The Providence Journal (R.I.), Jan. 8: We’ve all heard about computer hackers and their successful efforts to breach the data of shoppers, corporations and federal agencies. It should come as no surprise, then, that other information is also a prime target for hackers. And as recent reports by the Associated Press and The Wall Street Journal make clear, those targets include the computer systems that run America’s infrastructure – its power grids and pipelines, and its bridges, dams and factories. According to the AP report, a security researcher tracing hackers who had accessed a California university’s housing files discovered something far bigger: hackers had obtained passwords, engineering drawings and other information on “dozens of power plants.” Though some of the information was old, the incident was not unique. On about a dozen occasions over the past decade, “sophisticated foreign hackers gained enough remote access to control the operations networks that keep the lights on,” the AP reported. The Wall Street Journal report described how Iranian hackers “crawling the Internet, looking for vulnerable U.S. industrial control systems” breached the system controlling a small dam about 20 miles from New York City. As these reports and others make clear, the security systems used by government and industry are frequently outmatched when it comes to cybersecurity. In fact,

many of the private systems were built before network security was such a huge issue. But the threat is real. The Federal Energy Regulatory Commission reported nearly two years ago that an attack on just nine key power stations could cause a coast-to-coast blackout that lasts for months. And as Department of Homeland Security Secretary Jeh Johnson said last fall in prepared remarks to the House Committee on Homeland Security: “often, the most sophisticated actors penetrate the gate, through a simple act of spearphishing, because they know they can count on a single user letting his guard down.” Mr. Johnson urged lawmakers to act on legislation that would allow the federal officials to fully deploy a new security system across all federal agencies, and pass the Cybersecurity Information Sharing Act, which would allow sharing of information on Internet traffic between the U.S. government and industry . Some lawmakers, notably including U.S. Rep. James Langevin, D-R.I., who is cofounder and co-chairman of the Congressional Cybersecurity Caucus and has long spoken of the need for stronger cyberdefenses, understand the threat. But Congress as a whole needs to treat this issue with the urgency it deserves and give federal agencies and private industry the incentives and tools they need to prevent breaches that could plunge us into darkness, or worse.