Somebody is lying. Is it Ruppersberger and CISPA, or Aramco?
As expected, Dutch Ruppersberger has reintroduced CISPA following Obama’s Cybersecurity Executive Order. He must be hoping that the warnings voiced by Obama in the State of the Union address will strike a chord and somehow make CISPA more acceptable this time round. And he’s added his own warnings.
In an op-ed in the Baltimore Sun he writes:
August: Cyber attackers disrupt production from Saudi Aramco, the world’s largest exporter of crude oil, taking out 30,000 computers in the process, according to press reports.
Fight cyber crime through information sharing
It didn’t happen. At least Aramco says it didn’t. Yes, Shamoon took out 30,000 desktop computers, but it didn’t touch the production system which is on a separate network. So, regardless of whether there is some gutter press report somewhere saying that production was disrupted, it wasn’t. If it had, and oil production from the world’s largest exporter of crude oil had been disrupted, there would have been an almighty spike in world oil prices. There wasn’t – and Ruppersberger knows it. It’s a pure and simple lie for political purposes.
And it’s not the only truth distortion in his article. He says, “each of the above-referenced attacks could have been prevented by the federal government,” because “The U.S. government can often see the worms and viruses placed by hackers and other evil-doers in the computer networks that make up our modern world.”
I think if I was Aramco, I’d want to know what the US government was doing inside my networks monitoring unknown malware. On the face of it, if what Ruppersberger is saying is true, the implication has to be that the US government put it there in the first place – and that wouldn’t be the first time that has been suggested.
Later on, he suggests that “a hacker was able to access nearly 4 million tax returns in South Carolina with a single malicious email.” Well, we’ll gloss over the suggestion that the email was all it took, and remember the point he is making – that the government could have stopped this hack if it had been able to share its knowledge with the victims – which it can’t, by law. But the fact is, it did anyway. The South Carolina Tax Department only learnt about the hack because the Secret Service told them it was happening. So although the government can’t, it did – so why does it need new laws?
“We’ve gotten wake-up call after wake-up call,” he concludes. “It is time to work together to prevent the cyber nightmare from becoming a crippling reality.” He is absolutely right. Such shameful and twisted hyperbole should wake us up to the reality and motives behind this proposed law. The cyber nightmare is CISPA, and we need to work together to stop it becoming a crippling reality.
Oh, and once you’ve managed to stop CISPA, would you all just mind popping over here to help us get rid of the UK’s Communications Bill and the EU Cybersecurity Directive – both of which are actually much worse than CISPA…