[ISN] Complex Networks Too Easy to Hack

From: InfoSec News (isnat_private)
Date: Tue Dec 10 2002 - 00:59:21 PST

  • Next message: InfoSec News: "[ISN] Germany cautious on Microsoft security"

    Forwarded from: William Knowles <wkat_private>
    By Michael Grebb 
    Dec. 09, 2002
    WASHINGTON -- Internet and telecommunications experts, here on Friday 
    to discuss homeland security, said increasingly complex software 
    operating systems and networks have made it easier than ever to 
    disrupt U.S. communications systems. 
    At the same time, hackers don't need to be highly skilled to wreak 
    "Over time, we're getting very sophisticated attacks from morons," 
    said Bill Hancock, chair of the cybersecurity focus group of the 
    Network Reliability and Interoperability Council, which coordinates 
    voluntary "best practices" to maintain a streamlined communications 
    NRIC members include Sprint PCS, AOL Time Warner, Verisign and 
    WorldCom, among others. 
    In January, the FCC chartered NRIC to recommend ways for companies to 
    thwart cyberattacks post-Sept. 11. 
    On Friday, NRIC issued its initial recommendations, several of them 
    culled from existing industry best practices that companies are 
    already supposed to follow -- but often don't. 
    "One of the things that has happened over the last decade is that we 
    have moved from proprietary to open networks," said Shawn Abbott, 
    president of Rainbow e-Security, an Irvine, California, cybersecurity 
    firm. "This has created new threats and vulnerabilities. We're really 
    playing catch-up here." 
    Others have questioned whether voluntary measures are enough to 
    protect homeland security. 
    But at the meeting, FCC chairman Michael Powell argued that modern 
    networks are so intertwined that companies all have a stake in making 
    sure they run smoothly. "This is a form of mutually assured 
    destruction," he said. 
    Powell, however, didn't rule out mandating some security measures for 
    regulated industries -- such as cable, broadcast, satellite and 
    telephone -- if it becomes necessary to protect national security. 
    Hancock, meanwhile, urged system administrators to ax unnecessary 
    software and features that give hackers more attack options, partition 
    and isolate pieces of the network to make them harder to detect, and 
    set up multiple defense layers. 
    Hancock also said the added complexity of today's software -- combined 
    with the increasing availability of hacker tools on the Web -- 
    actually makes it easier for inexperienced hackers to break in. 
    "The simpler thing was less functional but also less dangerous," said 
    Powell at a press conference following the event. "With those features 
    comes added vulnerabilities (that some people) aren't aware of." 
    NRIC also addressed physical security, urging the government to help 
    fund grounds security at key telecom facilities, increase scrutiny of 
    mergers that would put communications infrastructure in foreign hands, 
    and fund employer background checks on workers with access to critical 
    Earlier this year, NRIC members adopted a plan to cooperate to restore 
    service in case of a national emergency such as a terrorist attack. 
    They also adopted systems to provide detailed contact information and 
    identify key people to bring Internet and communications networks back 
    "We have much more to do," said Powell. "It's not effective until it's 
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Dec 10 2002 - 03:32:49 PST