Companies review their IT security as war breaks out

[InfoSec News <isn () c4i org>]

http://www.computerworld.com/securitytopics/security/story/0,10801,79622,00.html

By JAIKUMAR VIJAYAN 
MARCH 24, 2003
Computerworld 

Tom King, chief information security officer at investment banking
firm Lehman Bros., last week was taking a hard second look at his
company's IT security and business continuity plans.

As the countdown to war neared its end, King said he remained fairly
optimistic that the conflict wouldn't provoke major cyberattacks
against U.S. corporate targets. The review, he said, was a
precautionary move to ensure that the company's "high-value production
systems," network entry points and remote access processes are
adequately shielded against random attacks.

Last week, IT executives at companies contacted by Computerworld said
they were reviewing their security and disaster preparedness plans
even as they held out hope that disruptions would be minimal.

"If history is any guide, I don't expect any tremendous amount of
cyberterrorism being focused on us now," King said. "We just want to
make sure that we are not in any way vulnerable to casual or simple
attacks."

The biggest threat will come from "politically motivated, low-level
cyberattacks" aimed at "targets of opportunity," according to a report
released by Stamford, Conn.-based Gartner Inc. in February. Such
attacks will be designed to disrupt operations and vandalize Web sites
with political messages, the report stated.


Contingency Plans

Still, most U.S corporations aren't expecting a major business
disruption from the war in Iraq, though a majority of companies have
global IT contingency plans in place, according to the results of a
survey of 60 companies released last week by Boston-based AMR Research
Inc.

One such company is Betts USA Inc., a Florence, Ky.-based manufacturer
of tubes and injection-molded components with operations in several
countries, including Indonesia, India and China.

Like Lehman, Betts is going over its defenses with a fine-toothed
comb, making sure that its firewalls are properly configured, that
virus definitions and software patches are fully updated and that
proper tape backup processes are in place.

The company also has plans to get in touch with its hardware
distributor to make sure spare equipment is available if it's needed,
said Dennis Roell, IT manager at Betts. Physical security, facilities
access and disaster recovery processes are being reviewed at all
plants, and Betts is getting in touch with its Internet service
provider to review its security and contingency plans as well, Roell
said.

"It's all of the same stuff that went into the Y2k preparation," he
said. "We are just reaffirming everything we have done to make sure we
have indeed thought this through."

"In terms of IT security, we continue to focus on business continuity
for key systems and heightened vigilance for political hactivism,"  
said Bill Smathers, director of enterprise security services at Avnet
Inc., a $9 billion technology distributor in Tempe, Ariz., that has
customers in 63 countries.

"Physical security is the most immediate focus. Avnet has a limited
presence in the Middle East, and our highest priority would be the
safety of our employees within the military theater of operations,"  
Smathers said. The company has formed an emergency response team that
includes key functions such as IT, corporate communications, quality
assurance, transportation and travel, he said.

"All have plans in place to keep business interruptions to a minimum
in the event of a crisis," Smathers said, declining to elaborate.

In some cases, previous preparations are paying off. All of Royal
Caribbean Cruises Ltd.'s ships have been operating at the "highest
level of security alert" since the attacks of Sept. 11, 2001, said Tom
Murphy, CIO at the Miami-based company.

According to Murphy, Royal Caribbean is the first cruise company to be
ready with the Advanced Passenger Information System, an electronic
passenger-tracking system mandated by the U.S. Department of Homeland
Security. As a result of such measures, "we don't have any specific
concerns relative to IT security" stemming from the Iraq crisis,
Murphy said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.