[iwar] Fw: [cyberwar] Major cyber attack on U.S. systems may be inevitable
From: Vernon Stagg
To: iwar newsgroup
From: vstagg@deakin.edu.au
To: iwar@egroups.com
Fri, 20 Oct 2000 13:53:23 +1100
fc Thu Oct 19 19:54:15 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Thu, 19 Oct 2000 19:54:15 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Fri Oct 20 02:54:10 2000)
X-From_: sentto-279987-555-972010411-fc=all.net@returns.onelist.com Thu Oct 19 21:53:33 2000
Received: from c3.egroups.com (c3.egroups.com [208.50.99.225]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id VAA19644 for ; Thu, 19 Oct 2000 21:53:33 -0500
X-eGroups-Return: sentto-279987-555-972010411-fc=all.net@returns.onelist.com
Received: from [10.1.10.38] by c3.egroups.com with NNFMP; 20 Oct 2000 02:53:33 -0000
X-Sender: vstagg@deakin.edu.au
X-Apparently-To: iwar@egroups.com
Received: (EGP: mail-6_1_0); 20 Oct 2000 02:53:30 -0000
Received: (qmail 30665 invoked from network); 20 Oct 2000 02:53:29 -0000
Received: from unknown (10.1.10.27) by m4.onelist.org with QMQP; 20 Oct 2000 02:53:29 -0000
Received: from unknown (HELO hestia.its.deakin.edu.au) (128.184.136.2) by mta2 with SMTP; 20 Oct 2000 02:53:28 -0000
Received: from marmadas (marmadas.cm.deakin.edu.au [128.184.80.75]) by hestia.its.deakin.edu.au (8.11.0/8.10.0) with SMTP id e9K2rNj21755 for ; Fri, 20 Oct 2000 13:53:23 +1100 (EST)
Message-ID: <08ae01c03a40$e9b783d0$4b50b880@cm.deakin.edu.au>
To: "iwar newsgroup"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
From: "Vernon Stagg"
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Fri, 20 Oct 2000 13:53:23 +1100
Reply-To: iwar@egroups.com
Subject: [iwar] Fw: [cyberwar] Major cyber attack on U.S. systems may be inevitable
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
> From UPI,
> http://www.vny.com/cf/News/upidetail.cfm?QID=129221
> -
> Major cyber attack on U.S. systems may be inevitable
>
> Thursday, 19 October 2000 12:27 (ET)
>
> Major cyber attack on U.S. systems may be inevitable
> By MICHAEL KIRKLAND
>
> WASHINGTON, Oct. 19 (UPI) - A large-scale cyber attack against the
> "extraordinarily vulnerable" computer systems running the United States'
> vital infrastructure may be only a matter of time, senior government
> officials warn in interviews with United Press International.
>
> A concerted cyber assault by a well-organized terrorist group or hostile
> nation could be crippling to the country's economy and national security.
> Key pieces of U.S. infrastructure, such as telecommunications, the seven
> interlinked power grids, financial transactions, government, air traffic
> control and emergency services, rely on networked computers.
>
> Potentially hostile governments are developing "offensive" capabilities
> for use in cyber warfare.
>
> And a National Security Council official told UPI Thursday that the
> administration's request for cyber-security funding is still in jeopardy
as
> Congress winds down before the November election.
>
> Michael Vatis, director of the FBI's National Infrastructure Protection
> Center and the nation's top cyber-cop, warned that a large-scale assault
> would be fundamentally different from the hundreds of lesser attacks by
> individual hackers and criminal groups that occur each year.
>
> "We see (lesser attacks) every day," Vatis said. "...The only thing we
> haven't seen is a sophisticated attack by a terrorist group or information
> warfare" by a hostile government.
>
> But that situation is ripe for change, he said. "I think we clearly need
> to be prepared for more serious terrorist attacks against United States
> targets....It is only reasonable and prudent to prepare for a true cyber
> attack on information systems by terrorists."
>
> The national nightmare that would be caused by such a large-scale cyber
> assault is also a primary concern at the White House.
>
> The NSC is proposing a $138.5 million budget for cyber security, but huge
> chunks of it are stalled in Congress. In the House, committees has so far
> approved slightly more than $15 million; in the Senate, about $40 million.
>
> A senior administration official in the cyber arena, speaking on
> background, warned, "Very bad things happening to major corporations is a
> very real scenario for the future."
>
> However, "rather than the electronic Pearl Harbor," the official said he
> believed "the future is going to be much more one of the cyber Exxon
> Valdez," with residual damage spreading out from the initial
contamination.
>
> The official said a combination attack may be likely, with terrorists
> exploding a bomb and launching a cyber assault against 911 services and
> police communications at the same time.
>
> Another fertile area for terrorist groups is manipulation of financial
> transactions, "a win-win situation for the bad guys," the official said.
"If
> I'm successful in doing that, I make a lot of money for my cause," he
added,
> but if the manipulation is detected, it shakes confidence in the financial
> market.
>
> The United States infrastructure can be penetrated. "We are
> extraordinarily vulnerable," the senior official said, because of the
> dependence on networked systems and the rapid growth of e-commerce and
> business-to-business networks.
