[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] USA-Aktivitäten gegen "Cyberterrorismus" ( Überblick)
Ein recht nützlicher kurzer Überblick über das, was in den USA im
Bereich CIP läuft. Ich weiss nicht, ob es das auch online gibt, es kam
über die IWS-Mailingliste (http://www.iwar.org.uk).
PROTECTING AMERICA AGAINST CYBERTERRORISM
By Paul Rodgers
Assistant Unit Chief, Outreach and Field Support Unit
National Infrastructure Protection Center
Federal Bureau of Investigation
"Although the means and ends have evolved throughout history, the
elements of terrorism -- fear, panic, violence and disruption -- have
changed little," says Paul Rodgers of the National Infrastructure
Center at the Federal Bureau of Investigation. "Today, tremendous
destructive potential fits into easily transported packages (bombs,
gas and biological agents), and the computers that are connected to the
Internet can be attacked from any point on the globe. The need for the
heightened security of critical operations has grown markedly in recent
years as a result of the escalation in the use of information technology
improve performance, increased competitive pressures from deregulation
globalization, and the concentration of operations in a smaller number
facilities to decrease costs, with the resulting reduction in redundancy
THE WAR ON TERRORISM
With the destruction of the World Trade Center Towers and the attack on
Pentagon September 11th and the continuing anthrax attacks, the United
States has entered a new age of terrorism that targets both civilians
soldiers in a war with no rules and no clear ending. There has been a
progression toward this point by such events as the 1988 bombing of Pan
Flight 103 over Lockerbie, Scotland, the 1989 Hannover Hackers case, the
1994 Citibank fraud case, and the 1995 Oklahoma City bombing.
Although the means and ends have evolved throughout history, the central
elements of terrorism -- fear, panic, violence and disruption -- have
changed little. As the world enters the 21st Century, terrorism remains
vexing problem -- an anachronistic fixture of human relations as
paradoxically human and inhuman in the Third Millennium as it was before
dawn of recorded history. While terrorists once generally used acts of
terrorism as a means to publicize their causes, the operational
in the more recent attacks focused on producing the maximum destruction,
casualties and impact.
THE CYBER DIMENSION
Today, tremendous destructive potential fits into easily transported
packages (bombs, nerve gas and biological agents), and the computers
are connected to the Internet can be attacked from any point on the
The threat of retaliation, effective against nations, is less so against
small and elusive groups who strike anonymously and have no territory to
hold at risk.
The need for the heightened security of critical operations has grown
markedly in recent years as a result of the escalation in the use of
information technology to improve performance, increased competitive
pressures from deregulation and globalization, and the concentration of
operations in a smaller number of facilities to decrease costs, with the
resulting reduction in redundancy and reserve capacity.
The Computer Security Institute (CSI), which conducts an annual Computer
Crime and Security Survey with the participation of the Federal Bureau
Investigation's (FBI) Computer Intrusion Squad in San Francisco, has
reported in its 2001 survey that the losses of 186 respondents totaled
approximately $378 million. These losses are based on serious computer
security breaches detected primarily by large corporations, government
agencies, and universities. Security breaches detected by respondents
include a diverse array of attacks such as: unauthorized access by
denial of service attacks, system penetration by outsiders, theft of
proprietary information, financial fraud, and sabotage of data and
Supervisory Control And Data Acquisition (SCADA) systems are
vulnerable when they use the Internet to monitor and control processes
remote sites. Such a practice is employed in a wide variety of
including chemical, petrochemical, oil and gas, food processing, pulp
paper, pharmaceuticals, water and wastewater, transportation, energy
management, and other manufacturing applications.
Financial losses of course will not be restricted to the theft of
proprietary information, financial fraud and other criminal offenses. As
more commerce is conducted on-line, civil law suits will increase in
claimants seek downstream damages for network intrusions based on legal
theories such as a lack of the "due diligence" owed to stockholders,
customers, suppliers, and other innocent third party victims.
China and Russia have publicly acknowledged the role cyber attacks will
in the "next wave of military operations." Two Chinese military officers
have published a book that called for the use of unconventional
including the propagation of computer viruses, to counterbalance the
military power of the United States. Thus, information warfare has
as a new concept in military operations. The challenge now is to prevent
this weapon from being turned against the United States.
In response to these growing critical infrastructure vulnerabilities,
President Clinton in 1996 established the President's Commission on
Infrastructure Protection (PCCIP) to study the critical infrastructures
constitute the life support systems of the United States, determine
vulnerabilities and propose a strategy for protecting them. The
in its 1997 report, Critical Foundations: Protecting America's
Infrastructures, pointed out that critical infrastructure assurance is a
shared responsibility of the public and private sectors.
The report, implemented in 1998 by Presidential Decision Directive (PDD)
on Critical Infrastructure Protection, declares that federal facilities
should be among the first to adopt best practices, active risk
and improved security planning, thereby presenting a model for industry
follow voluntarily. The PDD calls for the creation of a strong
with the business community and state and local governments to maximize
alliance for national security.
The directive also provided for the establishment of the National
Infrastructure Protection Center (NIPC) in 1998 by the conversion of the
Computer Investigation and Infrastructure Threat Assessment Center into
nucleus of NIPC. NIPC (http://www.nipc.gov) fuses representatives from
FBI, the Departments of Commerce, Defense, Energy, Transportation, the
Intelligence Community, and other federal agencies, and the private
into an unprecedented information sharing effort.
NIPC's mission is to detect, warn of, respond to, and investigate
intrusions that threaten critical infrastructures. It not only provides
reactive response to an attack that has already occurred, but
seeks to discover planned attacks and issues warnings before they occur.
