Be Prepared for Cyberterrorism
Date: April 06, 2005Source: COMPUTERWORLD
By:
"Within the past several years, the U.S. has been the target of increasingly lethal terrorist attacks, which highlight the potential vulnerability of our networked systems," Keith Lourdeau, deputy assistant director of the FBI's Cyber Division, said in testimony before the Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security in February 2004. "These attacks were carried out by terrorists wanting to harm U.S. interests in order to forward their individual cause. Our networked systems make inviting targets for terrorists due to the potential for large-scale impact to the nation."
Lourdeau further pointed out that vulnerabilities to our networked systems can be attributed to a number of factors and that threats originate from a number of sources. These include easy accessibility to those systems via the Internet; the wide availability of tools that can be used maliciously by anyone with a point-and-click ability; the globalization of our nation's infrastructures, which increases their exposure to potential harm; and the interdependencies of networked systems, which make attack consequences harder to predict and perhaps more severe.
This is where incident management and business continuity come into play. A computer security incident is considered to be any event wherein some aspect of a computer system is threatened. Such incidents include the loss of data confidentiality, disruption of data or system integrity, or disruption or denial of availability.
Planning for business continuity includes being prepared for a variety of threats: viruses, hack attacks (originating both internally and externally), industrial espionage, denial-of-service attacks, unauthorized access to systems, hoaxes and fraud. Advance planning for such threats has, for many organizations, required the investment of massive numbers of man-hours and enormous financial infusions.
Nevertheless, many businesses remain insufficiently equipped to deal with cyberterrorism because they have failed to understand the nature of threats, or they simply don't have the employees with the appropriate skills or technical expertise to combat those threats.
While some incidents are easy to plan for ahead of time, others present more of a challenge. For example, the loss of a building is something that the organization can't easily prepare for. The primary requirement at a business level is to continue working, making the loss of a building the ultimate business-continuity issue.
"The only difference between a hurricane and a terrorist attack is intent; the results are the same," says Interpact Inc. President Winn Schwartau. And he's right, it doesn't matter if the building is destroyed by a bomb or a natural disaster. Companies need to deal with the consequences of any incident before they can think about causes and motives.
When preparing for cyber or terrorist attacks, keep the following tips from the DHS in mind:
? Be prepared to do without services and equipment that you normally depend upon and that could be disrupted -- electricity, telephone service, Internet connections, natural gas, gasoline pumps, cash registers and automated teller machines.
? Be prepared to respond to official instructions if a cyberattack triggers other hazards. For example, you may have to evacuate if hazardous materials are released, there's an incident at a nuclear power plant, or dams or flood-control systems fail.
Organizations must prepare for cyberthreats with a systemwide approach that unites the physical, operational and human aspects of the enterprise. From obvious tasks like adopting effective password policies and installing firewalls to more involved jobs like protecting open entry points and reducing unnecessary and unprotected server areas, the entire organization must ultimately remain vigilant to thwart cyberattacks.
Douglas Schweitzer is an Internet security specialist. Contact him at [email protected].
Douglas Schweitzer is an Internet security specialist with a focus on malicious code. He is the author of several books, including Internet Security Made Easy, Securing the Network from Malicious Code and Incident Response: Computer Forensics Toolkit.
Original article
Add comment Email to a Friend