[infowar.de] mal wieder: "Al Qaeda kann evtl. Cyberterror ausüben"

[Ralf Bendrath <bendrath -! - zedat - fu-berlin - de>]

Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------

Diesmal ein "obskurer Bericht" (so der Reporter) aus dem kanadischen
Büro für den Schutz kritischer Infrastrukturen. Wie immer nur
Vermutungen, aber "es waren bisher noch keine konkreten Taten
festzustellen". 
Obscure, engl.: dunkel, düster, trübe, verschwommen, schwer
verständlich,... (mein Wörterbuch)
RB

http://www.computerworld.com/storyba/0,4125,NAV47_STO67092,00.html

By DAN VERTON 
January 04, 2002

An obscure report issued Dec. 21 by the Canadian Office of Critical
Infrastructure Protection and Emergency Services raises the specter of
a possible future cyberattack by agents or sympathizers of Osama bin
Laden's al-Qaeda terrorist organization.

The Canadian threat analysis of al-Qaeda's cybercapabilities concludes
that although there have been no examples to date of cyberterrorist
attacks conducted by al-Qaeda, "Bin Laden's vast financial resources,
however, would enable him or his organization to purchase the
equipment and expertise required for a cyberattack and mount such an
attack in very short order."

In the wake of the Sept. 11 attacks, bin Laden reportedly gave a
statement to an editor of an Arab newspaper indicating that "hundreds
of Muslim scientists were with him who would use their knowledge ...  
ranging from computers to electronics against the infidels," according
to the Canadian study. If true, the statement suggests that bin Laden
may have been planning to use cyberbased attacks against the West at
some point in the future, the Canadian study concludes.

Despite bin Laden's use of telecommunications-deprived Afghanistan as
his base of operations, the Canadian study doesn't rule out the
possibility of al-Qaeda agents or sympathizers in other countries
carrying out sophisticated and coordinated cyberattacks against
critical infrastructure facilities, such as the U.S.  
telecommunications grid, electric power facilities and oil and natural
gas pipelines.

According to the CIA World Fact Book, Afghanistan's capital of Kabul
had only 21,000 main phone lines in use in 1998. In addition, the CIA
estimates that there are telecommunication links between the cities of
Mazar-e Sharif, Herat, Kandahar, Jalalabad and Kabul through microwave
and satellite systems. There are reportedly very few links abroad,
however. Bin Laden's agents reportedly go to Peshawar, Pakistan, to
maintain phone, fax and modem communication with terrorist cells
outside of Afghanistan.

Bin Laden's foot soldiers, such as Ahmed Ressam, who was convicted of
attempting to place a bomb at Los Angeles International Airport on
Jan. 1, 2000, have stated that they were trained specifically to
attack critical infrastructures, including electric power plants,
natural gas plants, airports, railroads, large corporations and
military installations.

The Canadian assessment comes as government and private sector
officials in the U.S. scramble to better understand the
interdependencies between the various systems that control critical
services. There have been more than a half dozen exercises and
conferences held over the past few years focusing exclusively on how
physical and cyber attacks against one key infrastructure could have a
ripple effect throughout the economy. A cyberattack that cripples key
energy facilities, for example, could severely hamper the distribution
of natural gas throughout the U.S. and could even lead to cascading
failures of the electric power grid and telecommunications systems.

"This is the situation in which there may be a physical attack
impacting one or more infrastructures and a simultaneous or subsequent
cyberattack, or other type of disruption impacting a key
infrastructure," said Paula Scalingi, the former head of the
Department of Energy's Critical Infrastructure Protection Office and
now president of consulting firm The Scalingi Group in Reston, Va.  
"Such multiple contingency events could cause a domino effect
throughout an entire region, incapacitating interdependent
infrastructures and exacerbating attempts to rapidly respond and
reconstitute services."

Joe Weiss, technical manager of the Enterprise Infrastructure Security
Program at the Electric Power Research Institute, a nonprofit
organization in Palo Alto, Calif., said the IT security requirements
of the electric power industry have repeatedly fallen on deaf ears
throughout the security community.

"The Web sites will be safe but the lights will be out, and water and
oil won't flow," said Weiss. "There have been vulnerability
assessments done and these important control systems have been shown
to be vulnerable. This is not in any way, shape or form hypothetical."

Ron Ross, director of the National Information Assurance Partnership,
a Washington-based government-industry consortium led by the National
Institute of Standards and Technology and the National Security Agency
(NSA), said he agrees with Weiss that there is an education and
awareness gap with regard to computer and information security and the
potential vulnerabilities in some of the systems and networks that
comprise the critical infrastructure.

Although the Sept. 11 attack increased the focus on physical security,
"we now have to begin to delve into a variety of areas that need
significant attention with regard to computer security," said Ross.  
The real-time control systems that manage the electric power grid and
other energy facilities "are fertile areas for our attention," he
said. "In fact, operating system security, both general purpose and
real-time, should be a high priority."

---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.