Expert: Casinos need to improve online security

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.lasvegassun.com/sunbin/stories/gaming/2003/may/29/515145345.html

By Liz Benston 
benston () lasvegassun com
LAS VEGAS SUN
May 29, 2003 

Las Vegas casinos are considered among the most physically secure
environments around -- but are far behind in terms of creating
computerized security systems that can withstand cyber-attacks from
disgruntled customers, corporate spies, ideological opponents and even
terrorists, a security expert says.

"The potential for a cyber 9-1-1 is high," said Michael Leach, a
director of Computer Sciences Corp., an El Segundo, Calif.-based
supplier of information security systems. Leach addressed a group of
information technology managers and other technology specialists at
the Gaming Technology Summit in Henderson on Wednesday.

Casinos have retained older back-office technology systems that are
increasingly vulnerable to security gaps as newer front-end software
systems are added to their floors, Leach said.

Companies also are behind in offering online security for gamblers, he
added.

Properties are increasingly offering slot club loyalty cards and
taking other measures to better monitor their customers for marketing
purposes. But companies generally don't allow customers to "opt out"  
of requests to sell or exchange personal information with other
companies, he said.

Security and privacy standards for customers also are generally absent
from gaming regulations nationwide. With the pervasiveness of the
Internet in business transactions and the explosion of computerized
technology for even the smallest tasks, the casino industry should
expect regulators to take a closer look at cyber-security measures, he
told attendees.

Government agencies and some businesses are migrating toward the use
of "smart cards" and in some cases, biometrics to identify and track
employees and customers, he said.

New technology carries new risk unless companies devise security
measures to monitor those systems. That's because hackers can now
destroy what once required manual manipulation, such as locking all of
the secure doors in a casino, he said.

Strict casino regulations have created highly specialized departments
that function somewhat independently from one another. Departments
must find a way to work more closely together to develop a companywide
risk management system that appeases regulators and creates a more
seamless security barrier, he said.

Meanwhile, executives across many industries have falsely concluded
that their security is "good enough" and that terrorism "is not their
problem," said Leach, who worked for the DuPont chemical company for
more than 34 years.

Others that have implemented some kind of companywide risk management
system are relying on incorrect assumptions of security, he said.

Computer firewalls that keep out viruses can't protect systems from
disruptions that could occur from within, such as those initiated by
unidentified employees or individuals that are outsourced by a company
to perform a certain task.

Information that is scrambled, or encrypted for security purposes also
can be cracked using high-performance computers, he said.

Also at the gaming summit, Pete Fox, general manager of Microsoft
Corp.'s Southwest region, said the tech giant aims to work more
closely with the gaming industry to create specific products to run
their casinos as well as to better service those products.

Microsoft doesn't intend to develop gambling software such as that
used on remote gambling devices in Europe, however, said Fox, who
oversees Microsoft operations across Clark County, Arizona and New
Mexico.

The company has talked with software development partners about
creating technology that could make gambling more convenient, he said.  
But such systems would eventually come from developers rather than
management companies such as Microsoft, he said.

Fox declined to comment on regulations governing Internet gambling and
other remote betting systems.

Some European countries have devised rules on Internet gambling and
allow gamblers to bet remotely from casinos using personal computing
devices such as cell phones. The U.S. government, which has taken a
more stringent approach to Internet gambling, has determined that
online wagering is illegal with some exceptions like simulcast
wagering on horse races. Meanwhile, a bill that would outlaw financial
transactions used to place Internet wagers is pending in Congress.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.