对围栏的美联储官员关于采用数字美元

彭博

当2012年触发闪烁的红色黑客警报时,管道被阻止

(彭博社)——十年前,黑客闯入天然气管道被抓获,基地组织发布视频呼吁美国基础设施“电子圣战”,之后,参议员约瑟夫·利伯曼(Joseph Lieberman)试图发出警报。利伯曼在2012年的威胁辩论中警告他的参议院同僚,该系统“闪烁着红色”。“私人和运营的网络基础设施可以而且可能有一天会成为敌人攻击的目标。”前副总统候选人立法者希望能源公司加强计算机安全。但是,石油公司和其他公司利益集团试图扼杀这项立法的努力在激烈的游说中已经减弱。这使得一套自愿的指导方针体系无法阻止上个月对Colonial Pipeline Co.的勒索袭击,该袭击导致东海岸一条重要的燃料干线瘫痪。“这真的是一次错失的机会,”利伯曼说,他现在是Kasowitz Benson Torres LLP的高级律师。“如果我们通过法律,对殖民地管道的袭击可能不会发生。”为了应对袭击,国土安全部现在正准备放弃自愿方式,对管道实施网络安全要求,据一位熟悉的人士称,这将是石油公司和管道运营商的一次失败。这些公司和管道运营商十多年来成功地突破了联邦标准,挫败了法律或监管机构的网络攻击。与发电厂不同,美国的管道不需要满足联邦网络安全要求,尽管国土安全部在2001年9月11日袭击后修建时被授权实施这些要求。据知情人士透露,负责保护该国管道的国土安全部(DHS)将于本周发布一项政策,敦促管道公司报告网络事件。《华盛顿邮报》报道说,在未来几周内,保护设施和应对袭击的进一步要求将增加。“拜登政府正在采取进一步措施,以更好地保障我国关键基础设施的安全。”国土安全部周二在一份声明中说。“我们将在未来几天公布更多细节。”到目前为止,TSA拒绝使用其权力强制实施网络安全措施。“我相信,通过与行业合作,我们可以更快更好地实现安全,而不是对其进行监管,因为法规已经到位。在许多情况下,最低安全标准和行业已经做得更多,”2016年退休的Jack Fox说,他曾任该机构的管道安全经理。利伯曼的法案将对私有关键基础设施提出网络安全性能要求——并对漏掉的公司处以罚款。这些规则不仅适用于管道:恶意拆除计算机系统可能导致大规模损失、金融市场崩溃或能源和水供应中断的部门应该包括在内。该法案的下一版本未能为利伯曼克服共和党领导的阻挠管道公司,错误仍然显而易见:“我们想知道是谁在推动这场激进的反对,我们得到的答案是美国各大石油公司的能源公司和管道公司——包括埃克森美孚公司、雪佛龙公司和康菲石油公司——与一些炼油厂和至少一家管道运营商一起主张立法。Colonial不主张立法正如提交国会的披露表所示,2012年的措施。然而,这些团体还包括美国石油学会、石油管道协会和商会——一个2012年花费1.039亿美元影响政府政策的政治巨头。让我们称之为一个过于广泛、顽固的监管者该组织支持一种侧重于更大程度共享威胁情报的替代方法,该组织今天继续支持这种态度:“我们支持公私合作,以增强我们在所有部门(包括管道)的网络安全,造福所有美国人。”美国商会网络安全政策副主席马修·埃格斯(Matthew Eggers)表示。多年来,网络安全专家和政府官员一直在警告管道黑客行为的后果,包括2019年,国家情报局局长办公室发布报告,警告可能破坏管道的网络攻击即便如此,从金融服务到通信,几乎所有行业都受到了影响。参与对拟议网络安全授权的警告将使政府在企业事务上采取严厉措施s. But proponents warned that mandates are essential to ensure adequate safeguards. a Amid a spate of increasingly sophisticated attacks on private companies that operate power plants, dams, and other critical infrastructure. Al-Qaeda VideoWeeks after the law was passed, the Department of Homeland Security warned hackers who had tried for months to infiltrate computer systems for a number of natural gas pipeline operators. ABC News reported that the FBI had received an Al Qaeda video calling for “electronic jihad” against critical US infrastructure. The computer security company McAfee Corp. warned in 2011 of coordinated, sustained cyberattacks on global energy companies. The hacking episodes showed how enticing fuel systems are to cyber criminals like the Russia-affiliated group who used DarkSide ransomware to hold Colonial’s computer systems hostage around May 7th. The company was forced to shut down its roughly 855-kilometer pipeline system that supplies about 45% of the fuel consumed on the east coast, resulting in outages at gas stations and on the east coast paying a $ 5 million ransom before service five Was resumed days later. It is not clear whether mandates thwarted the attack and the investigation is still ongoing. Colonial is committed to “reviewing any proposal that draws lessons from this event that strengthens or hardens our infrastructure”. The oil and pipeline trading groups steadfastly insist that this is not the time for mandatory federal mandates. “It is premature to discuss regulation until we have a full understanding of the details of the colonial attack,” said Suzanne Lemieux, API manager for operational security and emergency response. “However, we are determined to continue our solid coordination with all levels of government.” added in a statement that he was broadly coordinated with the chamber on the matter in 2012 and warned of a single regulatory approach that meets all requirements John Stoody, a spokesman for the Association of Oil Pipe Lines, of which Colonial Pipeline is a member, said : “We want the TSA to do everything right, what it is up to.” Overwhelm TSA every day with hundreds of thousands of cyberattack reports that would not help anyone, “he said. PartnershipChevron said in an emailed statement that federal regulation “Should take a risk-based approach”, the company Flexibil it offers security against threats. And Exxon noted that the rapid evolution of cyber threats means that “all formal and mandated cybersecurity requirements for the industry are often out of date when they are completed.” The Transportation Security Administration has long followed a similar approach. A branch manager in the agency’s surface operations office said last year there were “very few regulations” and a “collaborative approach to industry introducing security measures”. This is evident from a presentation archived on the agency’s website. The TSA chose not to regulate the regulations, according to Fox, the retired TSA pipeline safety manager, partnering with industry is more efficient, Fox said in a telephone interview. “With this partnership, we could make a phone call and say we need you to do this and that and it would respond the next day.” Republican FilibusterFox said he didn’t think the Lieberman bill would have prevented the colonial cyberattack. You can regulate what you want, ”said Fox. “We have regulations on speed limits, gun controls and all sorts of things. So if you regulate something, it doesn’t mean it won’t happen.” Ultimately, in 2012, Lieberman and Collins watered down their accounts to win the Republicans over to survive. They dropped mandates and fines in favor of a measure that would only create optional requirements. But even the reduced bill was not enough. Persistent concerns about liability and data protection haunted the legislation, and the chamber also rejected the new version. It was defeated twice by a Republican-led filibuster and eventually fell nine votes below the 60 votes required to break the November 2012 debate. Amy Myers Jaffe, professor at Tufts University and author of Energy’s Digital Future, said the colonial cyberattack could hint at the Gulf of Mexico oil well that exploded in 2010, killing 11 workers and the worst oil spill in history the United States triggered. An overly cozy relationship between federal regulators and oil companies has been blamed for contributing to the disaster, Jaffe said. “It is shocking to me to believe that an industry that loves to brag about its safety records would ever have advocated having government-led standards that are mandatory for cybersecurity in vital energy infrastructures.” Find more stories like this On Bloomberg. com Sign up now to stay up to date with the most trusted business news source. © 2021 Bloomberg LP

评论被关闭。