Return-Path: <sentto-279987-3836-1005442617-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sat, 10 Nov 2001 17:38:07 -0800 (PST) Received: (qmail 4318 invoked by uid 510); 11 Nov 2001 01:35:52 -0000 Received: from n27.groups.yahoo.com (216.115.96.77) by all.net with SMTP; 11 Nov 2001 01:35:52 -0000 X-eGroups-Return: sentto-279987-3836-1005442617-fc=all.net@returns.groups.yahoo.com Received: from [10.1.1.221] by n27.groups.yahoo.com with NNFMP; 11 Nov 2001 01:36:57 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 11 Nov 2001 01:36:56 -0000 Received: (qmail 98396 invoked from network); 11 Nov 2001 01:36:56 -0000 Received: from unknown (216.115.97.171) by m3.grp.snv.yahoo.com with QMQP; 11 Nov 2001 01:36:56 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3.grp.snv.yahoo.com with SMTP; 11 Nov 2001 01:36:55 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAB1bJB03013 for iwar@onelist.com; Sat, 10 Nov 2001 17:37:19 -0800 Message-Id: <200111110137.fAB1bJB03013@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 10 Nov 2001 17:37:19 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:The.cyber-terrorism.threat] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit The cyber-terrorism threat ; Transportation interests should be vigilant in protecting their sensitive online data By Helen Atkinson, Journal of Commerce - JoC Week, 11/8/2001 No URL available. In February 2000, just as the business world was breathing a sigh of relief about the limited impact of the Y2K problem, the websites of Amazon.com, CNN.com, Yahoo.com and others were crippled by a virus sent by a 15-year-old boy.While that attack was damaging to those affected, it would pale in comparison to the potential impact wrought by a more coordinated effort by cyber-terrorists. In the wake of Sept. 11, concern has been growing about the vulnerability of commercial computer systems to cyber-terrorism. Could confidential carrier rates fall into the wrong hands? Could cargo-tracking grind to a halt because of a cyber attack? While such questions were asked of logistics technology companies prior to Sept. 11, it is critical that shippers, carriers and logistics company executives ask them -- and other penetrating questions -- again. John Urban, chief executive of GT Nexus in Alameda, Calif., said his company is answering questions about security from increasingly senior executives at current and potential customers. "The people on the business side of our customers are asking more questions and are more concerned than they used to be," he said. "The IT departments were always on the ball with this. Now the security discussion is happening earlier because the business side wants to know about it." Joe Duffy, lead security and technology partner at PriceWaterhouseCoopers, said executives should not be afraid to ask questions. But what are some of the questions that should be raised? First, he said, transportation interests should look inward. "Do you have the trip wires in place? Would you even know if your security has been breached?" he asked. "It's not like burglary, with broken windows. Hackers tend to go low and slow through the networks." Duffy said network firewalls serve a purpose -- up to a point. But most companies tend to open the firewall up as soon as they have a problem, exposing themselves to deeper trouble. For those subscribing to a portal such as GT Nexus, Inttra or Cargo-Smart, Duffy suggests other questions: "You have to ask them questions about monitoring activity." Duffy said few web-based service providers have data-collection devices that pick up abnormal activity. "And even if they do, it's often too much volume of data to sift through. A good chunk of it is just 'noise.' The trick is to separate the attack from the noise." Experts also suggest that executives learn about technology issues surrounding security, rather than leaving it up to service providers or the internal IT department. Reading is a good idea. One of the latest, plain-English books addressing the issue is "Security Transformation: Digital Defense Strategies to Protect Your Company's Reputation & Market Share." The book, authored by Mary McCarthy, e-business and financial management adviser at consulting firm KPMG, and Stuart Campbell, who heads KPMG's information risk-management practice, was published this year by McGraw Hill. It includes a section called "The Underpinnings," which offers a "technical framework for understanding security issues." "Has any company ever simply plugged in a computer, installed some applications, and ended up with a tailored solution to a business or operations requirement?" the book asks. "There are no off-the-rack security solutions." Harry Sangree, solutions center manager for Inttra in Parsippany, N.J., said the ocean carrier founders of the web portal company "had security as one of the most important things from the beginning." Inttra, along with consulting firm AT Kearney and IBM "spent a lot of time to figure out how to make security not be an issue," he said. IBM and its technical consulting arm, IBM Global Services, continue to inform Inttra about new viruses and tools to combat threats. GT Nexus has a similar arrangement with its technical partners, such as Verisign. But the bottom line is that part of the responsibility inevitably rests with the user -- carrier, shipper, logistics provider -- of these services. John Pescatore, security analyst at Gartner Group, advises that companies stay on top of which staff are allowed access to which level of information security, and to be vigilant about who has left and who has joined the network. He said, "The risk of cyber-attacks has increased, but securing Internet-exposed applications costs three to five times more than securing equivalent internal applications." ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST