Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] Cybersicherheit im US-Representantenhaus - Anhörung,
Bericht von einer Anhörung am 29.8. Jetzt sollen schon mehr als 100
Staaten für den Cyberkrieg rüsten - sagt die NSA. 

Clear and Present Danger?
Government Warns that Its Computer Systems Need Security Improvements
By Peter Dizikes

N E W   Y O R K, Aug. 29 ? Are computer hackers getting the upper hand
on the U.S. government?  
That's what a government official is saying today at House subcommittee
hearing in San Jose, Calif., as Congress scrutinizes the government's
current level of security in the wake of a series of recent computer
"Virtually all of the largest federal agencies have significant computer
security weaknesses that place critical federal operations and assets at
risk to computer-based attacks," said Keith A. Rhodes, chief technology
officer of the General Accounting Office (GAO), in testimony prepared
for the session.

Moreover, Rhodes says, more danger for Washington may lie ahead.

"Recent attacks foreshadow much more devastating Internet threats to
come," added Rhodes. "Over 100 countries already have or are developing
computer attack capabilities ? NSA [the National Security Agency] has
determined that potential adversaries are developing a body of knowledge
about U.S. systems and methods to attack them."

As a consequence, Rhodes claimed, "there is a growing risk that
terrorists or hostile foreign states could severely damage or disrupt
national defense or vital public operations though computer-based
attacks on the nation's critical infrastructures." 

Behind the Private Sector? 

At issue is more than just the Internet slowdowns such as those caused
by the Code Red virus this summer, but the possibility that
cyber-intruders could erase or alter crucial government information.

"It's certainly a concern," said Jeff Carpenter of the Computer
Emergency Response Team (CERT) at Carnegie-Mellon University in
Pittsburgh, prior to his own testimony at the hearings. "As the
government and other sectors increase their information on the Internet,
they increase their exposure, too."

And some computer security experts say the government has fallen behind
the business world in protecting its information.

"The private sector has to a great extent been ahead of the curve
compared to the government in security," says Mark Rasche of Predictive
Systems, a network consulting agency in Reston, Va., and a former
prosecuting attorney for the Justice Department. "The economics dictate
that it be so."

In Rashe's view, businesses have a greater financial incentive to
upgrade security. "It's not that we don't know what the solutions are,"
he says of the government's approach. "We're just not willing to
dedicate the resources to them."

And Rhodes is calling for cooperation between the government and the
high-tech industry to work on the problem.

"Most of the nation's critical infrastructure is owned by the private
sector," Rhodes said. "Solutions, therefore, need to be developed and
implemented in concert with the private sector." 

In the Wake of Code Red

The hearings ? held by the House Subcommittee on Government Efficiency,
Financial Management and Intergovernmental Relations ? come at the end
of a summer during which government Web sites have periodically been
under siege from hackers.

The Code Red worm, intended to cause outages at the White House Web
site, spread rapidly throughout the Internet starting on July 19, and
then in another cycle beginning July 31. Earlier this month, a related
and possibly more dangerous worm, Code Red II, surfaced on the Web. 

The White House technical staff averted a shutdown of its site, but the
Pentagon had to close down numerous Defense Department Web pages on Aug.
1, and the worm ended up intermittently slowing down Internet traffic
worldwide over a period of a few days.

Ultimately, the Code Red worms did not create great damage on the Web,
although they infected more than 400,000 computers ? according to CERT's
estimate ? and took a financial toll on companies and government
agencies that either were affected by the worm or had to spend money
upgrading their security.

Both worms took advantage of security flaws in two Microsoft operating
systems ? Windows NT and Windows 2000 ? and in Microsoft's IIS server
software. It is not known who unleashed Code Red on the Internet. 

Cat and Mouse in Cyberspace 

While the effects of Code Red have been generally contained, security
experts warn that the pair of worms are a harbinger of growing
sophistication among rogues in cyberspace. 

"Over past 10 years, we've seen intruder community continue to develop
their techniques," notes Carpenter. "They've increased their use of worm
behavior to propagate attack of machines at exponential rates."

However, considering all the different functions of the government, it's
also clear that some agencies, like those involving defense and national
security, are already using far more sophisticated security techniques
than others.

In those areas, notes Rasche, "there are classified networks that are
reasonably secure. They come from a culture where security is paramount.
But are they totally secure? No."

Still, Rasche adds, "One would hope that the computers carrying the
nuclear codes are more secure than those at the Bureau of Land

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.