[ISN] Cyberspace full of terror targets

From: InfoSec News (isnat_private)
Date: Tue May 07 2002 - 01:50:48 PDT

  • Next message: InfoSec News: "RE: [ISN] Biometric Security Not Ready to Replace Passwords"

    Forwarded from: Bob <bobat_private>
    Cyberspace full of terror targets
    By Tom Squitieri, USA TODAY
    WASHINGTON - Government and private computer networks are facing new
    threats of terrorist attacks, ranging from an attempt to bring havoc
    to a major city to nationwide disruptions of finances, transportation
    and utilities. But people with knowledge of national intelligence
    briefings say little has been done to protect against a cyberattack.
    Some of the threats come from individuals who might have connections
    to Osama bin Laden's al-Qaeda network in Pakistan and elsewhere, those
    who have been briefed say.
    The specific threats, in part, prompted a meeting April 18 of
    government intelligence and information-technology officials to
    discuss protecting the nation's computer networks.
    "This threat is growing," Sen. Jon Kyl, R-Ariz., says. "It's a big
    threat, because it is easy to do and can cause great harm."
    Congress is trying to reduce the threat. Legislation has been proposed
    to create a national "cybersecurity defense team" to identify areas
    most vulnerable to attack and determine how to reduce the danger.
    Other legislation would make it easier for companies to share
    information without being subject to antitrust or
    freedom-of-information laws. Such communication could alert the
    government to a terrorist attack, as opposed to more common cases of
    computer hackers targeting a company or agency. It could also help
    companies defend against attacks.
    The vast array of potential targets and the lack of adequate
    safeguards have made addressing the threat daunting. Among the recent
    targets that terrorists have discussed, according to people with
    knowledge of intelligence briefings:
    * The Centers for Disease Control and Prevention, based in Atlanta. It
    is charged with developing the nation's response to potential attacks
    involving biological warfare.
    * The nation's financial network, which could shut down the flow of
    banking data. The attack would focus on the FedWire, the
    money-movement clearing system maintained by the Federal Reserve
    * Computer systems that operate water-treatment plants, which could
    contaminate water supplies.
    * Computer networks that run electrical grids and dams.
    * As many targets as possible in a major city. Los Angeles and San
    Francisco have been mentioned by terrorists, intelligence officials
    * Facilities that control the flow of information over the Internet.
    Richard Clarke, the White House special adviser on cybersecurity, says
    such sites, of which there are 20 to 25, are "only secure in their
    obscurity."  The nation's communications network, including telephone
    and 911 call centers.
    * Air traffic control, rail and public transportation systems.
    Officials are most concerned that a cyberattack could be coupled with
    a conventional terrorist attack, such as those on Sept. 11, and hinder
    rescue efforts.
    "Cyberterrorism presents a real and growing threat to American
    security," says Rep. Jane Harman, D-Calif., top Democrat on the House
    Intelligence Committee's panel on terrorism and homeland security.
    "What I fear is the combination of a cyberattack coordinated with more
    traditional terrorism, undermining our ability to respond to an attack
    when lives are in danger."
    The Bush administration is seeking about $4.5 billion in its 2003
    budget request to protect federal computer systems. That's about 8% of
    its information technology budget.
    Clarke warned lawmakers earlier this year that the threat of a
    cyberattack was greater than previously imagined. He says it could
    take three or four years to markedly improve the government's ability
    to prevent such attacks.
    Long before Sept. 11, officials warned of the nation's vulnerability
    to cyberattack. The Pentagon and many large companies have experienced
    limited attacks. Hackers calling themselves the "Deceptive Duo"
    recently infiltrated Pentagon computers and left a message indicating
    that the attacks were made to show "how sad our cyber-security really
    In 2001, cyberattacks caused $12 billion in damage and economic
    Such attacks were successful in penetrating security systems at an
    airport in Massachusetts and a dam in Arizona, causing shutdowns of
    both facilities but no loss of lives or long-term damage.
    "The principal myth that you will hear is that nobody can actually
    change the operation of a physical system through computers," says
    Alan Paller, director of the System Administration, Networking and
    Security Institute, which teaches people how to protect computer
    systems. "There have been people who have already demonstrated how
    that can be done."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue May 07 2002 - 04:52:27 PDT