Return-Path: <sentto-279987-3083-1003379641-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 17 Oct 2001 21:36:10 -0700 (PDT) Received: (qmail 26472 invoked by uid 510); 18 Oct 2001 04:33:41 -0000 Received: from n16.groups.yahoo.com (216.115.96.66) by 204.181.12.215 with SMTP; 18 Oct 2001 04:33:41 -0000 X-eGroups-Return: sentto-279987-3083-1003379641-fc=all.net@returns.onelist.com Received: from [10.1.1.222] by n16.groups.yahoo.com with NNFMP; 18 Oct 2001 04:33:59 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 18 Oct 2001 04:34:01 -0000 Received: (qmail 11539 invoked from network); 18 Oct 2001 04:34:01 -0000 Received: from unknown (10.1.10.26) by 10.1.1.222 with QMQP; 18 Oct 2001 04:34:01 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 18 Oct 2001 04:34:01 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id VAA07248 for iwar@onelist.com; Wed, 17 Oct 2001 21:34:01 -0700 Message-Id: <200110180434.VAA07248@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 17 Oct 2001 21:34:01 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Analysts:.Insiders.may.pose.security.threat:.Employees.with.access.to.IT] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Analysts: Insiders may pose security threat: Employees with access to IT systems may have opportunity to create havoc By Dan Verton, ComputerWorld, 10/17/2001 <a href="http://www.computerworld.com/storyba/0,4125,NAV47_STO64774,00.html?OpenDocument&~f">http://www.computerworld.com/storyba/0,4125,NAV47_STO64774,00.html?OpenDocument&~f> As intelligence and security officials sift through mountains of intelligence data about new terrorist threats in the wake of U.S. retaliatory strikes against terrorist targets in Afghanistan, cybersecurity experts are urging companies to change the way they think about enterprise security. The Sept. 11 attacks on the U.S. had little impact on critical government and business networks. But any future attacks against U.S. companies, which own and operate most of the nation's critical infrastructure systems, may be different. And company insiders - employees with access to IT systems - pose a particular threat, security experts warn. "Everyone's security policies will have to be re-examined in light of Sept. 11," said Steven Aftergood, a defense and intelligence analyst at the Federation of American Scientists in Washington. "Scenarios that might have seemed improbable and far-fetched will need to be reconsidered," he said. "Background investigations of key personnel may be a part of the response." As U.S. retaliatory actions continue, the government is worried about a wide range of possible future threats to private infrastructure from individuals who may already be in this country legally, said Vince Cannistraro, former chief of counterintelligence at the CIA. "The FBI believes there is a significant threat to infrastructure in the U.S., especially since they have been unsuccessful in identifying and locating presumed members of at least two five-person cells that remain at large," he said. The government's concern stems from the lack of information on the number of terrorist support cells and sympathizers who may have entered the U.S. during the past five years. Over the course of its investigation, the FBI has detained 614 people and recently narrowed its focus to 220 of them. But terrorism experts claim that there may be many others who aren't on anyone's radar screen. A Blind Eye Winn Schwartau, an information warfare specialist and president of Interpact Inc. in Seminole, Fla., said companies and government agencies, particularly the U.S. Department of Defense (DOD), have in the past turned a blind eye toward the number of foreign nationals who have been granted administrative access to sensitive networks without a proper background investigation. Schwartau has briefed corporate CEOs and senior generals at the Pentagon about the problem, but most have been unwilling to tackle the issue because of political sensitivities, he said. The problem in government has been compounded by software glitches in the system used by the Defense Investigative Service to manage security clearance investigations. The software problems last year caused a logjam of 600,000 pending investigations. The number of pending cases as of Oct. 5 was 262,000, involving both civilian and military personnel, a DOD spokesman said last week. The department expects to eliminate the backlog by next September, he said. Nonetheless, security experts agreed that the internal threat is real. Disgruntled employees and other insiders with legitimate access to critical business networks accounted for more than 80% of the cyberattacks against companies last year, according to a survey conducted by the FBI and the San Francisco-based Computer Security Institute. Jim Williams, director of security solutions at Solutionary Inc., a managed security services firm in Omaha, said that it's important that companies train and educate their employees about the rules governing network access. Since Sept. 11, awareness has increased, as have efforts to beef up building security, said Williams, who has also served as a member of the FBI's San Francisco Computer Crime Squad. "There's a realization under way that you can't have network security without physical security," said Williams. You have to know that the people coming into your company are supposed to be there and are authorized to be on your network, he said. ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:55 PST