http://www.infoworld.com/articles/hn/xml/01/09/12/010912hncyber.xml By Dan Verton And And Bob Brewin, Computerworld September 12, 2001 4:06 am PT WASHINGTON -- GOVERNMENT and private-sector security experts fear that Tuesday's attacks against the World Trade Center and the Pentagon are only the beginning of a wave of assaults that could include cyberterrorism. Officials at the FBI's National Infrastructure Protection Center (NIPC), located at FBI headquarters here, were gathering for an emergency meeting to collect and analyze all available cyberintelligence information, said Navy Rear Adm. James Plehal, the deputy director of the NIPC. Details of the meeting aren't yet available. Meanwhile, Marv Langston, former deputy CIO at the Defense Department, viewed Tuesday's terrorist attacks as an act of war and warned that they could be followed by a series of cyberattacks. Langston said the United States needs to prepare itself for what he described as an "electronic Pearl Harbor." Air Force Lt. Gen. Retired Al Edmonds, now head of the Electronic Data Systems federal division, said "I would suspect a cyberattack could be next, and that would be absolutely paralyzing." In the 1990s, the Pentagon produced a series of studies that showed that a cyber attack on computer and communication systems could cripple the United States as severely as a physical attack. Such an attack could shut down water systems, power plants, railroads, airports, and oil and gas pipelines, all of which run on computer and communications systems. Each system is usually controlled by a central, vulnerable location. But Jeff Moss, president and CEO of Black Hat Briefings, a security consulting firm in Seattle, said he hasn't discovered a cyber component to Tuesday's attacks. "People are watching their logs, but from what I can tell nobody has seen anything yet," said Moss, who is the founder of the annual Def Con hacker conference. "Today will be security review day for a lot of places," Moss said. Meanwhile, Atlanta-based Internet Security Systems (ISS), which operates the IT sector's Information Sharing and Analysis Center (ISAC), has placed its operations center on what it calls AlertCon 3 (the highest is AlertCon 4), "in order to focus IT security efforts on the potential for (and defense against) an Internet component to these attacks." The ISAC works in cooperation with the FBI and the NIPC in sharing information about cyberthreats. "Our monitored networks do not show any unusual activity at this time, but our [Security Operations Centers] are at a heightened state of alert as we watch for any indications that e-commerce is also being targeted," an ISS spokesman said. The financial district around Wall Street in lower Manhattan was closed down. "This is a time to partner all security assets on what is most important to your enterprise," the ISS threat assessment states. "While physical security concerns are paramount, it is essential to keep some eyes on the networks focused on malicious activity. We can expect a significant increase in disaster-recovery activity -- plans being activated, dusted off, etc. No doubt the [disaster-recovery] industry will be sorely stressed at this point, and it would behoove staffs to consider security as a move to alternate sites is contemplated or enacted." The major question being asked by some experts is how such a large-scale, coordinated attack could have been accomplished without security officials being tipped off through cyber or communications intelligence. Most experts acknowledge, however, that there are only a handful of terrorist organizations in the world capable of conducting such an operation in secret. And they likely used nontechnical means of communications that would have allowed them to escape U.S. intelligence IT surveillance operations. John Garber, vice president of Cryptec Secure Communications in Chantilly, Va., and a former National Security Agency official, said the capabilities of the U.S. intelligence community are "fairly well known" by the terrorist organizations that are suspects in this series of attacks. "They do an awful lot of communications through messengers and nondigital methods," Garber said. "It's not like them to be walking around talking on telephones. This doesn't strike me as a signals intelligence failure as much as a failure of national [agency] coordination," he said. "This is a large and extremely well-coordinated attack. In spite of our best efforts to coordinate intelligence collection on terrorists, this is a massive failure of national cooperation," said Garber, who was in downtown Washington when the Pentagon was attacked. "I can't believe there were no indications." Edmonds, who ran the Defense Information Systems agency, which operates the Pentagon's global networks and has a key role in the Defense Department's cberdefense, said that anyone running an enterprise network today needs to be extremely vigilant against cyberattacks. Edmonds said cyber and physical security concerns have increased such an extent that a number of federal agencies located in Washington have already started to activate plans to move to alternative locations. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Sep 13 2001 - 04:17:56 PDT