cyberterrorism

[tigerwolf]

Cyberterrorism: Get ready to become a hard target
David Coursey,
Executive Editor, AnchorDesk
Thursday, February 21, 2002

During the next few years, heightened security will change the Internet, and the office network on which many of you work. In fact, you'll probably see changes first at the office as companies try to "harden" their information assets against a wide variety of threats.

Some of these efforts will be successful, some will be laughable, and most will tick you off. Many of you will come to see security as getting in the way of convenience. Since many companies will be tightening security on a learn-as-you-go basis, you and your colleagues will often have a point.

Here are some things you need to be thinking about as the great network lockdown of 2002 gets into full swing.




Most companies don't spend as much money on protecting their data as they do on coffee for employees. That's according to Richard Clarke, the White House special advisor on cybersecurity issues. He told an audience this week at the RSA Security Conference that less than 0.0025 percent of corporate revenue is spent on corporate information-technology protection.

It's not just the Internet and your company's data networks that aren't secure. Experts point out that most of the nation's critical infrastructure--the power grid, voice networks, and water supplies--are vulnerable. You'll find computers at the heart of all these systems, too. Terrorists have a wide range of technology targets, not all of them in cyberspace.

Our adversaries, be they run-of-the-mill hackers or devoted members of terrorist cells, have the same training and much the same access to technology as we do. "Our future enemies understand our technology at least as well as we do," Clarke said.

Cyberterrorists could launch an attack from anywhere, potentially framing someone else for their evildoing. Imagine what would happen if hackers in Iran left a trail that seemed to end in Iraq. It's not hard to imagine such a provocation resulting in another round of cruise missiles over Baghdad, especially given President Bush's recent "axis of evil" declarations, is it?

If a cyberwar erupts, would we necessarily know? Simply crashing a system for seemingly natural reasons could cause enough disruption to achieve an enemy's aims. On the other hand, a coordinated series of attacks against highly visible targets--such as financial systems--could threaten chaos on a near-global scale.
So what do we do?


Let's avoid the tendency to throw up our hands. Yes, there are so many potential targets and means for an enemy to do us harm--information warfare is just a tiny part of this catalog--that we can't possibly protect everything. But by making it tougher to succeed, we can reduce the number of potential adversaries and, perhaps, make their work against us easier to defeat.

The real threat to most businesses are not cyberterrorists. Instead, the more likely danger lies in the more mundane hacking attempts made every day over the Internet or perhaps internally by unhappy employees. And don't forget: The biggest loss of data is still caused by accidents of one kind or another.

We need to spend money. The success of the Internet makes it attractive to what Superman called "the forces of evil" in their many forms. Clarke said most companies spend so little money on security they "deserve to be hacked." I am not sure anyone deserves to be the victim of crime, but his point--we know the threat exists, so we have a responsibility to protect ourselves--remains valid.

We should be accepting of the changes that enhanced security is going to bring. But we need to be aware that more security doesn't necessarily go hand-in-glove with a loss of personal freedom or privacy. Some companies will, however, use security concerns as an excuse to gather more information than they need, to the detriment of privacy.
Here's the kicker, though. Despite more emphasis on security in all quarters, we may still be steaming straight into harm's way. In fact, I have deep concerns that security issues will never be solved. Then again, I can't help but wonder whether our anxieties over cyberterrorism are just as overblown as they were over the Cold War's missile gap.

But I'll address this bipolar future more in Friday's column.

http://www.zdnet.com/anchordesk/stories/story/0,10738,2849172,00.html

[d4n13l]

What I find funny, is that you can walk into buildings that house essential transatlantic connections without undergoing security checks. Any fool could walk in with a bomb; anybody that wanted to really disrupt the Internet would more than likely target such buildings with simple bombs. Forget about Logic Bombs. Imagine if there were no transatlantic links (or serverly limited), this would only involve the bombing of a handfull of buildings.

[bigmicka]

pull the plug and lock your doors. easy enough.

[devinemi83]

This is a theorey I have been thinking of for a while and especially since sept 11. An attack of the cyber infrastructure of america would be very difficult but also very dangerous if executed properly. There are ways in which we can protect oursleves and the country.
Alot of ideas are huge denial of service attacks that would collapse networks country wide. Examples are things such as code red, I believe it slowed down the internet by 30% at its peak. Now if something like it could infect regular computers and servers just like code red, we would face a huge incident. imagine all computers making thousands of DOS attacks every minute!

Only through the use of virus scanners and firewalls can these types of threats be stopped or slowed.

The idea of cyberterrorists waging their own private war on the US would probably fail unless they were exceptionally gifted, but none the less the threat still remains.

[alucard2050]

i remember a time when there was no internet, cell phones, and pagers were as big as a shoebox(though somewhat exaggerated). what the hell were we all doing back in those days???? i think that a terrorist attack could slow some things down but to reach global proportions would be immpossible. as long as there is the internet somewhere, then whatever is slowed down by an attack can catch back up..........

[pacmania_2001]

http://popularmechanics.com/science/military/2001/9/e-bomb/index.phtml

This is the easiest way to target infarstructure.

[zzyzzx]

What I find funny, is that you can walk into buildings that house essential transatlantic connections without undergoing security checks. Any fool could walk in with a bomb; anybody that wanted to really disrupt the Internet would more than likely target such buildings with simple bombs. Forget about Logic Bombs. Imagine if there were no transatlantic links (or serverly limited), this would only involve the bombing of a handfull of buildings.

Exactly how is this bomber going to disrupt satellite transatlantic connections? I seriously doubts that cables are used anymore.

[d4n13l]

I believe that a big majority of transatlantic links are still under the Atlantic. Regular old cables. There is a building here in the UK, I forgot the name of it but I will try to find it out, that is one of the main nodes for transatlantic links. I read an article in a magazine recently, where the journalist managed to get a full tour of the building without any security checks. It was made pretty clear in the article that if that building were to be bombed, then transatlantic links would be in a world of hurt.

I will try to find the article and then report back some details.

[bigmicka]

you would be suprised at how much we actually rely on underwater cables, In Australia we have two-three major connections to the outside world. We have two trans pacific cables and one that goes into south east asia. The Trans pacific go to San Francisco and another city in the US (can't remember of my head) The San Francisco cable has a 2gb of bandwidth. the others are considerably smaller.

We have a few other Satelite connections out, but 90% of our traffic goes through those three lines.

mic