Forwarded from: William Knowles <wkat_private> http://www.wired.com/news/politics/0,1283,56766,00.html By Michael Grebb Dec. 09, 2002 WASHINGTON -- Internet and telecommunications experts, here on Friday to discuss homeland security, said increasingly complex software operating systems and networks have made it easier than ever to disrupt U.S. communications systems. At the same time, hackers don't need to be highly skilled to wreak havoc. "Over time, we're getting very sophisticated attacks from morons," said Bill Hancock, chair of the cybersecurity focus group of the Network Reliability and Interoperability Council, which coordinates voluntary "best practices" to maintain a streamlined communications infrastructure. NRIC members include Sprint PCS, AOL Time Warner, Verisign and WorldCom, among others. In January, the FCC chartered NRIC to recommend ways for companies to thwart cyberattacks post-Sept. 11. On Friday, NRIC issued its initial recommendations, several of them culled from existing industry best practices that companies are already supposed to follow -- but often don't. "One of the things that has happened over the last decade is that we have moved from proprietary to open networks," said Shawn Abbott, president of Rainbow e-Security, an Irvine, California, cybersecurity firm. "This has created new threats and vulnerabilities. We're really playing catch-up here." Others have questioned whether voluntary measures are enough to protect homeland security. But at the meeting, FCC chairman Michael Powell argued that modern networks are so intertwined that companies all have a stake in making sure they run smoothly. "This is a form of mutually assured destruction," he said. Powell, however, didn't rule out mandating some security measures for regulated industries -- such as cable, broadcast, satellite and telephone -- if it becomes necessary to protect national security. Hancock, meanwhile, urged system administrators to ax unnecessary software and features that give hackers more attack options, partition and isolate pieces of the network to make them harder to detect, and set up multiple defense layers. Hancock also said the added complexity of today's software -- combined with the increasing availability of hacker tools on the Web -- actually makes it easier for inexperienced hackers to break in. "The simpler thing was less functional but also less dangerous," said Powell at a press conference following the event. "With those features comes added vulnerabilities (that some people) aren't aware of." NRIC also addressed physical security, urging the government to help fund grounds security at key telecom facilities, increase scrutiny of mergers that would put communications infrastructure in foreign hands, and fund employer background checks on workers with access to critical facilities. Earlier this year, NRIC members adopted a plan to cooperate to restore service in case of a national emergency such as a terrorist attack. They also adopted systems to provide detailed contact information and identify key people to bring Internet and communications networks back online. "We have much more to do," said Powell. "It's not effective until it's implemented." *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Dec 10 2002 - 03:32:49 PST