[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] WP, 15.8.03: Targeting Our Computers
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Nichts neues, aber interesant im Kontext der gerade auch
herumgeschickten Meldung:
"Congress lowers funding for intelligence, cybersecurity". Klassische
Lobbyarbeit sozusagen...
RB
Washington Post, Friday, August 15, 2003; Page A27
Targeting Our Computers
By Rick White and Stratton Sclavos
Why is cyber security important? It's a question the high-technology
industry has asked itself again and again over the past few years. To
some, the very phrase has a sci-fi unreality to it. But an event such as
the massive power failure that struck much of the northeastern United
States yesterday shows just how very real the issue is. For whether or
not terrorism was involved (at this writing there is no indication it
was) and whatever problems with computers may have been involved, this
incident shows clearly how vulnerable our highly technical society is to
disruption of such complex systems as the power grid. Cyber security is
a problem that if not handled properly can dramatically affect millions
of our citizens and undermine core institutions of our society just as
effectively as a weapon of mass destruction.
To the surprise of no one who has watched how adversaries continue to
probe our vulnerabilities, U.S. intelligence officials last year
discovered an al Qaeda safe house in Pakistan devoted solely to training
people for computer hacking and cyber warfare. Calling it a "cyber
academy," intelligence officials said al Qaeda operatives gathered
information and expertise on the automated systems that control U.S.
infrastructure, such as dams and power grids.
Fortunately, the terrorists have not yet demonstrated the capacity to
carry out large-scale terror, but that doesn't mean they haven't
achieved the necessary level of expertise to do it. And beyond
state-sponsored terrorism and organized terror groups, there are
countless small-scale cyber attackers and hackers lurking about --
mostly here in America -- trying to manufacture similar chaos, as we are
currently being reminded by the latest "worm" attack.
This situation is alarming when one considers that America has many
thousands of dams, airports, chemical plants, federal reservoirs and of
course power plants (of which 104 are nuclear), most of whose integral
systems are operated and controlled by sophisticated computer systems or
other automated controllers. These systems are now experiencing cyber
attacks. In the second half of 2002 alone, 60 percent of power and
energy companies experienced at least one severe cyber attack.
Fortunately, none incurred catastrophic loss.
Without a doubt, fortifying our information systems against would-be
attackers can no longer be viewed as optional. Cyber attacks are real,
and they pose a threat to our physical and economic security. For
decades America's businesses assessed the value of their companies on
physical assets. No longer.
Today, information has become the key asset for a vast multitude of
American businesses. If critical information is lost, entire companies
or business sectors could cease to function for months or even longer.
While we will never stop cyber attacks from happening altogether, our
government, the private sector and even consumers should be better
educated and prepared to recognize and minimize the impact of these
assaults.
Cyber security is a critical homeland security function, and our
government -- particularly the new Department of Homeland Security --
must maintain its focus in this area. It is not, however, a
responsibility for the government alone. As the Bush administration's
National Strategy to Secure Cyberspace asserts, businesses have to do
more.
Among large corporations and other major institutions, it has become
fashionable to delegate responsibility for securing information systems
to a staff-level employee. A recent survey shows that only 17 percent of
CEOs from small to mid-sized companies claimed to provide security
measures of any kind to their information systems. In company after
company, the practice has been to make the minimum investments necessary
to clear the conscience of top management without distracting it from
other matters. All of this is a prescription for disaster.
Today most of us understand not only our dependence but also the
efficiency brought by information technology to our lives. Technological
innovation is continuing to improve education, health care,
entertainment, communication and much more.
Maintaining these benefits will require a considerable investment in
cyber security -- a responsibility not only for high-tech companies but
also for all firms throughout our vast economy. The notion of our
vulnerability being defined by the weakest link in the chain should be
unacceptable. Without a doubt, we all benefit from shared improvements
when users across the economy take steps to upgrade their cyber security
posture.
Curiously, some of the practices necessary to get from "zero" to
"acceptable" system security are low-cost and simple: Use passwords, and
change them frequently. If you have anti-virus software, use it and keep
it updated. If you don't have it, get it. Use firewalls to isolate your
systems from hackers. If you have an always-on system -- cable or DSL --
that does not need to be always on, turn it off when it's not in use.
Such simple -- often cost-free measures -- can thwart thousands of cyber
terrorists from burglarizing our computer infrastructure.
We have learned as a country the importance of vigilance and preparation
in the war against terrorism. Now it's time for corporate America and
government to do the same when it comes to protection against cyber
attacks.
Rick White, a former Republican representative from Washington, is
president of TechNet, an association of company CEOs and senior partners
concerned with information security. Stratton Sclavos, chairman and CEO
of VeriSign, is a member of the White House National Security
Telecommunications Advisory Committee.
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.