Report: IP networks easy prey for cyberattackers
By Andrew Donoghue
Date: January 16, 2004
The increasing use of Internet Protocol technology in power stations, railroads, banks and other critical infrastructure could spell big trouble, and soon, according to analysts.
Although an actual act of cyberterrorism or cyberwarfare has never been recorded, the potential exists and is being facilitated by an increasingly connected world, according to a report released on Wednesday by market-research firm Gartner.
Cyberwarfare could be a reality by 2005, the company said.
Technologies such as VoIP and the trend towards voice and data convergence give benefits cost and flexibility to businesses, but they also expose vital telecommunications networks to traditional forms of Internet attack, such as worms and viruses, according to the report, "Cyberwarfare: VoIP and convergence increases vulnerability."
"An increasingly connected world increases the possibility that cyberwarfare will be waged," the report says. "The increasing use of VoIP and convergence networks for critical-infrastructure control and maintenance makes the attacks increasingly viable."
Gartner claims that, unlike traditional circuit-switched networks, VoIP networks have an inherent weakness when it comes to latency--any delay to the packets carrying the voice traffic disrupts communication.
A massive denial-of-service attack could "degrade call performance by slowing voice packet arrival at a given destination" and effectively cut off voice communication, the report says.
Other weaknesses flagged in the Gartner report include the Supervisory Control and Data Acquisition (SCADA) interfaces used to connect a significant portion of global critical-infrastructure elements such as dams, railroads, electrical grids and power stations. These are now more vulnerable due to the rise of IP technology.
Historically, SCADA interfaces have been connected by circuit-switched networks and were really open to attack only from hackers manipulating the phone system--so-called phreaking, or war-dialing. Increasingly, these devices are being converted from dial-up to persistent IP network connections, increasing the likelihood of attacks utilizing techniques such as port scanning, Gartner claims.
To combat the inherent risks associated with widespread use of IP networks, Gartner advises companies to develop voice and data networks "under the assumption of prolonged sporadic outages," explore alternative ways of communicating, and monitor government alerts regarding the risk of cyberwarfare.
The Gartner report follows a warning earlier this week from the United Kingdom's national infrastructure watchdog, the National Infrastructure Security Coordination Centre, regarding several security flaws found in products that use VoIP and text messaging, including those from Microsoft and Cisco Systems.
The flaws affect software and hardware that support the real-time multimedia communications and processing standard, known as the International Telecommunication Union (ITU) H.323 standard
^macro[showdigestcomments;^uri;Report: IP networks easy prey for cyberattackers]