[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] USA-Aktivitäten gegen "Cyberterrorismus" ( Überblick)
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Ein recht nützlicher kurzer Überblick über das, was in den USA im
Bereich CIP läuft. Ich weiss nicht, ob es das auch online gibt, es kam
über die IWS-Mailingliste (http://www.iwar.org.uk).
RB
PROTECTING AMERICA AGAINST CYBERTERRORISM
By Paul Rodgers
Assistant Unit Chief, Outreach and Field Support Unit
National Infrastructure Protection Center
Federal Bureau of Investigation
"Although the means and ends have evolved throughout history, the
central
elements of terrorism -- fear, panic, violence and disruption -- have
changed little," says Paul Rodgers of the National Infrastructure
Protection
Center at the Federal Bureau of Investigation. "Today, tremendous
destructive potential fits into easily transported packages (bombs,
nerve
gas and biological agents), and the computers that are connected to the
Internet can be attacked from any point on the globe. The need for the
heightened security of critical operations has grown markedly in recent
years as a result of the escalation in the use of information technology
to
improve performance, increased competitive pressures from deregulation
and
globalization, and the concentration of operations in a smaller number
of
facilities to decrease costs, with the resulting reduction in redundancy
and
reserve capacity."
THE WAR ON TERRORISM
With the destruction of the World Trade Center Towers and the attack on
the
Pentagon September 11th and the continuing anthrax attacks, the United
States has entered a new age of terrorism that targets both civilians
and
soldiers in a war with no rules and no clear ending. There has been a
steady
progression toward this point by such events as the 1988 bombing of Pan
Am
Flight 103 over Lockerbie, Scotland, the 1989 Hannover Hackers case, the
1994 Citibank fraud case, and the 1995 Oklahoma City bombing.
Although the means and ends have evolved throughout history, the central
elements of terrorism -- fear, panic, violence and disruption -- have
changed little. As the world enters the 21st Century, terrorism remains
a
vexing problem -- an anachronistic fixture of human relations as
paradoxically human and inhuman in the Third Millennium as it was before
the
dawn of recorded history. While terrorists once generally used acts of
terrorism as a means to publicize their causes, the operational
objectives
in the more recent attacks focused on producing the maximum destruction,
casualties and impact.
THE CYBER DIMENSION
Today, tremendous destructive potential fits into easily transported
packages (bombs, nerve gas and biological agents), and the computers
that
are connected to the Internet can be attacked from any point on the
globe.
The threat of retaliation, effective against nations, is less so against
small and elusive groups who strike anonymously and have no territory to
hold at risk.
The need for the heightened security of critical operations has grown
markedly in recent years as a result of the escalation in the use of
information technology to improve performance, increased competitive
pressures from deregulation and globalization, and the concentration of
operations in a smaller number of facilities to decrease costs, with the
resulting reduction in redundancy and reserve capacity.
The Computer Security Institute (CSI), which conducts an annual Computer
Crime and Security Survey with the participation of the Federal Bureau
of
Investigation's (FBI) Computer Intrusion Squad in San Francisco, has
reported in its 2001 survey that the losses of 186 respondents totaled
approximately $378 million. These losses are based on serious computer
security breaches detected primarily by large corporations, government
agencies, and universities. Security breaches detected by respondents
include a diverse array of attacks such as: unauthorized access by
insiders,
denial of service attacks, system penetration by outsiders, theft of
proprietary information, financial fraud, and sabotage of data and
networks.
Supervisory Control And Data Acquisition (SCADA) systems are
particularly
vulnerable when they use the Internet to monitor and control processes
at
remote sites. Such a practice is employed in a wide variety of
industries
including chemical, petrochemical, oil and gas, food processing, pulp
and
paper, pharmaceuticals, water and wastewater, transportation, energy
management, and other manufacturing applications.
Financial losses of course will not be restricted to the theft of
proprietary information, financial fraud and other criminal offenses. As
more commerce is conducted on-line, civil law suits will increase in
which
claimants seek downstream damages for network intrusions based on legal
theories such as a lack of the "due diligence" owed to stockholders,
customers, suppliers, and other innocent third party victims.
China and Russia have publicly acknowledged the role cyber attacks will
play
in the "next wave of military operations." Two Chinese military officers
have published a book that called for the use of unconventional
measures,
including the propagation of computer viruses, to counterbalance the
military power of the United States. Thus, information warfare has
arrived
as a new concept in military operations. The challenge now is to prevent
this weapon from being turned against the United States.
PCCIP
In response to these growing critical infrastructure vulnerabilities,
President Clinton in 1996 established the President's Commission on
Critical
Infrastructure Protection (PCCIP) to study the critical infrastructures
that
constitute the life support systems of the United States, determine
vulnerabilities and propose a strategy for protecting them. The
commission
in its 1997 report, Critical Foundations: Protecting America's
Infrastructures, pointed out that critical infrastructure assurance is a
shared responsibility of the public and private sectors.
PDD 63
The report, implemented in 1998 by Presidential Decision Directive (PDD)
63
on Critical Infrastructure Protection, declares that federal facilities
should be among the first to adopt best practices, active risk
management,
and improved security planning, thereby presenting a model for industry
to
follow voluntarily. The PDD calls for the creation of a strong
partnership
with the business community and state and local governments to maximize
the
alliance for national security.
The directive also provided for the establishment of the National
Infrastructure Protection Center (NIPC) in 1998 by the conversion of the
Computer Investigation and Infrastructure Threat Assessment Center into
the
nucleus of NIPC. NIPC (http://www.nipc.gov) fuses representatives from
the
FBI, the Departments of Commerce, Defense, Energy, Transportation, the
Intelligence Community, and other federal agencies, and the private
sector
into an unprecedented information sharing effort.
NIPC's mission is to detect, warn of, respond to, and investigate
computer
intrusions that threaten critical infrastructures. It not only provides
a
reactive response to an attack that has already occurred, but
proactively
seeks to discover planned attacks and issues warnings before they occur.
This task requires the collection and analysis of information gathered
from
all available sources (including law enforcement and intelligence
sources,
data voluntarily provided, and open sources) and dissemination of
analysis
and warnings of possible attacks to potential victims, whether in the
government or the private sector.
The National Infrastructure Protection and Computer Intrusion Program
(NIPCIP) consists of FBI agents who are responsible for investigating
computer intrusions, implementing the key asset initiative, and
maintaining
liaison with the private sector. There are about 1,300 pending
investigations in the field, ranging from criminal activity to national
security intrusions. Many of these cases have a foreign component to
them
requiring close coordination with FBI legal attaches around the world.
ISACs
PDD 63 also launched a major vehicle for information sharing by
encouraging
the owners and operators of the critical infrastructures to establish
private sector Information Sharing and Analysis Centers (ISACs) to
gather,
analyze, sanitize and disseminate private sector information to both
industry and the NIPC. The decision to establish an information sharing
center is determined by the private sector participants.
ISACs have been established for the critical infrastructure sectors of
banking and finance, information and communications, energy, emergency
law
enforcement and fire services, railroads, and water supply. NIPC
promotes
the sharing of information with these ISACs and encourages the
establishment
of ISACs by the remaining sectors.
INFRAGARD
The InfraGard Program is a NIPC effort to build a community of
professionals
who have a strong interest in protecting their information systems.
Members
have the opportunity to share information with other members, utilize
the
law enforcement expertise of the FBI and other law enforcement agencies
that
participate in the program, and draw on the analytical capabilities of
the
NIPC. The InfraGard includes representatives from private industry,
academic
institutions, and other federal, state and local government agencies. It
is
the most extensive government-private sector partnership for
infrastructure
protection in the world. A key element of the InfraGard initiative is
the
confidentiality of reporting by members. Much of the information
provided by
the private sector is proprietary and is treated as such.
The NIPC plans to promote the expansion of the InfraGard program to
other
countries, such as Australia, Canada, New Zealand and the United
Kingdom.
WARNING PRODUCTS
The NIPC sends out advisories on an ad hoc basis, which are
infrastructure
warnings to address cyber or infrastructure events with possible
significant
impact. These are distributed to partners in private and public sectors.
The
NIPC works in close cooperation with the Federal Computer Incident
Response
Capability (FedCIRC) to assist federal civil agencies with handling of
computer incident responses, and to provide both proactive and reactive
security services.
