other organizations. Among other things, Mandiant exposed a secretive cyberattack unit of the PLA whose primary function is to perform cyber-espionage operations on the networks of American companies.
The letter does not include the phrase “Cyber Pearl Harbor,’ a favorite refrain among American politicians seeking to pass cybersecurity legislation. Quite similarly, though, it does quote the Secretary of Defense Leon Panetta’s warnings that a “cyber-attack perpetrated by nation states or extremist groups” could be “as destructive as the terrorist attack on 9/11.”
Whether Markey is feigning political outrage or reflecting his genuine feelings, the tone of the letter belies a clear frustration that there has been no action, not even a response from Upton, in the almost three years since Markey and Upton coauthored the allegedly bipartisan bill.
*Ed Markey image via USDAgov‘s Flickr photostream, Creative Commons