>
> "The Internet and most software and operating systems were never created
> with security in mind," he said. Though the Internet "has a sort of
> resiliency" because of its decentralized nature, there are "some real
points
> of vulnerability" at domain servers and critical nodes. And the
battleground
> is changing with the explosive growth of the Internet, the official
argued.
> "What is new is the fact that we are beginning to see some very real and
> very serious threats out there to the security of our cyber networks."
>
> Some of the threats involve outright warfare.
>
> "There are a number of nation states that are investing resources in
> offensive cyber capabilities," the senior administration official said.
The
> Chinese have "been very explicit in some of their military papers...about
> cyber attacks on the (U.S.) banking system as part of some future
conflict,"
> he said.
>
> The Russian and Indian governments are also developing offensive
> capabilities - as well as the United States. "We know what they can do
> because we have some sense of what we can do," the official said.
>
> The new threat presents a unique challenge to national security, he
added:
> No. 1, "government and the traditional security establishment can't
address
> this issue by themselves. It does require cooperation with the private
> sector." And No. 2, mounting a cyber attack "requires very little
resources
> and intellectual know-how."
>
> The official points to the 2,500 hacker Web sites on the Internet, many
of
> them with "user-friendly, Windows style, point-and-click intrusion
> software."
>
> NIPC's Vatis also believes U.S. infrastructure is vulnerable. "I think
> we've seen the vulnerability demonstrated time and again over the last
year"
> with viruses, denial of service attacks and intrusions aimed at stealing
> data or money, or intrusions that corrupt a system.
>
> "We have not seen an instance of information warfare by a foreign
> country," Vatis said, "...but we are seeing many countries developing the
> capability....Some of them have the U.S. as their main target."
>
> The National Infrastructure Protection Center is located inside FBI
> headquarters in Washington, and mostly staffed by the bureau. But the
center
> also includes representatives of other U.S. departments, all the
> intelligence agencies and the private sector, and FBI agents across the
> nation and the world.
>
> "Our role is not to harden the targets" of a potential cyber attack in
the
> public or private sector, Vatis said. "That is really the role of the
owners
> of those targets." That is why the partnership of government "with the
> private sector is a vital part of our mission....Our role is to provide
> warning and advisements and assessments so the owners of those systems can
> secure" their own networks with software firewalls and other measures.
>
> Awareness of the problem among the owners of potential targets "has risen
> greatly, but it's still not good enough," he said.
>
> If and when the attack is launched, how will it arrive?
>
> Vatis believes such a large-scale cyber assault "could come in variety of
> forms. Attackers can disguise their point of origin. They can make it look
> like it's coming from inside the U.S., or from a foreign country."
>
> The attack could come in as a distributed denial of service, or DDOS,
> attack. Controllers implant hidden "daemons" or "packets" in innocent
> third-party computer systems called "zombies," then launch the packets at
> the target simultaneously from literally hundreds of zombies. "Or it could
> take the form of a malicious and very destructive virus that spreads in a
> matter of hours and overloads systems," Vatis said.
>
> Frank Cilluffo is senior policy analyst and director of the task force on
> information at the Washington-based Center for Strategic and International
> Studies.
>
> The vulnerabilities of the electronic infrastructure "are close to
> endless," Cilluffo said. "...This may be one means of leveling the playing
> field" for a hostile nation wanting to strike at the U.S. superpower.
>
> The intent to harm the United States exists, as does the capability to do
> so in the cyber world, he added. "But what we have not seen, fortunately,
is
> the intent married up with the capability."
>
> Cilluffo also warns that situation is changing.
>
> "To me that's a matter of time, unless we take steps now" to improve
cyber
> security and "manage the consequences" of a serious cyber attack, he said.
> "I think we have some breathing space, but there's a compelling case for
> doing something now."
>
> He gives some credit to the Clinton administration. "They've recognized a
> major gap" in the nation's security, "and they've taken some pro-active
> measures," Cilluffo said. "Still...I think they've been long on nouns,
short
> on verbs. Long on talk, short on action. But it's easy to point fingers."
>
> While the government needs to get its own cyber security house in order,
> he said, "the real answer lies in the private sector that owns over 90
> percent of the infrastructure."
>
> The government needs to lead by example and form a true private sector
> partnership, Cilluffo contended, particularly in the computer science and
> software world. The policy planning table "needs to be expanded where the
> wingtip here in Washington meets the sandal out in California...That gap
> must be bridged."
>
> The problem must be approached "holistically" with a true national
> strategy, Cilluffo insisted, including a presidential assistant in the
next
> administration who would be focused on the issue.
> --
> Copyright 2000 by United Press International.
> All rights reserved.
> --
>
-------------------------- eGroups Sponsor -------------------------~-~>
Get FREE long-distance phone calls on Tellme!
Dial 1-800-555-TELL, say "Phone Booth"
http://click.egroups.com/1/9816/14/_/595019/_/972010411/
---------------------------------------------------------------------_->
------------------
http://all.net/