KEY ASSET INITIATIVE
The NIPC role is further strengthened by its Key Asset Initiative (KAI),
which maintains a database of information concerning key assets within
each
FBI field office's jurisdiction, establish lines of communication with
key
asset owners and operators to share information and work with them to
improve their cyber and physical security, and enhance ongoing
coordination
in the protection of critical infrastructure with other federal, state
and
local government entities. Listing key assets in the database
continually
increases, and as of November 1, 8,806 key assets were identified.
TRAINING
Over the past three years, NIPC has provided training for over 4,000
federal, state, local and foreign government investigators through nine
core
training courses that deal with basic cyber investigations,
understanding
operating systems, aspects of UNIX, and Cisco Routers. These courses are
conducted both at the FBI Academy at Quantico, Virginia and around the
United States. The NIPC's training program complements training offered
by
the FBI's Training Division as well as training offered by the
Department of
Defense and the National Cybercrime Training Partnership.
INTERNATIONAL OUTREACH
The FBI has established a growing international presence in order to
enhance
capabilities to counter a broad range of threats, including
international
terrorism. The FBI currently maintains Legal Attaché (LEGAT) offices in
over
40 countries. Forward deployment of FBI personnel has proven a very
effective means to establish liaison with counterpart security and
intelligence services and to coordinate FBI investigative resources when
U.S. interests are attacked or threatened.
The NIPC also maintains an active dialogue with the international
community,
to include its participation in the Trilateral Seminar of the
International
Cooperation for Information Assurance in Sweden and the Group of Eight
(G-8)
Lyon Group (High Tech Crime Subgroup). NIPC personnel have met with
government authorities, both in the US and abroad, from Australia,
Canada,
Denmark, France, Germany, Israel, Japan, Norway, Singapore, Sweden, the
United Kingdom, and other nations over the past year, to discuss
infrastructure protection issues with their counterparts. Finally, the
NIPC
Watch Center is connected to the watch centers of several allies.
The NIPC staff includes government officials on detail from Australia,
Canada and the United Kingdom, and it welcomes requests from other U.S.
allies for representation on its staff for broadening international
cooperation. The NIPC role was further enhanced by the issuance of
recent
executive orders on cyber protection and homeland security.
CIP INFORMATION AGE EXECUTIVE ORDER
Following the September 11th attacks, President Bush on October 16
issued
Executive Order 13231 on Critical Infrastructure Protection in the
Information Age, which established the President's Critical
Infrastructure
Protection Board to coordinate the protection of information systems
that
involve federal critical infrastructures, and to cooperate with the
private
sector and state and local governments in the protection information
systems
that involve their critical infrastructures.
The order also established a panel of approximately 30 corporate chief
executive officers to advise the president on the security of
information
systems supporting the private sector and state and local governments.
CONCLUSION
The threat of cyberterrorism will grow in the New Millennium, as the
leadership positions in extremist organizations are increasingly filled
with
younger, "Internet-savvy" individuals. Most worrisome is a potential
coordinated attack on national critical infrastructures. While the
United
States has not yet experienced this sort of attack, it is not hard to
anticipate such a threat from the intrusions we have seen. Cyber attacks
know no national boundaries and are truly international in scope and
effect.
International cooperation and information sharing is critical in order
to
more effectively respond to this growing threat.
**************************************
PAUL RODGERS
Paul Rodgers is the assistant unit chief, Outreach and Field Support
Unit,
National Infrastructure Protection Center (NIPC) at the Federal Bureau
of
Investigation. He joined NIPC in 2000, after working as a senior
executive
with the Critical Infrastructure Assurance Office (CIAO) from 1998-99.
He
was named commissioner to the President's Commission on Critical
Infrastructure Protection (PCCIP) in 1997.
>From 1965 to 1996, Rodgers had worked as executive director and general
counsel to the National Association of Regulatory Utility Commissioners
(NARUC), an organization of state and federal agencies engaged in the
regulation of public utilities and carriers. And, from 1960-65, he was
assistant attorney general of the State of Georgia. He holds bachelors
and
law degrees from Mercer University.
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.