Heading off Cyber-geddon

[InfoSec News <isn () C4I ORG>]

http://triblive.com/business/bcyb0725.html

July 25, 2000

By: Paul Beebe
TRIBUNE-REVIEW

A hacker breaks into the computers at the Worcester, Mass., airport
control tower.

Someone shuts down Miami's 911 emergency phone system.

A computer virus spreads across the globe, causing $4 billion in
damage - in one day.

Sound far-fetched? Each incident actually happened.

Bad as they were, these horror stories one day may pale in comparison
to the next bout of mischief awaiting the Internet.

Unless protective steps are taken, what's ahead may be an electronic
Pearl Harbor, a digital Exxon Valdez so devastating that entire
nations are brought to their knees, say participants gathered Monday
at Carnegie Mellon University for the first-ever summit on
cyber-security.

"We are in a new age," said David McCurdy, president of the Electronic
Industries Association. "We know the benefits of (the Internet). Now
it's critical that this technology not only be robust, but
survivable."

Three years ago, a band of hackers, working for the U.S. intelligence
community, set about to discover what damage they could do to the
economic and military infrastructure of the United States.

Their success was astounding, said Sen. Rick Santorum, the keynote
speaker at the two-day security summit, which ends today.

Hackers figured out how to shut down the power grid and telephone
systems in 12 American cities, including Washington.

They also invaded the U.S. military's command and control system,
raising the possibility that in an actual attack, the country's
defenses could be breached.

"On a scale of one to 10, it's a 10," Santorum said of his level of
concern about the lack of U.S. readiness to fight cyber-terrorism.

Santorum's message: Enemies of the United States have figured out that
terrorism is far more effective than conventional warfare. At least 20
countries are known to be developing tools to attack the country's
unprotected computer-based infrastructure.

During his remarks, Santorum announced $5 million in funding for a
"cyber-security institute" aimed at promoting the exchange between
industry and government of information and technology to battle
cyber-terrorism.

The House of Representatives has approved start-up funds for the
Institute for Defense Computer Security and Information Protection.
The Senate has yet to act.

The institute will act as a neutral third party to tackle the
reticence of private industry to share with government what it knows
about the extent of cyber-terrorism and what can be done to prevent
it.

Paul Toscano, a lawyer and chief executive officer of Salt Lake
City-based UserTrust Inc., said concerns about safeguarding the
integrity of the Internet are well-founded. But the concerns mask the
fact that legal tools already exist to solve most of the issues
affecting companies that want to do business in cyberspace.

Toscano said not-for-profit organizations could be established to set
up rules governing the transmission, use and storage of sensitive
information. The organizations also could be given authority to
enforce its rules.

"It could be a legal structure that mediates between the user's need
for privacy and a company's need to make money," Toscano said.

The summit brought together representatives of the Central
Intelligence Agency, the Energy and Defense departments, the National
Security Agency, the Air Force and Navy, the National Institute of
Standards and Technology, and other groups.

Their goal is to reach a consensus on how cyber-security research
should proceed during the next two decades. If they succeed, wireless
communication, the World Wide Web and the Internet, which was not
designed for security, would become a safe place to do business, store
information, even swap sensitive military secrets.

Speaker after speaker trooped to a podium at CMU's McConomy Auditorium
to repeat the message that computer and wireless-based communication
has become a critical component in the world economy. Already, 100
million machines are connected to the Internet. That number is
expected to grow to 2.5 billion in six years.

"For those of you who don't believe there is an Internet in your
future, resistance is futile," quipped Thomas Longstaff, a CMU
research scientist.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".