Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] Former CIA chief sees need for greater network resilience, market incentives



Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------

http://www.computerworld.com/securitytopics/security/story/0,10801,86638,00.html

Former CIA chief sees need for greater network resilience, market
incentives

By DAN VERTON 
OCTOBER 29, 2003
Computerworld

NEW YORK -- The war on terrorism will be a "war to the death"  likely
last several decades, requiring the government and the private sector
to focus immediately on making critical infrastructures and systems
more resilient rather than immune to deliberate attacks, a former CIA
director said today.

Speaking here to several hundred government and private-sector
security experts at the Maritime Security Expo, James Woolsey said
Americans should be prepared for the war on terrorism to last at least
as long as the Cold War and for continued terrorist attacks on the
soft spots in the nation's critical physical and cybernetworks.  
Woolsey, now a vice president of the Global Strategic Security
practice at Booz-Allen & Hamilton Inc. in McLean, Va., served as
director of the CIA from 1991 to 1993.

"You shouldn't rely too much on intelligence to solve this problem,"  
said Woolsey. "We're not going to get real-time intelligence on
specific attacks in most cases. That's why it's so important to build
resilient protections into the infrastructure so that when an attack
comes, we can abort it part of the way through, or if it succeeds, it
doesn't have cascading effects on other infrastructures."

Some of the most important work to prevent cascading failures involves
enhancing the security of supervisory control and data acquisition
systems, the real-time control computers that are used to manage the
electric power grid, Woolsey said.

The former CIA chief also wants to see the government more
aggressively push the development of cybersecurity technologies "that
work," as opposed to firewalls, which, he said, do not work. "Internet
protocol address hopping, for example, which is the IT equivalent of
radio frequency hopping that is used in military radios, is an example
of what I find very exciting."

Industry must also do its part by devising "incentives" to get the
companies that own and operate more than 85% of the nation's critical
infrastructure to make the necessary investments in new and innovative
security tools, he said.

"There are a number of things that can be done," he said in an
interview with Computerworld. "One way to work is through the
insurance industry, giving the insurance industry incentives to write
coverage plans that offer companies lower premiums if they make
certain investments in security. It's sort of like seat belts for
automobiles."

He cautioned that such changes will take a long time.

During the World War II era, the government was able to federalize
portions of the economy and shift private-sector production to war
production. But that level of government intervention is
"unimaginable" in the current economy, Woolsey said, although the
government will have a hand in setting the standards by which
companies are measured.

In the area of port and container security, the main focus of this
two-day conference, the U.S. government has been pushing a
"smart-container" initiative. Even so, it's unlikely to set specific
mandates or timelines to force the shipping industry to adopt any
particular technology to meet the requirements of the initiative, said
Richard Biter, deputy director of the office that sets policy for the
integration of all air, land and sea transportation networks at the
Department of Transportation (DOT).

The smart-container initiative involves retrofitting all of the 6
million shipping containers that enter the country every year with
state-of-the-art IT sensors and tracking systems.

"We don't have an answer yet," said Biter, referring to the time it
will take to update the containers. Whatever the timeline, Biter said
the industrywide retrofit will likely be "incremental"?and not be
dictated by the government.

Although the DOT is working with the Department of Homeland Security
to test new technologies such as radio frequency ID (RFID) tags and
ultra-wideband communications systems for container tracking, Biter
acknowledged that more than two years after the Sept. 11, 2001,
terrorist attacks "we have not come up with the requirements for the
capabilities that a smart container should have."

In fact, officials are still debating whether a smart container should
provide a complete electronic manifest on the container or whether
that data should be maintained in back-end systems operated by the
shipping companies, said Biter.

"The smart container has yet to be defined," he said.

He did note that the government is studying the decision by Wal-Mart
Stores Inc. to require RFID tags down to the package level in its
supply chain, a process Biter called "nesting." In this way, "the
package talks to the pallet, the pallet talks to the container and the
container talks to the truck or the ship."

According to Woolsey, such a process is critical, given that harmless
nuclear material has already been successfully shipped into the U.S.  
on at least two occasions during security tests.

---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.