[ISN] September 11th Does Not Mean Cyberwar is Coming

From: InfoSec News (isnat_private)
Date: Mon Sep 17 2001 - 01:59:40 PDT

  • Next message: InfoSec News: "[ISN] "Potential Distributed Denial of Service (DDoS) Attacks""

    Forwarded from: Richard Forno <rfornoat_private>
    September 11th Does Not Mean Cyberwar is Coming.
    Richard Forno
    (c) 2001 by author.
    Permission to reproduce in whole, or part, with appropriate credit.
    September 11, 2001 is a date -- now seared into the memory of our
    nation -- that was a brutal awakening for 21st century America.  It
    was also a stark reminder that the method of attack for terrorists
    will be a high-visibility, high-body-count target; not hacking,
    cracking, or conducting a so-called "cyber war."
    UBL, Saddam, Quasimodo, or any other terrorist is not going to snicker
    in their cave or palace and proclaim that "God is great, those
    Americans are running scared because my forces have crashed the NASDAQ
    systems!" Nobody ever died from a directed TCP/IP packet, nor are such
    IT-related incidents akin to the fearful dinner-time discussions
    regarding the "Red Threat" during the Cold War.
    Seeing a smoking crater that was a world landmark makes an emotional
    impact on everyone - adults and children - around the world. Thus, the
    graphic impact of such physical strikes is much more appealing to the
    terrorist since they elicit a far greater visceral emotional response
    from the victim society left to cope with the aftermath.
    In the aftermath of our national tragedy, there is an understandable
    increase in emotional rhetoric in chat rooms and coffee bars across
    America that the recent attacks will precipitate a so-called "cyber
    war."  This "cyber war" will likely be no more than the
    run-of-the-mill nuisances and mundane mischief that network and
    security administrators see on a daily basis: web defacements, ping
    floods, virus attacks, and so on.  Sadly, there are a growing number
    of security and "intelligence" vendors making claims that the attacks
    of September 11 will culminate in or help launch a "cyber war"; thus
    creating an unnecessary amount of Fear, Uncertainty and Doubt (FUD) on
    a topic that is in no way as pressing a concern as the very real
    emergencies that we are currently facing.
    Of course, it goes without saying that during this time of concern, IT
    administrators and security staff should be on heightened alert to
    monitor for suspicious activities on their networks, and report any
    such activity to the appropriate entities. This should be expected in
    any national crisis situation.  However, any computer system
    considered "essential" and a "critical element of the national
    infrastructure" should NOT have been connected to a public network in
    the first place.  Proper security planning on such systems before
    their deployment should always outweigh operator convenience in such
    critical circumstances.
    Granted, one cannot rule out an increase in computer security
    incidents during this time. Certainly, the IT industry should exercise
    due diligence in safeguarding their systems.  But everyone involved
    should make a concerted effort to refrain from -- and resist -- any
    and all attempts to capitalize on this real-world tragedy through
    fear-mongering statements and marketing tactics implying that phantom
    packets are waiting to strike our networks during this tragic period.
    September 11th's attack on Freedom should not be perverted into an
    opportunity for free commercials for anyone. Period.
    My thoughts and prayers to those responding to this incident, and to
    the families and friends of those lost during this week's events.
    Richard Forno
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 08:25:02 PDT