http://www.wired.com/news/infostructure/0,1377,58067,00.html By Michael Grebb March 15, 2003 WASHINGTON -- The task of protecting America's communications and information networks isn't getting any easier. And federal agencies and private companies face a steeper and steeper battle, according to data presented Friday at the Network Reliability and Interoperability Council meeting at the Federal Communications Commission. Indeed, while computer viruses used to take days to spread across the Internet, the Code Red virus propagated in 37 minutes in 2001, and the more recent Slammer worm spread in about eight minutes. "The propagation time for evil to hit everybody has gone from days to minutes," said Bill Hancock, chairman of the Network Reliability and Interoperability Council's cybersecurity focus group and vice president of security at Cable & Wireless. (The NRIC is made up of representatives from the telecommunications, cable, wireless, satellite and ISP industries.) Nonetheless, Hancock said Slammer would have died quickly if companies had installed available patches to disable vulnerable ports. Instead, it took about three days to neutralize. "We live in a no-trust environment, and we need to figure out how to deal with that," he said. Others insisted that companies take Internet security as seriously as physical security in the post-Sept. 11 world. "I think people are treating cyberspace with renewed vigor," Richard Notebaert, NRIC chairman who is CEO of Qwest, said in an interview after the meeting. "We take this very seriously." Notebaert conceded that small firms without many resources often face challenges or delays in updating patches and fixing other network problems. But he argued that problems aren't widespread. "Prevention is so much better now than it was," he said. "But sometimes a patch gets stuck in an in-basket." As companies' vigilance increases, however, so do the threats. Hancock said convergence of voice and data into packet networks and the practice of assigning TCP/IP addresses to wireless devices has turned just about everything into a "hackable target." He said engineers must work together to improve signaling protocol security and increase compatibility. A common problem is that network protocols and operating systems don't have the same security features, forcing tough choices for administrators responsible for keeping networks up and running. "In some cases, you may have to turn off (security) features to get the operating system to work," Hancock said. Physical security is also often overlooked. Experts said managers should be increasingly worried about "blended attacks" in which terrorists could simultaneously target physical and virtual infrastructure to compound damage or to disrupt the ability of first-responders to communicate and respond to an emergency. "Sept. 11 had a big impact on the communications infrastructure," said Karl Rauscher, director of network reliability at Lucent Technologies' Bell Labs unit and chairman of NRIC's physical security focus group. "But that was just collateral damage." In case of a direct attack on the nation's communications networks, Rauscher said companies should plan for every contingency, including storing extra fuel reserves for generators and backup equipment, mapping out alternative transportation and even checking for chemical residue that could damage equipment in the wake of a chemical attack. The 56 NRIC members will vote on more than 200 "best practices" recommendations by March 28, then start the tough process of getting members to adopt them across the country. With the telecommunications sector in a financial slump, persuading companies to spend money implementing the guidelines won't be easy. At least one motivating factor, however, is the constant threat of regulation from Congress: Some lawmakers would rather force specific requirements on communications companies than trust voluntary industry guidelines. Notebaert repeatedly reminded NRIC members to stay involved -- lest Congress mandate it. "Voluntary is better than mandatory," he said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Mar 17 2003 - 05:51:19 PST