Corporate America now on front lines of war on terror

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.computerworld.com/securitytopics/security/story/0,10801,74041,00.html

By DAN VERTON 
SEPTEMBER 09, 2002

A year ago this week, America was attacked by a global enemy that has
demonstrated its determination to use any means at its disposal to
wreak havoc and fear, damage the economy and compel the nation to
withdraw from the international community.

In that regard, Sept. 11, 2001, will be remembered as a colossal
failure for international terrorism, say government and private-sector
security experts.

Rather than leaving the country in a state of stunned inaction, the
attacks triggered what many security experts say was long overdue: a
nationwide effort to bolster homeland security and critical
infrastructure protection - a concept that has placed private
companies on the front lines of national defense.

"It's never been done before," said Steve Cooper, CIO at the White
House's Office of Homeland Security, referring to the massive
integration effort now under way to help improve security information
sharing among government agencies and the hundreds of private
companies that own and operate 90% of the nation's critical systems.  
"We must do it, and we can do it," said Cooper, speaking Aug. 19 at a
government symposium on homeland security.

Perception Game

However, proponents of critical-infrastructure protection,
particularly in the area of cybersecurity, face many of the same
challenges that terrorism experts encountered prior to Sept. 11: Few
in the private sector perceive that there's an imminent threat to the
digital homeland, and fewer still acknowledge terrorists' ability to
and willingness to adapt their tactics to take advantage of America's
digital Achilles' heel - its information networks.

Every so-called critical infrastructure in the U.S., from
telecommunications to transportation, banking and energy, relies on
computers and computer networks, National Security Adviser Condoleezza
Rice said in March last year during her first major policy address on
the topic.

"Corrupt those networks, and you disrupt this nation," she said.  
"Today, the cybereconomy is the economy."

"The terrorists in the Sept. 11 event had the patience to plan [and]
the foresight and the understanding of the infrastructure that could
be used to simultaneously or sequentially disrupt the infrastructure
electronically," said Paula Scalingi, former director of critical
infrastructure protection at the U.S. Department of Energy. "That
could cause a major regional failure in this country. There's no
question that that's doable."

Game of Dominoes

The reality of the threat to the nation's critical infrastructure,
particularly in the areas of power, telecommunications and emergency
services, was demonstrated in June when the federal government
co-sponsored an exercise known as Blue Cascades. Dozens of government
and private-sector representatives from five U.S. states in the
Pacific Northwest and three Canadian provinces confronted the very
real potential for cascading infrastructure failures resulting from
combined physical and cyberterrorist incidents.

The results were chilling. Simulated terrorist attacks disrupted the
region's electric power grid, causing power outages that spread
quickly to other Western states and lasted for more than a week,
according to exercise coordinators. The exercise also included
simultaneous physical and cyberdisruptions of the region's
telecommunications and natural gas distribution systems, as well as a
threat to a major municipal water system and the region's ports.

Once the electric grid is disrupted, the other infrastructures that
businesses and government agencies rely on for their day-to-day
operations, including telecommunications, transportation, emergency
services, hospitals and law enforcement, begin to fall like dominoes,
according to the final report on the lessons learned from the
exercise.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.