[ISN] Government Not Ready for Cyberattacks

From: InfoSec News (isnat_private)
Date: Thu Jun 27 2002 - 01:01:15 PDT

  • Next message: InfoSec News: "[ISN] Infrastructure firms have swords drawn"

    Forwarded from: Bob <bobat_private>
    
    Long, long ago, I noticed that institutions, public or private, rarely
    ever prepare for a disaster until after being clobbered by one.  So
    what's new?
    
    Bob Adams
    http://www.globaldisaster.org
    
    
    Government Not Ready for Cyberattacks
    June 26, 2002
    Internet News
    http://www.internetnews.com/ent-news/print.php/1377081
    
    The U.S. government is due for a "major" cyberattack within the next
    12 months and is unprepared to counter the threat, according to report
    released Tuesday evening by the Business Software Alliance (BSA).
    
    This time, it isn't the relatively uninformed opinion of the general
    public indicating worry over the security of government information,
    as a December 2001 poll revealed, but IT professionals in the business
    world -- the individuals who protect sensitive information on a daily
    basis.
    
    The poll was conducted after Congress issued a failing grade to
    federal computer security efforts in November 2001.
    
    Tuesday's "BSA Cyber Security Survey" found that more than half of
    those polled think the likelihood of a major attack is likely within
    the next year. The survey polled corporate IT managers around the
    country for their views on the readiness of government networks, the
    results of which show businesses have little faith in U.S.
    preparedness.
    
    According to Robert Holleyman, BSA president and chief executive
    officer, the threat has, if anything, grown since the events of 9/11.
    He called on President George W. Bush and his Administration to seek
    help from the business world for help securing government intranets
    and Internet sites.
    
    "It is critical that the Bush Administration and Congress move quickly
    on their commitments both financial and philosophical to secure this
    nation and its critical infrastructure," he said. "And as an industry
    that is developing the systems necessary to secure our country's
    complex information networks from terrorists and other attackers, we
    stand ready to help them follow through on those commitments to secure
    the resources and develop policies that promote a safe and legal
    online world."
    
    Ipsos Public Affairs, a Parisian subsidiary of Ipsos Research,
    conducted the survey of 395 IT professionals earlier this month, in a
    variety of business sectors. The results show, among other things,
    that 85 percent of respondents think the government should devote as
    much or more time than they did on the Y2K "crisis," where fears were
    ultimately proved unwarranted.
    
    Other results show:
    
    By a margin of 10-to-one, IT managers are more likely to say
    government security measures are "not at all" adequate than extremely
    adequate.  72 percent of respondents felt there was a gap between the
    government's preparedness and the threat of cyberattack.  96 percent
    feel the government should deploy some form of encryption to sensitive
    data so information is protected even in the event of a break-in.
    
    U.S. networks have been the recipients of a number of
    highly-publicized network breaches this year. A couple of teenage
    hackers calling themselves the "Deceptive Duo" made it their mission
    in life to break into military Web servers and publish the information
    contained within the databases.
    
    Before getting apprehended by the Federal Bureau of Investigations
    after only several weeks on the job, PimpShiz and The Rev had hacked
    into more than a dozen military, government and financial Web servers.
    In the case of the U.S. Navy, the pair broke into a supposedly secure
    server, published the contents of a database, helped military IT staff
    repair the breach, and then broke into another Navy server two weeks
    later.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 04:13:09 PDT