[ISN] U.S. attack: Companies warned about possible cyberattacks

From: InfoSec News (isnat_private)
Date: Wed Sep 12 2001 - 22:32:02 PDT

  • Next message: InfoSec News: "[ISN] U.S. attack: Defense Department's nets unaffected by terrorist assault"

    By Dan Verton And And Bob Brewin, Computerworld 
    September 12, 2001 4:06 am PT
    WASHINGTON -- GOVERNMENT and private-sector security experts fear that
    Tuesday's attacks against the World Trade Center and the Pentagon are
    only the beginning of a wave of assaults that could include
    Officials at the FBI's National Infrastructure Protection Center
    (NIPC), located at FBI headquarters here, were gathering for an
    emergency meeting to collect and analyze all available
    cyberintelligence information, said Navy Rear Adm. James Plehal, the
    deputy director of the NIPC. Details of the meeting aren't yet
    Meanwhile, Marv Langston, former deputy CIO at the Defense Department,
    viewed Tuesday's terrorist attacks as an act of war and warned that
    they could be followed by a series of cyberattacks. Langston said the
    United States needs to prepare itself for what he described as an
    "electronic Pearl Harbor."
    Air Force Lt. Gen. Retired Al Edmonds, now head of the Electronic Data
    Systems federal division, said "I would suspect a cyberattack could be
    next, and that would be absolutely paralyzing."
    In the 1990s, the Pentagon produced a series of studies that showed
    that a cyber attack on computer and communication systems could
    cripple the United States as severely as a physical attack. Such an
    attack could shut down water systems, power plants, railroads,
    airports, and oil and gas pipelines, all of which run on computer and
    communications systems. Each system is usually controlled by a
    central, vulnerable location.
    But Jeff Moss, president and CEO of Black Hat Briefings, a security
    consulting firm in Seattle, said he hasn't discovered a cyber
    component to Tuesday's attacks.
    "People are watching their logs, but from what I can tell nobody has
    seen anything yet," said Moss, who is the founder of the annual Def
    Con hacker conference.
    "Today will be security review day for a lot of places," Moss said.
    Meanwhile, Atlanta-based Internet Security Systems (ISS), which
    operates the IT sector's Information Sharing and Analysis Center
    (ISAC), has placed its operations center on what it calls AlertCon 3
    (the highest is AlertCon 4), "in order to focus IT security efforts on
    the potential for (and defense against) an Internet component to these
    attacks." The ISAC works in cooperation with the FBI and the NIPC in
    sharing information about cyberthreats.
    "Our monitored networks do not show any unusual activity at this time,
    but our [Security Operations Centers] are at a heightened state of
    alert as we watch for any indications that e-commerce is also being
    targeted," an ISS spokesman said. The financial district around Wall
    Street in lower Manhattan was closed down.
    "This is a time to partner all security assets on what is most
    important to your enterprise," the ISS threat assessment states.
    "While physical security concerns are paramount, it is essential to
    keep some eyes on the networks focused on malicious activity. We can
    expect a significant increase in disaster-recovery activity -- plans
    being activated, dusted off, etc. No doubt the [disaster-recovery]
    industry will be sorely stressed at this point, and it would behoove
    staffs to consider security as a move to alternate sites is
    contemplated or enacted."
    The major question being asked by some experts is how such a
    large-scale, coordinated attack could have been accomplished without
    security officials being tipped off through cyber or communications
    intelligence. Most experts acknowledge, however, that there are only a
    handful of terrorist organizations in the world capable of conducting
    such an operation in secret. And they likely used nontechnical means
    of communications that would have allowed them to escape U.S.
    intelligence IT surveillance operations.
    John Garber, vice president of Cryptec Secure Communications in
    Chantilly, Va., and a former National Security Agency official, said
    the capabilities of the U.S. intelligence community are "fairly well
    known" by the terrorist organizations that are suspects in this series
    of attacks.
    "They do an awful lot of communications through messengers and
    nondigital methods," Garber said. "It's not like them to be walking
    around talking on telephones. This doesn't strike me as a signals
    intelligence failure as much as a failure of national [agency]
    coordination," he said.
    "This is a large and extremely well-coordinated attack. In spite of
    our best efforts to coordinate intelligence collection on terrorists,
    this is a massive failure of national cooperation," said Garber, who
    was in downtown Washington when the Pentagon was attacked. "I can't
    believe there were no indications."
    Edmonds, who ran the Defense Information Systems agency, which
    operates the Pentagon's global networks and has a key role in the
    Defense Department's cberdefense, said that anyone running an
    enterprise network today needs to be extremely vigilant against
    Edmonds said cyber and physical security concerns have increased such
    an extent that a number of federal agencies located in Washington have
    already started to activate plans to move to alternative locations.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Sep 13 2001 - 04:17:56 PDT