[ISN] CIA can't foresee computer attacks, official says

From: InfoSec News (isnat_private)
Date: Thu Jun 21 2001 - 18:12:32 PDT

  • Next message: InfoSec News: "[ISN] Russian Hacker Indicted On Wire Fraud, Extortion Charges"

    By D. IAN HOPPER, Associated Press 
    WASHINGTON (June 21, 2001 2:54 p.m. EDT) - The CIA is unable to
    predict attacks on U.S. computer systems before they happen, as the
    agency is expected to do with political and military events, a top CIA
    official told Congress on Thursday.
    Despite a major increase in intelligence efforts dedicated to computer
    security, attackers still develop new tools and techniques faster than
    the CIA can keep up, Lawrence K. Gershwin said.
    Often, "we end up detecting it after it's happened," said Gershwin,
    the CIA's top adviser on science and technology issues. "I don't feel
    very good about our ability to anticipate."
    Gershwin told the Joint Economic Committee that foreign governments
    are the most potent threat to U.S. computers for the next five to 10
    years, rather than terrorists or lone troublemakers.
    So far, he said, individual hackers don't have the skills or the
    motive to make a major attack against U.S. infrastructure like the
    telephone system or financial networks. And since terrorists want
    immediate and predictable results, they will stick with their current
    attacks for the foreseeable future.
    "Terrorists really like to make sure that what they do works,"
    Gershwin said. "They do very nicely with explosions, so we think
    largely they're working on that."
    Still, Gershwin warned that a terrorist organization could surprise
    intelligence officers and mount a cyber attack within the next six
    The committee focused on the vulnerabilities faced because of the
    separation of the public and private sector. Even though the
    government uses commercial networks, and vice versa, there still is
    little information shared and attackers could exploit that split.
    "When a commander at the Pentagon tries to call a commander in the
    field," Sen. Robert Bennett, R-Utah, said, "he's connecting with
    Gershwin said that this reliance on private networks can mean that a
    foreign power could install a backdoor into government systems.
    "While we may be working with American companies on issues at some
    point, there are contracts and subcontracts," Gershwin said. "It gets
    hard to tell who's doing the work for you."
    Gershwin and other legislators said they would like to see more
    cooperation between businesses and government, similar to the programs
    designed to beat the Y2K bug.
    There are some public-private collaborations, such as the FBI's
    InfraGard program to get closer to tech companies and the federal
    Information Sharing Analysis Centers. But there is still much
    distrust, as companies don't want to share their vulnerabilities with
    other firms or see them reported publicly, and the government holds
    back its secrets.
    "I'd like to think we can work on that collaboration now," said Rep.
    Adam Putnam, R-Fla., "rather than when there's a crisis."
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 23:08:19 PDT