By Ian Bush
PHILADELPHIA (CBS) — Cyber-attackers have been playing havoc with bank websites. Just last week, six major banks were hit, leaving consumers frustrated. And while lawmakers are concerned, they haven’t been able to agree on what to do about it.
Denial of service attacks, which struck Chase, Citigroup, PNC, Wells Fargo, US Bank, and Bank of America, are like a rush-hour crash on the Schuylkill Expressway: a site gets overwhelmed with traffic and nobody moves.
“That’s different than the kind of attacks which would go into the security systems or the banking system and take out private information,” says Rep. Patrick Meehan (R-Pa. 7th District), chairman of the House Homeland Security Committee subcommittee on Counterterrorism and Intelligence. “They’re not the most sophisticated, but the fact of the matter is the scope of them seems to suggest they’re tied back to something more than a loose knit group of criminals or activists.”
But that doesn’t mean Congress is any less concerned. Meehan points toward Iran, linked by some intelligence experts to these attacks as possible retaliation over economic sanctions.
“It also suggests to some extent the ability for Iran to participate in a response that could look at our network capacity should there be some kind of offensive action taken against their growing nuclear interests,” he says. “Iran put close to a billion dollars into enhancing not only their defensive cyber capacity but also their offensive cyber capacity.”
The Obama administration is writing up an executive order on cybersecurity standards after Congress failed this summer to pass a bill that would beef up protections for networks on which things like banks and power grids run.
But Senator Susan Collins (R-Maine) says an executive order is a “big mistake” because it can’t grant incentives — such as liability protection — to encourage businesses to share information with government agencies about cybersecurity threats and vulnerabilities. Collins, who sits on the Senate Committee on Homeland Security, also fears “it could actually lull people into a false sense of security — that we’ve taken care of cybersecurity.”
Meehan says the government and private sector need to cooperate on a workable security solution.
“I have visited businesses in the region that are very sophisticated in their methodology not only to protect their information systems, but to simultaneously anticipate and identify where cyberattacks might take place,” he tells KYW Newsradio. “What we want to do is take the best of what we have to work with the government to create some kind of reasonable standard and then find a way to create a real true public-private partnership to protect our cyber infrastructure.”
The banks have come under fire for providing little or no explanation for why their sites were down. Consumer groups have called on financial institutions to tell customers what’s going on when there’s an issue with online banking services.
The Associated Press contributed to this report.