U.S. attack: Companies warned about possible cyberattacks

[InfoSec News <isn () c4i org>]

http://www.infoworld.com/articles/hn/xml/01/09/12/010912hncyber.xml

By Dan Verton And And Bob Brewin, Computerworld 
September 12, 2001 4:06 am PT

WASHINGTON -- GOVERNMENT and private-sector security experts fear that
Tuesday's attacks against the World Trade Center and the Pentagon are
only the beginning of a wave of assaults that could include
cyberterrorism.

Officials at the FBI's National Infrastructure Protection Center
(NIPC), located at FBI headquarters here, were gathering for an
emergency meeting to collect and analyze all available
cyberintelligence information, said Navy Rear Adm. James Plehal, the
deputy director of the NIPC. Details of the meeting aren't yet
available.

Meanwhile, Marv Langston, former deputy CIO at the Defense Department,
viewed Tuesday's terrorist attacks as an act of war and warned that
they could be followed by a series of cyberattacks. Langston said the
United States needs to prepare itself for what he described as an
"electronic Pearl Harbor."

Air Force Lt. Gen. Retired Al Edmonds, now head of the Electronic Data
Systems federal division, said "I would suspect a cyberattack could be
next, and that would be absolutely paralyzing."

In the 1990s, the Pentagon produced a series of studies that showed
that a cyber attack on computer and communication systems could
cripple the United States as severely as a physical attack. Such an
attack could shut down water systems, power plants, railroads,
airports, and oil and gas pipelines, all of which run on computer and
communications systems. Each system is usually controlled by a
central, vulnerable location.

But Jeff Moss, president and CEO of Black Hat Briefings, a security
consulting firm in Seattle, said he hasn't discovered a cyber
component to Tuesday's attacks.

"People are watching their logs, but from what I can tell nobody has
seen anything yet," said Moss, who is the founder of the annual Def
Con hacker conference.

"Today will be security review day for a lot of places," Moss said.

Meanwhile, Atlanta-based Internet Security Systems (ISS), which
operates the IT sector's Information Sharing and Analysis Center
(ISAC), has placed its operations center on what it calls AlertCon 3
(the highest is AlertCon 4), "in order to focus IT security efforts on
the potential for (and defense against) an Internet component to these
attacks." The ISAC works in cooperation with the FBI and the NIPC in
sharing information about cyberthreats.

"Our monitored networks do not show any unusual activity at this time,
but our [Security Operations Centers] are at a heightened state of
alert as we watch for any indications that e-commerce is also being
targeted," an ISS spokesman said. The financial district around Wall
Street in lower Manhattan was closed down.

"This is a time to partner all security assets on what is most
important to your enterprise," the ISS threat assessment states.
"While physical security concerns are paramount, it is essential to
keep some eyes on the networks focused on malicious activity. We can
expect a significant increase in disaster-recovery activity -- plans
being activated, dusted off, etc. No doubt the [disaster-recovery]
industry will be sorely stressed at this point, and it would behoove
staffs to consider security as a move to alternate sites is
contemplated or enacted."

The major question being asked by some experts is how such a
large-scale, coordinated attack could have been accomplished without
security officials being tipped off through cyber or communications
intelligence. Most experts acknowledge, however, that there are only a
handful of terrorist organizations in the world capable of conducting
such an operation in secret. And they likely used nontechnical means
of communications that would have allowed them to escape U.S.
intelligence IT surveillance operations.

John Garber, vice president of Cryptec Secure Communications in
Chantilly, Va., and a former National Security Agency official, said
the capabilities of the U.S. intelligence community are "fairly well
known" by the terrorist organizations that are suspects in this series
of attacks.

"They do an awful lot of communications through messengers and
nondigital methods," Garber said. "It's not like them to be walking
around talking on telephones. This doesn't strike me as a signals
intelligence failure as much as a failure of national [agency]
coordination," he said.

"This is a large and extremely well-coordinated attack. In spite of
our best efforts to coordinate intelligence collection on terrorists,
this is a massive failure of national cooperation," said Garber, who
was in downtown Washington when the Pentagon was attacked. "I can't
believe there were no indications."

Edmonds, who ran the Defense Information Systems agency, which
operates the Pentagon's global networks and has a key role in the
Defense Department's cberdefense, said that anyone running an
enterprise network today needs to be extremely vigilant against
cyberattacks.

Edmonds said cyber and physical security concerns have increased such
an extent that a number of federal agencies located in Washington have
already started to activate plans to move to alternative locations.


 

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.