[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] Thought for the day: Is the threat of cyberterror genuine?

To: "Infowar.de" <infowar - de -! - infopeace - de>
Subject: [infowar.de] Thought for the day: Is the threat of cyberterror genuine?
From: Ralf Bendrath <bendrath -! - zedat - fu-berlin - de>
Date: Thu, 13 Mar 2003 13:51:30 +0100
Organization: http://www.fogis.de
Reply-to: infowar - de -! - infopeace - de
Sender: bendrath -! - zedat - fu-berlin - de

Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------

<http://www.cw360.com/articles/article.asp?liArticleID=119998&liFlavourID=1&sp=1>

IT Management: Security 
by Pete Simpson 
Wednesday 12 March 2003 
 
Thought for the day:
Is the threat of cyberterror genuine?

Those in the know agree that the threats of cyberterrorism hyped in the
media are wildly unrealistic. The real disruption comes from small-time
hackers and worms, says Pete Simpson.

Roads gridlocked, trains colliding, power outages - these are the images
that spring to mind when one envisages the threat of cyberterrorism.

The prefix "cyber" generally refers to the internet and the web, while
"terrorism" can be defined succinctly as acts of violence, real or
threatened, designed to coerce government policy or serve ideological
ends.

In truth, we have witnessed neither any verified acts of cyberterrorism
nor any credible conspiracy to commit acts of real cyberterror. Is this
purely fortuitous, or is it the case that the cyberterror threat is
simply not a realistic one?

Although the network architectures, operating systems and technical
details behind gas pipelines, air traffic control systems and stock
exchanges may differ, all share common, sound security design elements:

No external network connectivity 
No TCP/IP stack 
Proprietary operating systems, but arcane applications 
They are subject to software and human monitoring/audit 
In utilities, they are subject to failsafe override by mechanical
governors and standby engineering response. 

Those technically in the know agree that threats of cyberterrorism, as
hyped in the popular media, are wildly unrealistic.

Despite the media frenzy following every major virus outbreak, a virus
or worm in the hands of a terrorist should have no impact on critical
infrastructure systems. Therefore, we should exclude from our
cyberterror list the indiscriminate release of viruses and worms on the
internet, website defacements and distributed denial of service attacks.

Website defacements are often referred to naively as cyberattacks,
particularly where the perpetrator has made some political gesture.
However, defacing a web page is the online equivalent of spraying
graffiti on the external wall of a building or a shop window. Such minor
acts of vandalism are the handiwork of adolescent crackers and by no
stretch of the imagination do they rank as acts of terrorism.

Distributed denial of service attacks against Yahoo!, Amazon and eBay in
early 2000 interrupted trading for several days. Similar attacks include
a low-tech denial of service attack that interrupted HSBC online banking
for about four hours during the May Day anti-globalisation
demonstrations of 2001. The affected systems were very much peripheral
to the core banking systems, and such nuisance would hardly qualify as
cyberterrorism.

Although cyberterrorist attacks on the UK's critical infrastructure
systems do not appear to be technically feasible, a low-cost
e-mail/network worm could be designed to mount an effective, broad,
low-level attack against a target nation. Non-critical systems could be
exposed to wholesale loss of documents, spreadsheets and databases: not
a mortal blow, but certainly a bloodied nose.

Such an attack could be carried out faster than anti-virus updates could
be deployed. For this reason, it is essential to apply the
security-in-depth principle. Anti-virus software should be augmented by
generic e-mail content filters to block the progress of an unknown worm
on the basis of its prima facie properties, ahead of any viral signature
update.

Cyberterror is an idea implanted in the popular imagination, to the
extent that anti-virus company Symantec reported that it "detected no
verifiable cases of cyberterrorism during the last six months [of 2002]"
and said, "Attacks from countries included in the Cyber Terrorist Watch
List accounted for less than 1% of all activity."

However, the prospect of war has increased the threat of cyberattacks by
extremist groups, and the UK's National Infrastructure Security
Co-ordination Centre has recommended that organisations review the
security of their systems.

Top priorities remain the prosaic hacker and the
mass-mailing/network-aware worm against which an organisation must
deploy multi-layered defences - firewalls and intrusion detection;
content filtering and anti-virus applications at mail gateways; and
diligent application of software patches, as new vulnerabilities come to
light.

What do you think?

Do you agree the concept of cyberterrorism is little more than media
hype? Tell us in an e-mail >> CW360.com reserves the right to edit and
publish answers on the Web site. Please state if your answer is not for
publication.

Pete Simpson is head of the Threatlab service at e-security specialist
Clearswift

---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.

Prev by Date: [infowar.de] PsyOps in Irak / iwar.org.uk relaunch
Next by Date: [infowar.de] Cyberwar, what is it good for? Virtually nothin'
Previous by thread: [infowar.de] PsyOps in Irak / iwar.org.uk relaunch
Next by thread: [infowar.de] Cyberwar, what is it good for? Virtually nothin'
Index(es):
- Date
- Thread