Forwarded from: Bob <bobat_private> http://www.usatoday.com/life/cyber/tech/2002/05/06/cyber-terror.htm Cyberspace full of terror targets By Tom Squitieri, USA TODAY 5/5/02 WASHINGTON - Government and private computer networks are facing new threats of terrorist attacks, ranging from an attempt to bring havoc to a major city to nationwide disruptions of finances, transportation and utilities. But people with knowledge of national intelligence briefings say little has been done to protect against a cyberattack. Some of the threats come from individuals who might have connections to Osama bin Laden's al-Qaeda network in Pakistan and elsewhere, those who have been briefed say. The specific threats, in part, prompted a meeting April 18 of government intelligence and information-technology officials to discuss protecting the nation's computer networks. "This threat is growing," Sen. Jon Kyl, R-Ariz., says. "It's a big threat, because it is easy to do and can cause great harm." Congress is trying to reduce the threat. Legislation has been proposed to create a national "cybersecurity defense team" to identify areas most vulnerable to attack and determine how to reduce the danger. Other legislation would make it easier for companies to share information without being subject to antitrust or freedom-of-information laws. Such communication could alert the government to a terrorist attack, as opposed to more common cases of computer hackers targeting a company or agency. It could also help companies defend against attacks. The vast array of potential targets and the lack of adequate safeguards have made addressing the threat daunting. Among the recent targets that terrorists have discussed, according to people with knowledge of intelligence briefings: * The Centers for Disease Control and Prevention, based in Atlanta. It is charged with developing the nation's response to potential attacks involving biological warfare. * The nation's financial network, which could shut down the flow of banking data. The attack would focus on the FedWire, the money-movement clearing system maintained by the Federal Reserve Board. * Computer systems that operate water-treatment plants, which could contaminate water supplies. * Computer networks that run electrical grids and dams. * As many targets as possible in a major city. Los Angeles and San Francisco have been mentioned by terrorists, intelligence officials say. * Facilities that control the flow of information over the Internet. Richard Clarke, the White House special adviser on cybersecurity, says such sites, of which there are 20 to 25, are "only secure in their obscurity." The nation's communications network, including telephone and 911 call centers. * Air traffic control, rail and public transportation systems. Officials are most concerned that a cyberattack could be coupled with a conventional terrorist attack, such as those on Sept. 11, and hinder rescue efforts. "Cyberterrorism presents a real and growing threat to American security," says Rep. Jane Harman, D-Calif., top Democrat on the House Intelligence Committee's panel on terrorism and homeland security. "What I fear is the combination of a cyberattack coordinated with more traditional terrorism, undermining our ability to respond to an attack when lives are in danger." The Bush administration is seeking about $4.5 billion in its 2003 budget request to protect federal computer systems. That's about 8% of its information technology budget. Clarke warned lawmakers earlier this year that the threat of a cyberattack was greater than previously imagined. He says it could take three or four years to markedly improve the government's ability to prevent such attacks. Long before Sept. 11, officials warned of the nation's vulnerability to cyberattack. The Pentagon and many large companies have experienced limited attacks. Hackers calling themselves the "Deceptive Duo" recently infiltrated Pentagon computers and left a message indicating that the attacks were made to show "how sad our cyber-security really is." In 2001, cyberattacks caused $12 billion in damage and economic losses. Such attacks were successful in penetrating security systems at an airport in Massachusetts and a dam in Arizona, causing shutdowns of both facilities but no loss of lives or long-term damage. "The principal myth that you will hear is that nobody can actually change the operation of a physical system through computers," says Alan Paller, director of the System Administration, Networking and Security Institute, which teaches people how to protect computer systems. "There have been people who have already demonstrated how that can be done." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue May 07 2002 - 04:52:27 PDT