[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] SFC 30.06.02 der mythos des durch einen emailanhang geöffneten Staudamms
gute antwort auf den washington post artikel.....
Bill Wallace, Chronicle Staff Writer
Sunday, June 30, 2002
Despite growing government concern that al Qaeda and its allies may
try to use computers to disrupt electrical power grids, transportation
systems and emergency communication networks, many experts on
terrorism and computer security are skeptical about the overall menace
"The notion that somebody armed with a laptop in Peshawar, Pakistan,
could bring down California's power grid is pretty far-fetched," said
Kevin Terpstra, communications director for the California Department
of Information Technology, an agency responsible for assessing the
security of the state's computer systems.
"There is reason to be concerned about computer security and critical
infrastructure vulnerabilities . . . but the likelihood of this type
of an attack is very small."
Cyber-terrorism has become one of the hottest buzzwords among national
security officials, especially since the Sept. 11 attacks. The subject
has been the topic of numerous legislative hearings in Washington,
D.C., and more than 560 newspaper and magazine articles using the term
have been published in the past year alone.
In January, the FBI's National Infrastructure Protection Center warned
that information on the Internet about power plants, toxic waste dumps
and other sensitive sites could be used by foreign extremists to
launch attacks on the United States.
And last week, the Business Software Alliance, a trade association,
released an industry survey in which 59 percent of the information
technology specialists polled said they considered a major terrorist
computer attack likely in the next 12 months.
Underscoring the possible danger, several newspapers reported that
computer operators in the Middle East and South Asia had attempted to
penetrate computer systems in Northern California last fall.
However, experts interviewed by The Chronicle said the vast majority
of these computer intruders are trying to steal information -- not
shut down electrical utilities, release water from dams or engage in
other dangerous acts of sabotage.
It is difficult, the experts say, for a hacker to launch an attack on
an infrastructure control system because very few of these systems are
accessible through the Internet.
In March, CIO magazine, a journal for computer system professionals,
published a detailed article on information security that debunked the
cyber- terrorist threat.
The magazine quoted Marcus Kempe, the director of operations for the
Massachusetts Water Resource Authority, as saying a cyber-terrorist
intent on tampering with his utility would have to make three
complicated intrusions to gain access to the necessary control
And he would have to break into a highly secure building in
Massachusetts in order to make them because the system is not
connected to the Internet. This would present a problem for the
terrorist who thinks he can sabotage the utility by using his laptop
"Could a computer attack get us to a high-consequence event? Probably
not," Kempe told the magazine.
David Wagner, a computer science professor at UC Berkeley who
specializes in information security, said some utilities do have
operations that are controlled by means of the Internet, "but not all
of them and maybe not the most critical ones."
"There are some crucial vulnerabilities," Wagner said, "but if you
want to rank how serious those vulnerabilities are, they are less
serious than what you can do with explosives and much less serious
than what you could do with chemical or biological agents.
"I used to be concerned about cyber-terrorism, but I think in the past
year I have come to realize that it is not the most serious thing we
have to worry about."
Dorothy Denning, the director of the Georgetown University Institute
for Information Assurance, testified before the House Judicial
Committee two years ago that cyber-terrorism, while worthy of concern,
was overrated as a threat to the American public. Denning told The
Chronicle that her opinion has changed little since the Sept. 11
"To get noticed, they would have to do something very dramatic, like
flood a dam or something," she told The Chronicle. "Those kinds of
actions are a lot more difficult to engineer with a computer than they
would be with a bomb -- and whether they would work or not would be a
lot less certain."
John Pike, a weapons systems analyst and director of
Globalsecurity.org, a defense policy organization in Washington, D.C.,
stressed that terrorists use simple, direct methods for operations
because they are less likely to fail.
He said the Sept. 11 attacks were a perfect example. "You had 20
people get on four planes to attack two targets," he said. "Only 19
made the flights, and only three of the planes reached their targets.
But the plan succeeded anyway because it was simple."
He said cyber-attack scenarios are too complex to have much appeal for
terrorist groups. Furthermore, they are likely to fail.
"If you pitch a bad script in Hollywood, the worst that can happen is
you get thrown out of the office," he said with a chuckle. "If I were
some guy from al Qaeda pitching a (complicated and risky)
cyber-terrorism plot to Osama bin Laden, I would be a little nervous
about making it out of his office alive. "
E-mail Bill Wallace at bwallace -!
- sfchronicle -
HSFK Hessische Stiftung für Friedens- und Konfliktforschung
PRIF Peace Research Institute Frankfurt
Leimenrode 29 60322 Frankfurt a/M Germany
Tel +49 (0)69 9591 0422 Fax +49 (0)69 5584 81
Mobil 0172 3196 006
- hsfk -
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.