[ISN] Companies review their IT security as war breaks out

From: InfoSec News (isnat_private)
Date: Tue Mar 25 2003 - 00:25:59 PST

  • Next message: InfoSec News: "[ISN] States need cybersecurity focus"

    MARCH 24, 2003
    Tom King, chief information security officer at investment banking
    firm Lehman Bros., last week was taking a hard second look at his
    company's IT security and business continuity plans.
    As the countdown to war neared its end, King said he remained fairly
    optimistic that the conflict wouldn't provoke major cyberattacks
    against U.S. corporate targets. The review, he said, was a
    precautionary move to ensure that the company's "high-value production
    systems," network entry points and remote access processes are
    adequately shielded against random attacks.
    Last week, IT executives at companies contacted by Computerworld said
    they were reviewing their security and disaster preparedness plans
    even as they held out hope that disruptions would be minimal.
    "If history is any guide, I don't expect any tremendous amount of
    cyberterrorism being focused on us now," King said. "We just want to
    make sure that we are not in any way vulnerable to casual or simple
    The biggest threat will come from "politically motivated, low-level
    cyberattacks" aimed at "targets of opportunity," according to a report
    released by Stamford, Conn.-based Gartner Inc. in February. Such
    attacks will be designed to disrupt operations and vandalize Web sites
    with political messages, the report stated.
    Contingency Plans
    Still, most U.S corporations aren't expecting a major business
    disruption from the war in Iraq, though a majority of companies have
    global IT contingency plans in place, according to the results of a
    survey of 60 companies released last week by Boston-based AMR Research
    One such company is Betts USA Inc., a Florence, Ky.-based manufacturer
    of tubes and injection-molded components with operations in several
    countries, including Indonesia, India and China.
    Like Lehman, Betts is going over its defenses with a fine-toothed
    comb, making sure that its firewalls are properly configured, that
    virus definitions and software patches are fully updated and that
    proper tape backup processes are in place.
    The company also has plans to get in touch with its hardware
    distributor to make sure spare equipment is available if it's needed,
    said Dennis Roell, IT manager at Betts. Physical security, facilities
    access and disaster recovery processes are being reviewed at all
    plants, and Betts is getting in touch with its Internet service
    provider to review its security and contingency plans as well, Roell
    "It's all of the same stuff that went into the Y2k preparation," he
    said. "We are just reaffirming everything we have done to make sure we
    have indeed thought this through."
    "In terms of IT security, we continue to focus on business continuity
    for key systems and heightened vigilance for political hactivism,"  
    said Bill Smathers, director of enterprise security services at Avnet
    Inc., a $9 billion technology distributor in Tempe, Ariz., that has
    customers in 63 countries.
    "Physical security is the most immediate focus. Avnet has a limited
    presence in the Middle East, and our highest priority would be the
    safety of our employees within the military theater of operations,"  
    Smathers said. The company has formed an emergency response team that
    includes key functions such as IT, corporate communications, quality
    assurance, transportation and travel, he said.
    "All have plans in place to keep business interruptions to a minimum
    in the event of a crisis," Smathers said, declining to elaborate.
    In some cases, previous preparations are paying off. All of Royal
    Caribbean Cruises Ltd.'s ships have been operating at the "highest
    level of security alert" since the attacks of Sept. 11, 2001, said Tom
    Murphy, CIO at the Miami-based company.
    According to Murphy, Royal Caribbean is the first cruise company to be
    ready with the Advanced Passenger Information System, an electronic
    passenger-tracking system mandated by the U.S. Department of Homeland
    Security. As a result of such measures, "we don't have any specific
    concerns relative to IT security" stemming from the Iraq crisis,
    Murphy said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Mar 25 2003 - 02:46:09 PST