[ISN] Gartner Forecasts Greater Potential For Cyberattacks

From: InfoSec News (isn@private)
Date: Fri Jan 16 2004 - 06:03:20 PST

  • Next message: InfoSec News: "[ISN] Security a work in progress for Microsoft"

    http://www.securitypipeline.com/news/showArticle.jhtml%3Bjsessionid=OB5UFEWRASQTMQSNDBGCKHQ?articleId=17301712
    
    By Antone Gonsalves
    TechWeb News 
    January 15, 2004 
    
    Dependence on the Internet for voice communications and data
    distribution will increase the likelihood of cyberwarfare, a high-tech
    research firm said Thursday.
    
    Much like the nuclear threat during the Cold War in the last century,
    cyberwarfare is a potential catastrophe that the U.S. and other
    nations must be prepared to combat, Gartner Inc. said. Given the rate
    of adoption of Internet-based technology, nations will have the
    ability to conduct cyberwarfare by 2005.
    
    "The world's not going to hell in a hand basket, so we can get that
    off the table," David Fraley, author of the recent Gartner report,
    said. "What's important for people to do is continuity planning--be
    aware of the different threats and vulnerabilities that could hit
    their organizations."
    
    Organizations could suffer irreparable harm if they don't have a
    strategy for keeping their businesses running, if facilities are
    unable to operate.
    
    "The difference between cyberwarfare and hacking is the magnitude,"  
    Fraley said. "Cyberwarfare is on a much grander scale."
    
    Increasing the possibility of cyberattacks is the ever-increasing use
    of Internet-protocol networking technology to connect critical
    infrastructure, as well as the movement in voice communications from a
    circuit- to packet-switched architecture, the research firm said.
    
    IP networks carrying voice traffic use voice over IP (VoIP) equipment
    that is susceptible to traditional Internet threats like worms,
    viruses and break-ins from hackers. Denial-of-service attacks, for
    example, that often take down web sites, could be used to disrupt the
    flow of voice-carrying packets on an IP network, causing a major
    breakdown in communications.
    
    On the infrastructure level, interfaces allowing maintenance and
    control of equipment have traditionally been accessed through dial-up
    modems. As more of these access points are converted to IP network
    connections, then the vulnerability to attack also increases.
    
    Possible targets of attacks include network interfaces found in
    equipment used by dams, railroads, electrical grids and power
    generation facilities, Gartner said. Another target is the interface
    points between SS7, the central nervous system of the public switched
    telephone network (PSTN), and IP networks.
    
    Gartner predicts that SS7 will become a key communications target by
    2006.
    
    Other trends adding to the potential destruction of cyber-attacks
    include the conversion of traditional frame relay and X.25 protocols
    used to connect computer systems in banking and finance to IP
    networking. Similar conversions are taking place in other industries,
    such as chemical, oil and gas, electrical, law enforcement and rail
    transportation.
    
    In its research, Gartner points out businesses can find ways to manage
    risk through the U.S. National Infrastructure Protection Center, which
    has published a document entitled, "Risk Management: An Essential
    Guide to Protecting Critical Assets."
    
    "Most security technology, when used in conjunction with 'best
    practices,' is appropriate to the proportional risk presented by the
    threat of cyber-warfare," Gartner said in a statement. "The
    proportional-risk assumption does not mean that a cyber-warfare attack
    would be unsuccessful if undertaken by a determined foe, but that risk
    is low."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jan 16 2004 - 09:27:03 PST