Return-Path: <sentto-279987-4851-1024547624-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 19 Jun 2002 21:35:10 -0700 (PDT) Received: (qmail 11011 invoked by uid 510); 20 Jun 2002 04:33:46 -0000 Received: from n15.grp.scd.yahoo.com (66.218.66.70) by all.net with SMTP; 20 Jun 2002 04:33:46 -0000 X-eGroups-Return: sentto-279987-4851-1024547624-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.198] by n15.grp.scd.yahoo.com with NNFMP; 20 Jun 2002 04:33:45 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_3_2); 20 Jun 2002 04:33:44 -0000 Received: (qmail 13483 invoked from network); 20 Jun 2002 04:33:44 -0000 Received: from unknown (66.218.66.217) by m5.grp.scd.yahoo.com with QMQP; 20 Jun 2002 04:33:44 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta2.grp.scd.yahoo.com with SMTP; 20 Jun 2002 04:33:44 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g5K4YOm13022 for iwar@onelist.com; Wed, 19 Jun 2002 21:34:24 -0700 Message-Id: <200206200434.g5K4YOm13022@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 19 Jun 2002 21:34:24 -0700 (PDT) Subject: [iwar] [fc:Survey:.Cyberterror.threat.ignored] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=3.2 required=5.0 tests=RISK_FREE,FREE_MONEY,DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: *** Survey: Cyberterror threat ignored Silicon Valley firms not taking adequate precautions By Robert Mullins and Andrew F. Hamm SAN JOSE BUSINESS JOURNAL <a href="http://www.msnbc.com/news/768339.asp">http://www.msnbc.com/news/768339.asp> SAN JOSE, Calif., June 17 Headlines about the arrest of a man suspected of plotting to attack the United States with a ³dirty² radioactive bomb reinforces the point that terrorist attacks can take many forms. Attacks on computer networks are one such form. But businesses, while aware of the risk, are slow to pay money or attention to cybersecurity, a new report shows. IN MANY CASES, the down economy has cut into their information technology budgets to address the problem. Even if security gets more favorable treatment than other IT areas in budgeting, companies may still be underestimating the threat at their peril. ³The number of cyberattacks on businesses has doubled since Sept. 11,² says Bill Rohde, president of the global technology group for St. Paul Cos., a property and liability insurance company. Cyberattacks could include a hacker stealing customersı credit card information, defacing a corporate Web site, or spreading a virus that could disrupt a companyıs business. In theory, a cyberattack could go so far as to cripple a nuclear power plant, interrupt transportation systems or steal information critical to national security. A St. Paul survey of more than 500 company risk managers and IT heads questions Internet-related and software-related companiesı commitment to cybersecurity. The survey released June 12 in San Francisco says companies donıt plan well enough to assess cybersecurity risks or work to protect against those risks. Cyberattacks are just as big a threat as the dirty bomb or other physical attacks, says William Martel, a professor of national security at the Naval War College in Newport, R.I. ³When we went through Y2K, it became only too apparent how dependent our society has become on technology,² Mr. Martel says. ³Weıve seen quotes about al-Qaida wanting to hit us where we hurt. No one in or out of our government has ruled out al-Qaida using technology.² In fact, groups of all stripes have launched cyberattacks to send political messages, says Eric Friedberg, managing director of Stroz Associates LLC, a New York City cybersecurity consulting firm. Groups including animal rights activists, anti-abortion advocates and Chinese Communists have defaced Web sites or clogged the Internet to block traffic, Mr. Friedberg says. In the Middle East, groups representing Israel, the Palestine Liberation Organization, or Arabs frequently deface one anotherıs Web sites or attack one anotherıs networks. Al-Qaida is not the only source of cyberthreats we should worry about, Mr. Friedberg says. ³Itıs a politically motivated attack meant to attack or destroy a target system and itıs carried out through electronic means,² he says. MORE SPENDING NEEDED The St. Paul survey shows many company CEOs and risk managers falsely assume that the problem has been taken care of at their companies, Mr. Rohde says. And whether or not they understand the risk, some businesses fail to fully fund cybersecurity programs. ³Businesses really need to pick it up in terms of their spending on security,² says Arthur Wong, chief executive officer of SecurityFocus Inc., a network security company in San Mateo. SecurityFocus monitors clientsı computer networks and warns them about potential hacker or virus threats. Are the clients spending enough on the problem? ³If youıre talking about technology, and if you ask Are we ready for the next attack?ı in general, the answer is definitely no,² says Mr. Wong. This seeming indifference to cybersecurity in the private sector contrasts with increased attention in the public sector. President George W. Bushıs proposal for a new Cabinet-level Department of Homeland Security, announced June 6, includes a cyberterrorism component. The National Infrastructure Protection Center, a department within the FBI that monitors the Internet for potential attacks, would be brought into this new department. A reorganization of the FBI, proposed by Director Robert Mueller on May 30, would create a cybercrime division. In California, security has been increased at nuclear power plants, water treatment facilities and transportation links such as the Golden Gate Bridge. But increased government vigilance is no replacement for business vigilance, says Stroz Associatesı Mr. Friedberg. Stroz Associates plans to participate in a cyberterrorism forum in the Bay Area this fall. ³The greater responsibility lies with the private sector,² he says. ³The critical infrastructure that makes business function, which if disrupted would cause business interruption, lies in the private sectorıs hands.² THREAT WILL ONLY GROW The threat of cyberterrorism increases as the sophistication of the attackers increase, St. Paulıs Mr. Rohde says. ³There is a new, emerging professional out there the professional hacker who makes his living attacking computer systems,² he says. Along with this new professional is a higher degree of cyber-weaponry. The risk of viruses or worms (computer intruders that can take over and disable whole networks of machines) grows as computer networks expand and software becomes more complex and therefore more vulnerable, says SecurityFocusıs Mr. Wong. So far this year, an average of 50 new computer software vulnerabilities have been discovered each week, up from 35 a week last year and 20 a week in 2000. But even businesses aware of the risks have to balance cyberattack possibilities with budget realities. OıSheaıs Computer Consultants has recently seen clients consider investing in strong, expensive security technology to protect their networks, but then pull back and go with a less costly, less secure option, says Timothy OıShea, chief executive officer of the San Mateo consulting firm. ³They have not actually felt the wrath of a cyberattack, so they havenıt felt the need,² Mr. OıShea says. ³Security is a state of mind.² Copyright 2002 American City Business Journals Inc. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Free $5 Love Reading Risk Free! http://us.click.yahoo.com/3PCXaC/PfREAA/Ey.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT