Thursday, July 28, 2016

Jim Patterson with Observations on Policies to Protect US Electrical Grid


Dear Mr. Patterson:

Thank you for contacting me to express your concerns regarding the vulnerability of our nation’s electrical grid.  I appreciate hearing from you on this important issue and welcome the opportunity to respond.

I share your concerns about the security of our energy infrastructure.  As you know, the grid faces risks from cyber-attacks, solar flares, electromagnetic events, and other threats.  California, perhaps more than any other state, has seen firsthand the consequences that result from disruptions in reliable electric service.

There were a number of bills introduced in last Congress to address these threats.  Senator Edward Markey’s (D-MA) “Grid Reliability and Infrastructure Defense (GRID) Act” (S. 2158) would have authorize the Federal Energy Regulatory Commission to address physical, cyber, electromagnetic pulse, and other potential threats that could compromise our nation’s electric grid and energy infrastructure.  Representative Trent Franks (R-AZ) introduced two bills, the “Secure High-voltage Infrastructure for Electricity from Lethal Damage Act” (H.R. 2417) and the “Critical Infrastructure Protection Act” (H.R. 3410), which would have directed the federal government to implement emergency protective measures to protect the bulk-power system and critical electric infrastructure from threats such as electromagnetic pulse and electrical storms.  However, none of these bills came to a vote before the 113th Congress adjourned.  Accordingly, they will need to be reintroduced in the 114th Congress in order to be considered.

It may interest you to know that on February 7, 2014, I joined three of my Senate colleagues in sending a letter to the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation urging them to consider stronger federal standards on physical security at critical substations to ensure the reliable operation of the bulk power system.  I am pleased to report that they are now in the process of preparing new physical security standards.  I have enclosed a copy of the letter for your review.

In addition, the Office of Electricity Delivery and Energy Reliability at the Department of Energy funds research and development of new technologies and protocols to secure the electricity grid.  I supported the 2015 Consolidated and Further Continuing Appropriations Act (Public Law 113-235), legislation that funds the federal government through September 2015, which President Obama signed into law on December 16, 2014.  This law provides $147 million for grid secrutiy efforts, which is consistent with funding levels for fiscal year 2014, and includes $46 million specifically for cyber security and $6 million for infrastructure security. 

Please know that I have made careful note of your concerns and will be sure to keep your thoughts in mind should similar legislation be considered by the full Senate.

Again, thank you for your letter.  If you have any additional questions or concerns, please contact my Washington, D.C., office at (202) 224-3841 or visit my website at http://feinstein.senate.gov.  Best regards.

Sincerely yours,


  Dianne Feinstein
         United States Senator

Further information about my position on issues of concern to California and the nation are available at my website, feinstein.senate.gov. And please visit my YouTube, Facebook and Twitter for more ways to communicate with me.


Jim Note: I became interested in electromagnetic pulse and radio frequency threats to electrical infrastructure after hearing former House Speaker Newt Gingrich discuss the subject in 2011. The cyber threats have gone on for years as a John Kerry-like "nuisance" but are at critical level in 2016. I was in San Francisco when the shooters tried to take down a Pacific Gas and Electric Power substation by rifle shots. No matter how much companies invest in software to fight off cyber threats a gunman, terrorist or some lunatic with knowledge or training can do damage and in California and Silicon Valley such a physical attack can easily lead to a a national security crisis.  So Senator Feinstein's work to counter physical attacks is also important. 

Thursday, July 7, 2016

Jim Patterson Comments on Cyber Terrorism





















Dear Mr. Patterson:



Thank you for contacting me about the online publication of terrorism-related propaganda materials.  It is helpful for me to hear your views, and I welcome the opportunity to respond.



I am deeply troubled that extremists are able to effectively recruit new members or inspire lone wolf attacks through the use of online publications and social media.  As you may be aware, terrorists have instructions on how to conduct an attack or how to assemble an explosive device available to them through online publications, as was the case in the 2013 Boston Marathon bombings.  In that instance, Dzhokhar and Tamerlan Tsarnaev reportedly used the step-by-step instructions contained in Inspire magazine – a publication disseminated online by al-Qa’ida in the Arabian Peninsula – to create their improvised explosive devices using pressure cookers.



I previously authored legislation after the 1995 Oklahoma City bombing that criminalizes the teaching of bombmaking if there is intent that the information will be used to commit a federal crime or knowledge that the person taught intends to use that information to commit a federal crime.  President Clinton signed this legislation into law in 1999 and it has been used in multiple criminal prosecutions.  I believe this statute can be used to effectively prosecute terrorist bombmakers and to help combat the online posting of bombmaking instructions, to include Inspire magazine.



I am working with my colleagues in Congress to determine what more can be done to prevent the online publication of Inspire, as well as other online publications that can potentially serve as tools for terrorism like the Anarchist’s Cookbook, consistent with the constitutional protections for free speech.  I recently sponsored, along with Senator Burr, the Requiring Reporting of Online Terrorist Activity Act (S. 2372), which would require social media companies to report instances of terrorist activity to law enforcement.  While this bill would not require companies to monitor their users, if they become aware of terrorist activity such as the distribution of bombmaking instructions for an attack, they would be required to report it.



It is important to note that while we must be mindful to protect our First Amendment rights, we need to reconcile these freedoms with the need to protect Americans.  Even though the First Amendment gives broad protection to free speech, it is important for local, state, and Federal officials to have the ability to crack down on material that falls outside the law.  I have publically advocated for the removal of this information when it violates the law or the terms of use of the sites hosting the information, and I will continue to work with the Administration and private industry to further protect against the use of the Internet to spread terror tactics.



Once again, thank you for writing.  Please be assured that I will keep your thoughts in mind as I continue to push for the removal of online materials that are used to further the goals of terrorists.  If you have any additional comments or concerns, please do not hesitate to contact my Washington, D.C. office at (202) 224-3841.




Sincerely yours,


   Dianne Feinstein
          United States Senator


Further information about my position on issues of concern to California and the nation are available at my website, feinstein.senate.gov. And please visit my YouTube, Facebook and Twitter for more ways to communicate with me.

Jim Note: We have to add strong definitions of "terrorist activity" to go beyond bomb making and include incitement to acts of terror including acts against political, academic, business and faith leaders and those in attendance to peacefully listen to speeches by these leaders. My team is working on other activities that fall into this category and are careful not to infringe on First Amendment protections. JEP.  

Jim Patterson Comments on President Obama's July 2016 Statement on Afghanistan


The White House, Washington
More than 14 years ago, after al Qaida attacked our nation on 9/11, the United States went to war in Afghanistan to combat these terrorists and the Taliban that harbored them.
Over the years, thanks to the heroic efforts of our military, intelligence officials, diplomats and development professionals, we pushed al Qaida out of its camps, helped the Afghan people topple the Taliban and establish a democratic government, dealt crippling blows to the al Qaida leadership, delivered justice to Osama bin Laden, and trained Afghan forces to take responsibility for their own security.
Given that progress, America's combat mission in Afghanistan came to a responsible end in December of 2014.
Compared to the 100,000 troops we once had there, today, fewer than 10,000 remain. And compared to their previous mission -- helping to lead the fight -- our forces are now focused on two narrow missions: training and advising Afghan forces and supporting counterterrorist operations against the remnants of al Qaida as well as other terrorists, including ISIL. Even as we remain relentless against those who threaten us, we are no longer engaged in a major ground war in Afghanistan.
Still, even these narrow missions continue to be dangerous. Over the past year and a half, 38 Americans -- military and civilian -- have given their lives in Afghanistan for our security. We honor their sacrifice. We stand with their families in their grief and their pride. And we resolve to carry on the mission for which they gave their last full measure of devotion.
Today, our mission in Afghanistan is not ours alone. For the second year now, Afghan forces are fully responsible for their own security. Every day, nearly 320,000 Afghan soldiers and police are serving and fighting -- and many are giving their lives -- to defend their country. Meanwhile, in another milestone, we recently removed the leader of the Taliban, Akhtar Mohammad Mansur.
Nevertheless, the security situation in Afghanistan remains precarious. Even as they improve, Afghan security forces are still not as strong as they need to be. The Taliban remains a threat. And as President and Commander-in-Chief, I've made it clear that I will not allow Afghanistan to be used as safe haven for terrorists to attack our nation again.
That is why today, based on the recommendation of our military leaders, my national security team, and in consultation with Congress, the Afghan government and international partners, I announced an adjustment to our posture.
Instead of drawing down to 5,500 troops by the end of this year, the United States will maintain approximately 8,400 troops in Afghanistan into next year, through the end of my administration. The narrow missions assigned to our forces will not change -- they'll remain focused on supporting Afghan forces and going after terrorists. However, maintaining our forces at this specific level will allow us to continue providing tailored support to help Afghan forces continue to improve. And we will continue supporting critical counterterrorism operations.
I know that when we first sent our forces into Afghanistan 14 years ago, few Americans imagined we'd be there -- in any capacity -- this long. As President, I've focused our strategy on training and building up Afghan forces. And because we have, we were able to end our major ground war there and bring home 90 percent of our troops.
Yet even as we work for peace, we must deal with the realities of the world as it is. And we must never forget what's at stake in Afghanistan. This is where al Qaida is trying to regroup and where ISIL is trying to expand its presence. And make no mistake, if these terrorists succeed in regaining areas and camps where they can train and plot, they will attempt more attacks against us. I will not allow that to happen.
This September, we'll mark 15 years since the attacks of 9/11. Once more, we'll pause to remember the nearly 3,000 lives we lost. We'll salute our men and women in uniform -- our 9/11 Generation -- who have served in Afghanistan and beyond. We'll honor the memory of all those who have made the ultimate sacrifice, including more than 2,200 American patriots who have given their lives in Afghanistan.
As we do, let's never forget the progress their service has made possible. Whether it's millions more Afghan children in school, or dramatic improvements to public health, or the first democratic transfer of power in Afghanistan's history, Afghanistan is a better place than it once was. That’s progress we've helped make possible -- progress we can help sustain, in partnership with the Afghan people and our coalition partners. And that’s why I firmly believe that the decision I'm announcing today is the right thing to do -- for Afghanistan, for the United States and for the world.
President Barack Obama
This email was sent to jepcapitolhill@gmail.com.
Unsubscribe | Privacy Policy
Please do not reply to this email. Contact the White House

