Information Security News mailing list archives
Official: Tech Firms Should Be Drafted
From: William Knowles <wk () C4I ORG>
Date: Thu, 24 Aug 2000 19:27:54 -0500
http://www.zdnet.com/intweek/stories/news/0,4164,2618582,00.html By Patrick Houston, ZDNN August 22, 2000 5:00 PM PT REDWOOD SHORES, Calif. -- The federal official in charge of protecting the nation's critical information systems sounded a Klaxon here Tuesday, calling on corporations to create a new type of civil defense system against hackers and hostile nation-states. "If the United States goes to war again ... our movements of troops, our movement of aircraft, our lines of supplies will probably be attacked not by bombs, not by bullets but by bytes," said Richard A. Clarke, national coordinator for security, infrastructure protection and counter-terrorism, at a daylong conference on information security. Tech industry leaders -- including Microsoft Corp., Oracle Corp., Sun Microsystems Inc. and Cisco Systems Inc. -- joined retailing, banking and manufacturing executives at the fourth in a series of five regional gatherings that began last spring in Washington. Their mission is clear, Clarke told corporate board members and the auditors who help them manage major risks. "By protecting the IT security of your company, you can protect the security of your country." Clarke is the National Security Council's first-ever infrastructure coordinator, charged with assessing potential threats to the nation's railroads, electrical power grid and telephone systems. But he has focused less on rails and ties, wires, towers and poles and more on the computing systems underlying the operations of companies that supply basic services. His appearance was a sign of the government's commitment to information security, an issue that has escalated to a place on the national agenda, thanks in part to a series of highly publicized incidents including the "Love" bug and Melissa virus outbreaks; Y2K glitches; and the denial-of-service attacks that brought down Yahoo.com, eBay.com and ZDNet.com. No army will win this war It also represented a realization by the national security establishment: In the borderless world of the Information Age, there's no way the Army, the Air Force or the Marines can defend the nation's information systems as they've protected its vital interests in the past. Clarke said threats come in several different potential forms: vandalism, extortion, espionage and disruption. He cited a hacking incident involving a Florida Internet service provider. The hacker obtained thousands of customers' credit card numbers and threatened to expose them on the Internet if the ISP didn't pay a ransom. Police tracked the extortionist to Frankfurt, Germany, where they arrested an Indian national. "Someone from India, living in Germany, stole credit card numbers from Florida," Clarke said. There are "nation-states which have formed information warfare units," and those units are probing the nation's information networks "looking for points of vulnerability," he said. "The next time there is a major crisis, we have to worry about being blackmailed as a nation or being disrupted as a nation," he said. He said the Pentagon has experienced "millions" of attempted intrusions each year. The U.S. Air Force alone was subjected to 300,000 last year, of which only about two dozen succeeded. Twice a month While that might not seem significant, given the totals, he said, "Think of it this way: Twice a month, your Air Force had its computers successfully hacked last year." Clarke also warned of attacks on private companies creating a calamity that could be tantamount to an "electronic Exxon Valdez." He cited several ways the government is trying to enhance security. They include: encouraging industries to create information sharing and analysis centers (ISACs), groups of companies in the same industry that share information about cybersecurity. A group of banks have bonded together to do just that. When one is attacked, its ISAC creates a report circulation among its members on the causes and precautions; creating a more receptive "legal framework." This might include amending the Freedom of Information Act so that companies could feel more confident in sharing information about security breaches with the government; spending $600 million on information technology research, particularly in areas where commercial prospects remain slim and thus unattractive to for-profit companies; and sharing classified information with "trusted partners." In the end, however, the burden of protecting the nation and its vital interests lies with the individual efforts of individual companies and institutions. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Official: Tech Firms Should Be Drafted William Knowles (Aug 25)