The U.S. Secret Service has been investigating the hacking of a Nasdaq network since last year, but agents have been unable to determine who the culprits are, where they are or what their motivation is, the Wall Street Journal reported Friday, citing anonymous sources. The trading system has not been compromised, and the hackers have only been looking around it, according to the article.

The Federal Bureau of Investigation has now joined the Secret Service's effort to track down the hackers, who reportedly have penetrated the network repeatedly. While investigators have not been able to trace the activity to any particular country, people "familiar with the case said that some evidence points toward Russia," adding that the culprits really could be anywhere. 

The timing of this disclosure is interesting. The federal government considers stock exchange networks critical infrastructure, like the electric grid and transportation networks. For years the feds have sought greater control over this private infrastructure. They began redoubling those efforts in recent weeks by floating legislation that would give federal authorities nearly unchecked power over critical infrastructure during emergencies, a.k.a., the "kill switch" bill. The bill's advocates take exception to the term "kill switch," but the legislative language is broad and vague, creating legitimate concerns about how the power would be wielded.

It is not without precedent that anonymous-sourced security breach disclosures make big headlines when the government is attempting to expand its powers. The disclosures tend to be sprinkled with scary-sounding terms like "cyberattack," "cybersecurity" and "cyberwar"--terms which the people who actually run the private sector's critical networks really don't use much. The breach disclosures also tend to make veiled attempts to blame people in Russia or China, but they include enough caveats to cover themselves when the blame turns out to be misdirected.

I'm not suggesting that hacking isn't a serious problem or that hacking into a stock exchange isn't an extremely serious problem. I'm suggesting the opposite. The networks we are talking about here are much too important to suffer from these major ongoing vulnerabilities. Critical network security breaches are not something we should be addressing based on vague, anonymous disclosures. And the front-page stories shouldn't just coincide with campaigns to scare lawmakers into accepting greater government powers over the private sector. 

It is time that the conversation about network security takes its rightful place, front and center. It should be discussed more openly, in greater detail and more often--and by people who can identify themselves and their interest in finding solutions to the problem. And with all due respect to our federal civil servants and law enforcement agents--who genuinely deserve our enormous respect--if the feds are having such a devil of a time learning anything about hackers attacking a Nasdaq network since last year, maybe they really shouldn't have nearly unchecked control over private infrastructure. - Caron