Computer Crime Research Center


Be Prepared for Cyberterrorism

Date: April 06, 2005
By: Douglas Schweitzer

During a recent Gartner conference, Robert Gates, formerly a director of the CIA and currently the president of Texas A&M University, warned attendees that companies must prepare for terrorism in all aspects of business. He also asserted that the three big threats to business today are terrorism, global organized crime and economic espionage. According to the U.S. Department of Homeland Security's definition, acts of terrorism range from threats of terrorism, assassinations, kidnappings, hijackings, bomb scares and bombings, and cyberattacks to the use of chemical, biological and nuclear weapons. While any one of the aforementioned events could have a dramatic effect on the integrity and availability of your valuable information assets, the threat of cyberterrorism should be taken particularly seriously.

"Within the past several years, the U.S. has been the target of increasingly lethal terrorist attacks, which highlight the potential vulnerability of our networked systems," Keith Lourdeau, deputy assistant director of the FBI's Cyber Division, said in testimony before the Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security in February 2004. "These attacks were carried out by terrorists wanting to harm U.S. interests in order to forward their individual cause. Our networked systems make inviting targets for terrorists due to the potential for large-scale impact to the nation."

Lourdeau further pointed out that vulnerabilities to our networked systems can be attributed to a number of factors and that threats originate from a number of sources. These include easy accessibility to those systems via the Internet; the wide availability of tools that can be used maliciously by anyone with a point-and-click ability; the globalization of our nation's infrastructures, which increases their exposure to potential harm; and the interdependencies of networked systems, which make attack consequences harder to predict and perhaps more severe.

This is where incident management and business continuity come into play. A computer security incident is considered to be any event wherein some aspect of a computer system is threatened. Such incidents include the loss of data confidentiality, disruption of data or system integrity, or disruption or denial of availability.

Planning for business continuity includes being prepared for a variety of threats: viruses, hack attacks (originating both internally and externally), industrial espionage, denial-of-service attacks, unauthorized access to systems, hoaxes and fraud. Advance planning for such threats has, for many organizations, required the investment of massive numbers of man-hours and enormous financial infusions.

Nevertheless, many businesses remain insufficiently equipped to deal with cyberterrorism because they have failed to understand the nature of threats, or they simply don't have the employees with the appropriate skills or technical expertise to combat those threats.

While some incidents are easy to plan for ahead of time, others present more of a challenge. For example, the loss of a building is something that the organization can't easily prepare for. The primary requirement at a business level is to continue working, making the loss of a building the ultimate business-continuity issue.

"The only difference between a hurricane and a terrorist attack is intent; the results are the same," says Interpact Inc. President Winn Schwartau. And he's right, it doesn't matter if the building is destroyed by a bomb or a natural disaster. Companies need to deal with the consequences of any incident before they can think about causes and motives.

When preparing for cyber or terrorist attacks, keep the following tips from the DHS in mind:

? Be prepared to do without services and equipment that you normally depend upon and that could be disrupted -- electricity, telephone service, Internet connections, natural gas, gasoline pumps, cash registers and automated teller machines.

? Be prepared to respond to official instructions if a cyberattack triggers other hazards. For example, you may have to evacuate if hazardous materials are released, there's an incident at a nuclear power plant, or dams or flood-control systems fail.

Organizations must prepare for cyberthreats with a systemwide approach that unites the physical, operational and human aspects of the enterprise. From obvious tasks like adopting effective password policies and installing firewalls to more involved jobs like protecting open entry points and reducing unnecessary and unprotected server areas, the entire organization must ultimately remain vigilant to thwart cyberattacks.

Douglas Schweitzer is an Internet security specialist. Contact him at

Douglas Schweitzer is an Internet security specialist with a focus on malicious code. He is the author of several books, including Internet Security Made Easy, Securing the Network from Malicious Code and Incident Response: Computer Forensics Toolkit.

Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo