Cyberspace full of terror targets

[InfoSec News <isn () c4i org>]

Forwarded from: Bob <bob () globaldevelopment org>

http://www.usatoday.com/life/cyber/tech/2002/05/06/cyber-terror.htm

Cyberspace full of terror targets
By Tom Squitieri, USA TODAY
5/5/02

WASHINGTON - Government and private computer networks are facing new
threats of terrorist attacks, ranging from an attempt to bring havoc
to a major city to nationwide disruptions of finances, transportation
and utilities. But people with knowledge of national intelligence
briefings say little has been done to protect against a cyberattack.

Some of the threats come from individuals who might have connections
to Osama bin Laden's al-Qaeda network in Pakistan and elsewhere, those
who have been briefed say.

The specific threats, in part, prompted a meeting April 18 of
government intelligence and information-technology officials to
discuss protecting the nation's computer networks.

"This threat is growing," Sen. Jon Kyl, R-Ariz., says. "It's a big
threat, because it is easy to do and can cause great harm."

Congress is trying to reduce the threat. Legislation has been proposed
to create a national "cybersecurity defense team" to identify areas
most vulnerable to attack and determine how to reduce the danger.

Other legislation would make it easier for companies to share
information without being subject to antitrust or
freedom-of-information laws. Such communication could alert the
government to a terrorist attack, as opposed to more common cases of
computer hackers targeting a company or agency. It could also help
companies defend against attacks.

The vast array of potential targets and the lack of adequate
safeguards have made addressing the threat daunting. Among the recent
targets that terrorists have discussed, according to people with
knowledge of intelligence briefings:

* The Centers for Disease Control and Prevention, based in Atlanta. It
is charged with developing the nation's response to potential attacks
involving biological warfare.

* The nation's financial network, which could shut down the flow of
banking data. The attack would focus on the FedWire, the
money-movement clearing system maintained by the Federal Reserve
Board.

* Computer systems that operate water-treatment plants, which could
contaminate water supplies.

* Computer networks that run electrical grids and dams.

* As many targets as possible in a major city. Los Angeles and San
Francisco have been mentioned by terrorists, intelligence officials
say.

* Facilities that control the flow of information over the Internet.
Richard Clarke, the White House special adviser on cybersecurity, says
such sites, of which there are 20 to 25, are "only secure in their
obscurity."  The nation's communications network, including telephone
and 911 call centers.

* Air traffic control, rail and public transportation systems.

Officials are most concerned that a cyberattack could be coupled with
a conventional terrorist attack, such as those on Sept. 11, and hinder
rescue efforts.

"Cyberterrorism presents a real and growing threat to American
security," says Rep. Jane Harman, D-Calif., top Democrat on the House
Intelligence Committee's panel on terrorism and homeland security.
"What I fear is the combination of a cyberattack coordinated with more
traditional terrorism, undermining our ability to respond to an attack
when lives are in danger."

The Bush administration is seeking about $4.5 billion in its 2003
budget request to protect federal computer systems. That's about 8% of
its information technology budget.

Clarke warned lawmakers earlier this year that the threat of a
cyberattack was greater than previously imagined. He says it could
take three or four years to markedly improve the government's ability
to prevent such attacks.

Long before Sept. 11, officials warned of the nation's vulnerability
to cyberattack. The Pentagon and many large companies have experienced
limited attacks. Hackers calling themselves the "Deceptive Duo"
recently infiltrated Pentagon computers and left a message indicating
that the attacks were made to show "how sad our cyber-security really
is."

In 2001, cyberattacks caused $12 billion in damage and economic
losses.

Such attacks were successful in penetrating security systems at an
airport in Massachusetts and a dam in Arizona, causing shutdowns of
both facilities but no loss of lives or long-term damage.

"The principal myth that you will hear is that nobody can actually
change the operation of a physical system through computers," says
Alan Paller, director of the System Administration, Networking and
Security Institute, which teaches people how to protect computer
systems. "There have been people who have already demonstrated how
that can be done."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.