Homeland Security Secretary Janet Napolitano on Wednesday warned that some of the largest U.S. financial institutions "are actively under attack" from cyber hackers.
While Napolitano sounded the alarm about the attacks at a cybersecurity event hosted by The Washington Post, she declined to provide any details about them.
When asked by Post editor Mary Jordan about whether hackers are stealing information or money from banks, Napolitano answered "yes" and then quickly added, "I really don't want to go into that per se."
"All I want to say is that there are active matters going on with financial institutions," she said.
The public websites of Wells Fargo, Bank of America, JP Morgan Chase and others were hit by a series of denial of service attacks this fall, which made their sites inaccessible to customers. A denial of service attack inundates a Web server with large numbers of page requests until the site fails to load. It does not let the hackers siphon sensitive information from its victim.
After Hurricane Sandy wreaked havoc on the East Coast, Napolitano said people should look than no further than the damage caused by the massive storm to understand the need to boost the nation's cybersecurity protections.
"One of the possible areas of attack, of course, is attacks on our nation's control systems — the control systems the operate our utilities, our water plants, our pipelines, our financial institutions," Napolitano said. "If you think that a critical systems attack that takes down a utility even for a few hours is not serious, just look at what is happening now that Mother Nature has taken out those utilities."
"The urgency and the immediacy of the cyber problem; the cyberattacks that we are undergoing and continuing to undergo can not be overestimated," she said.
The Department of Homeland Security (DHS) oversees the protection of unclassified computer networks for civilian agencies. The Obama administration has tasked DHS with coordinating cybersecurity efforts between the federal government and private industry.
Napolitano said President Obama has made cybersecurity a priority and invested money into DHS's cyber programs, noting that the department's workforce has increased roughly 600 percent over the last few years. The president has also "constantly asked for double-digit increases in the cyber budget" at the department and it is actively looking to hire more skilled cybersecurity professionals.
The DHS secretary also called for Congress to pass legislation that would help protect the nation's critical infrastructure from cyberattacks and said there may be another attempt during the lame-duck session to pass a bill that failed in the Senate this August. However, Napolitano cautioned that the likelihood of the Senate taking another crack at the bill "probably depends on the outcome of Tuesday's election."
Senate Republicans blocked the bill because they argued it would add additional costs onto businesses and saddle them with new security rules.
She said that "when" President Obama is reelected, "I think he will have to consider an executive order that covers many of the areas that legislation would cover."
Yet she warned that an executive order "is not a compete substitute for legislation" and "there are some things that only legislation can provide," such as liability protection for companies that follow a set of cybersecurity best practices.
Congressional Republicans have spoken out against the White House issuing a cyber order and argued that Congress should handle the issue on its own instead.