This task requires the collection and analysis of information gathered
all available sources (including law enforcement and intelligence
data voluntarily provided, and open sources) and dissemination of
and warnings of possible attacks to potential victims, whether in the
government or the private sector.
The National Infrastructure Protection and Computer Intrusion Program
(NIPCIP) consists of FBI agents who are responsible for investigating
computer intrusions, implementing the key asset initiative, and
liaison with the private sector. There are about 1,300 pending
investigations in the field, ranging from criminal activity to national
security intrusions. Many of these cases have a foreign component to
requiring close coordination with FBI legal attaches around the world.
PDD 63 also launched a major vehicle for information sharing by
the owners and operators of the critical infrastructures to establish
private sector Information Sharing and Analysis Centers (ISACs) to
analyze, sanitize and disseminate private sector information to both
industry and the NIPC. The decision to establish an information sharing
center is determined by the private sector participants.
ISACs have been established for the critical infrastructure sectors of
banking and finance, information and communications, energy, emergency
enforcement and fire services, railroads, and water supply. NIPC
the sharing of information with these ISACs and encourages the
of ISACs by the remaining sectors.
The InfraGard Program is a NIPC effort to build a community of
who have a strong interest in protecting their information systems.
have the opportunity to share information with other members, utilize
law enforcement expertise of the FBI and other law enforcement agencies
participate in the program, and draw on the analytical capabilities of
NIPC. The InfraGard includes representatives from private industry,
institutions, and other federal, state and local government agencies. It
the most extensive government-private sector partnership for
protection in the world. A key element of the InfraGard initiative is
confidentiality of reporting by members. Much of the information
the private sector is proprietary and is treated as such.
The NIPC plans to promote the expansion of the InfraGard program to
countries, such as Australia, Canada, New Zealand and the United
The NIPC sends out advisories on an ad hoc basis, which are
warnings to address cyber or infrastructure events with possible
impact. These are distributed to partners in private and public sectors.
NIPC works in close cooperation with the Federal Computer Incident
Capability (FedCIRC) to assist federal civil agencies with handling of
computer incident responses, and to provide both proactive and reactive
KEY ASSET INITIATIVE
The NIPC role is further strengthened by its Key Asset Initiative (KAI),
which maintains a database of information concerning key assets within
FBI field office's jurisdiction, establish lines of communication with
asset owners and operators to share information and work with them to
improve their cyber and physical security, and enhance ongoing
in the protection of critical infrastructure with other federal, state
local government entities. Listing key assets in the database
increases, and as of November 1, 8,806 key assets were identified.
Over the past three years, NIPC has provided training for over 4,000
federal, state, local and foreign government investigators through nine
training courses that deal with basic cyber investigations,
operating systems, aspects of UNIX, and Cisco Routers. These courses are
conducted both at the FBI Academy at Quantico, Virginia and around the
United States. The NIPC's training program complements training offered
the FBI's Training Division as well as training offered by the
Defense and the National Cybercrime Training Partnership.
The FBI has established a growing international presence in order to
capabilities to counter a broad range of threats, including
terrorism. The FBI currently maintains Legal Attaché (LEGAT) offices in
40 countries. Forward deployment of FBI personnel has proven a very
effective means to establish liaison with counterpart security and
intelligence services and to coordinate FBI investigative resources when
U.S. interests are attacked or threatened.
The NIPC also maintains an active dialogue with the international
to include its participation in the Trilateral Seminar of the
Cooperation for Information Assurance in Sweden and the Group of Eight
Lyon Group (High Tech Crime Subgroup). NIPC personnel have met with
government authorities, both in the US and abroad, from Australia,
Denmark, France, Germany, Israel, Japan, Norway, Singapore, Sweden, the
United Kingdom, and other nations over the past year, to discuss
infrastructure protection issues with their counterparts. Finally, the
Watch Center is connected to the watch centers of several allies.
The NIPC staff includes government officials on detail from Australia,
Canada and the United Kingdom, and it welcomes requests from other U.S.
allies for representation on its staff for broadening international
cooperation. The NIPC role was further enhanced by the issuance of
executive orders on cyber protection and homeland security.
CIP INFORMATION AGE EXECUTIVE ORDER
Following the September 11th attacks, President Bush on October 16
Executive Order 13231 on Critical Infrastructure Protection in the
Information Age, which established the President's Critical
Protection Board to coordinate the protection of information systems
involve federal critical infrastructures, and to cooperate with the
sector and state and local governments in the protection information
that involve their critical infrastructures.
The order also established a panel of approximately 30 corporate chief
executive officers to advise the president on the security of
systems supporting the private sector and state and local governments.
The threat of cyberterrorism will grow in the New Millennium, as the
leadership positions in extremist organizations are increasingly filled
younger, "Internet-savvy" individuals. Most worrisome is a potential
coordinated attack on national critical infrastructures. While the
States has not yet experienced this sort of attack, it is not hard to
anticipate such a threat from the intrusions we have seen. Cyber attacks
know no national boundaries and are truly international in scope and
International cooperation and information sharing is critical in order
more effectively respond to this growing threat.
Paul Rodgers is the assistant unit chief, Outreach and Field Support
National Infrastructure Protection Center (NIPC) at the Federal Bureau
Investigation. He joined NIPC in 2000, after working as a senior
with the Critical Infrastructure Assurance Office (CIAO) from 1998-99.
was named commissioner to the President's Commission on Critical
Infrastructure Protection (PCCIP) in 1997.
>From 1965 to 1996, Rodgers had worked as executive director and general
counsel to the National Association of Regulatory Utility Commissioners
(NARUC), an organization of state and federal agencies engaged in the
regulation of public utilities and carriers. And, from 1960-65, he was
assistant attorney general of the State of Georgia. He holds bachelors
law degrees from Mercer University.
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.