The White House • 1600 Pennsylvania Ave NW • Washington, DC 20500 • 202-456-1111

Comment: I think it wise to leave more troops, approximately 3,000, than President Obama planned at this point. More troops are needed based on recent ISIS attacks in the U.S., Baghdad, Ankara, Dhaka, and the Kingdom of Saudi Arabia. President Obama claims ISIS has moved out of Syria and the terror threat is growing in Iraq and Afghanistan. The terror threat will, I believe, strain current troop capacity in Afghanistan. Overall, the terror war in Afghanistan  has not gone the way President Obama planned it would and this statement was, no doubt, a disappointment for his policy in Afghanistan. The greater disappointment is that he still discounts the terror threat in Afghanistan and the broader Middle East and he lacks the will to effectively address it in the only way sure to stop it - militarily. JEP 

Ransomware and Legislation to Stop It. Jim Patterson

1:26 PM (18 hours ago)
to me



July 6, 2016


Mr. James Patterson
766 Harrison Street #211
San Franciisco, California 94107

Dear Mr. Patterson:

Thank you writing to express your concerns about a recent cyber-attack on a hospital in Los Angeles.  I appreciate the time you took to write and I welcome the opportunity to respond. 

As you know, on February 5, 2016, hackers used malware to seize control of the computer system at Hollywood Presbyterian Medical Center in Los Angeles, California.  This incident was a type of attack often referred to as “ransomware”, in which hackers encrypt a computer network’s data and demand ransom in exchange for the decryption key.  The hospital paid approximately $17,000 in bitcoin to regain access to the system, and the network is now operating fully without the compromise of any records.  Currently, the FBI investigating the attack.

I understand you believe these types of attack are a great danger to public safety, and support federal legislation to protect against similar incidents.  Like you, I believe that the threat of cybersecurity attacks is among the greatest threats our nation faces.  American financial institutions have incurred multi-million dollar losses due to cyber thefts.  Even computer security companies and national security agencies like the FBI and Department of Defense have fallen victim to cyber-attacks.  Cyber attackers also hack into our personal computers, access our private information, and use our computers to launch other cyber-attacks.  These intrusions affect the United States in substantial and real ways, and the threat is only growing.  

To help both our government and private businesses deal with constantly advancing cyber threats, on October 27, 2015, the Senate passed the “Cybersecurity Information Sharing Act” (S. 754) by a strong bi-partisan vote of 74-21.  This bill calls for voluntary information sharing of cyber threat information between the government and private companies to improve their ability to identify malicious code or cyber-attack signatures more rapidly.  This bill was included in the omnibus spending bill and was signed into law on December 18, 2016.  

I have also worked to protect personal privacy of consumers.  For example, last Congress, I coauthored the “the “Data Security and Breach Notification Act of 2014” (S. 1976), which would have required the Federal Trade Commission to issue security standards for companies and nonprofit organizations that hold consumers’ personal and financial information.  This bill also would have established procedures for these entities to follow in the event of a security breach.  Although this legislation did not pass before the 113th Congress adjourned, I continue to work to ensure that consumers’ personal information is protected.

You may also be interested to know that on March 18, 2016, the Senate Judiciary Committee held a hearing called "Ransomware: Understanding the Threat and Exploring Solutions."  As a result of this hearing, the Judiciary Committee is considering legislation to address this growing threat.  For your convenience, I have included a link to the webcast here: 


Once again, thank you for taking the time to write.  Please know that I will keep your concerns in mind as this situation develops.  If you have any additional questions or comments, please contact my Washington, D.C. office at (202) 224-3841.  Best regards.

Sincerely,

 

 

 

Dianne Feinstein
                 United States Senator

DF:cb

Further information about my position on issues of concern to California and the nation are available at my website,Feinstein.senate.gov. And please visit my YouTube, Facebook and Twitter for more ways to communicate with me.

Jim Note: The team and I spent a considerable amount of time on the letter to Senator Feinstein. We interviewed the parties in Los Angeles and tech advisers in Silicon Valley. I am told this was not the first case of ransomware at a hospital. Question arises if it hits a rural hospital in California or elsewhere and staffers lack a knowledge of how to respond. In such a case ransomware could become deathware if patients are neglected during the cyber health crisis. We continue to follow this story. JEP