[iwar] [fc:Survey:.Cyberterror.threat.ignored]

From: Fred Cohen (fc@all.net)
Date: 2002-06-19 21:34:24
Next message: Fred Cohen: "[iwar] [NewsBits] NewsBits - 06/19/02 (fwd)"
Previous message: Fred Cohen: "[iwar] [fc:State.plans.to.give.pills.to.people.living.near.nuclear.plants]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200206200434.g5K4YOm13022@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Wed, 19 Jun 2002 21:34:24 -0700 (PDT)
Subject: [iwar] [fc:Survey:.Cyberterror.threat.ignored]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

Survey: Cyberterror threat ignored
Silicon Valley firms not taking adequate precautions
By Robert Mullins and Andrew F. Hamm
SAN JOSE BUSINESS JOURNAL

<a href="http://www.msnbc.com/news/768339.asp">http://www.msnbc.com/news/768339.asp>

SAN JOSE, Calif., June 17 ‹ Headlines about the arrest of a man suspected of
plotting to attack the United States with a ³dirty² radioactive bomb
reinforces the point that terrorist attacks can take many forms. Attacks on
computer networks are one such form. But businesses, while aware of the
risk, are slow to pay money or attention to cybersecurity, a new report
shows.
       IN MANY CASES, the down economy has cut into their information
technology budgets to address the problem. Even if security gets more
favorable treatment than other IT areas in budgeting, companies may still be
underestimating the threat ‹ at their peril.
       ³The number of cyberattacks on businesses has doubled since Sept.
11,² says Bill Rohde, president of the global technology group for St. Paul
Cos., a property and liability insurance company.
       Cyberattacks could include a hacker stealing customers¹ credit card
information, defacing a corporate Web site, or spreading a virus that could
disrupt a company¹s business. In theory, a cyberattack could go so far as to
cripple a nuclear power plant, interrupt transportation systems or steal
information critical to national security.
       A St. Paul survey of more than 500 company risk managers and IT heads
questions Internet-related and software-related companies¹ commitment to
cybersecurity. The survey ‹ released June 12 in San Francisco ‹ says
companies don¹t plan well enough to assess cybersecurity risks or work to
protect against those risks.
       Cyberattacks are just as big a threat as the dirty bomb or other
physical attacks, says William Martel, a professor of national security at
the Naval War College in Newport, R.I.
       ³When we went through Y2K, it became only too apparent how dependent
our society has become on technology,² Mr. Martel says. ³We¹ve seen quotes
about al-Qaida wanting to hit us where we hurt. No one in or out of our
government has ruled out al-Qaida using technology.²
       In fact, groups of all stripes have launched cyberattacks to send
political messages, says Eric Friedberg, managing director of Stroz
Associates LLC, a New York City cybersecurity consulting firm.
       Groups including animal rights activists, anti-abortion advocates and
Chinese Communists have defaced Web sites or clogged the Internet to block
traffic, Mr. Friedberg says. In the Middle East, groups representing Israel,
the Palestine Liberation Organization, or Arabs frequently deface one
another¹s Web sites or attack one another¹s networks.
       Al-Qaida is not the only source of cyberthreats we should worry
about, Mr. Friedberg says.
       ³It¹s a politically motivated attack meant to attack or destroy a
target system and it¹s carried out through electronic means,² he says.
       
MORE SPENDING NEEDED
       The St. Paul survey shows many company CEOs and risk managers falsely
assume that the problem has been taken care of at their companies, Mr. Rohde
says. And whether or not they understand the risk, some businesses fail to
fully fund cybersecurity programs.
       ³Businesses really need to pick it up in terms of their spending on
security,² says Arthur Wong, chief executive officer of SecurityFocus Inc.,
a network security company in San Mateo. SecurityFocus monitors clients¹
computer networks and warns them about potential hacker or virus threats.

       Are the clients spending enough on the problem?
       ³If you¹re talking about technology, and if you ask ŒAre we ready for
the next attack?¹ in general, the answer is definitely no,² says Mr. Wong.
       This seeming indifference to cybersecurity in the private sector
contrasts with increased attention in the public sector.
       President George W. Bush¹s proposal for a new Cabinet-level
Department of Homeland Security, announced June 6, includes a cyberterrorism
component. The National Infrastructure Protection Center, a department
within the FBI that monitors the Internet for potential attacks, would be
brought into this new department.
       A reorganization of the FBI, proposed by Director Robert Mueller on
May 30, would create a cybercrime division.
       In California, security has been increased at nuclear power plants,
water treatment facilities and transportation links such as the Golden Gate
Bridge. But increased government vigilance is no replacement for business
vigilance, says Stroz Associates¹ Mr. Friedberg. Stroz Associates plans to
participate in a cyberterrorism forum in the Bay Area this fall.
       ³The greater responsibility lies with the private sector,² he says.
³The critical infrastructure that makes business function, which if
disrupted would cause business interruption, lies in the private sector¹s
hands.²
       THREAT WILL ONLY GROW
       The threat of cyberterrorism increases as the sophistication of the
attackers increase, St. Paul¹s Mr. Rohde says.

       ³There is a new, emerging professional out there ‹ the professional
hacker ‹ who makes his living attacking computer systems,² he says. Along
with this new professional is a higher degree of cyber-weaponry.
       The risk of viruses or worms (computer intruders that can take over
and disable whole networks of machines) grows as computer networks expand
and software becomes more complex ‹ and therefore more vulnerable, says
SecurityFocus¹s Mr. Wong. So far this year, an average of 50 new computer
software vulnerabilities have been discovered each week, up from 35 a week
last year and 20 a week in 2000.
       But even businesses aware of the risks have to balance cyberattack
possibilities with budget realities.
       O¹Shea¹s Computer Consultants has recently seen clients consider
investing in strong, expensive security technology to protect their
networks, but then pull back and go with a less costly, less secure option,
says Timothy O¹Shea, chief executive officer of the San Mateo consulting
firm.
       ³They have not actually felt the wrath of a cyberattack, so they
haven¹t felt the need,² Mr. O¹Shea says. ³Security is a state of mind.²
       
       Copyright 2002 American City Business Journals Inc.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Free $5 Love Reading
Risk Free!
http://us.click.yahoo.com/3PCXaC/PfREAA/Ey.GAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [NewsBits] NewsBits - 06/19/02 (fwd)"
Previous message: Fred Cohen: "[iwar] [fc:State.plans.to.give.pills.to.people.living.near.nuclear.plants]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT