Novel explores U.S.-Iraq cyberwar

[InfoSec News <isn () c4i org>]

http://www.fcw.com/fcw/articles/2003/0224/web-cyber-02-24-03.asp

[http://www.amazon.com/exec/obidos/ASIN/0595257496/c4iorg  - WK]


By Dan Caterinicchia 
Feb. 24, 2003

Iraq has launched a cyberattack against the United States, targeting 
everything from critical infrastructure networks to government 
systems. Authorities are hamstrung by political and legal impediments, 
forcing a cyber vigilante to lead a rebel force against Iraq, which 
makes him the target of the U.S. government as well as the terrorists.

While that scenario is fictitious, it is not nearly as farfetched as 
it was even a few months ago, and government readers are increasingly 
interested in what the author of a new novel - "No Outward Sign" 
(Writers Club Press, November 2002) - has to say.

Bill Neugent, chief engineer for cybersecurity at Mitre Corp., has 
recently accepted invitations to give talks on cyberterrorism at 
Sandia National Laboratories and the Department of Veterans Affairs.

Neugent said that although his book is fiction, it examines the 
concept that industry, government and the public are essentially 
"naked in cyberspace," with privacy diminishing, identity theft on the 
rise and financial accounts highly vulnerable.

He added that although cyberterrorism is a real threat, the general 
public does not share the fear felt in government and industry circles 
where it is better understood.

"With cyberterrorism, there's not the fear and intimidation like with 
the sniper.... It's not that gut wrenching," Neugent said. "It's more 
hollow, like reading the business section and looking at the stock 
market."

Last month's Slammer worm, which exploited known vulnerabilities in 
Microsoft Corp.'s SQL Server 2000 database software to generate a high 
enough volume of work for servers to slow or shut down, was about 250 
times faster than previous worms. Of the 75,000 machines it affected 
worldwide, most were infected in about 10 minutes. That speed is 
"jaw-dropping," and Slammer may be the first of many like it, he said.

But the news is not all bad. Neugent said the Defense Department and 
government networks did a good job containing Slammer and are far 
better protected than they were in the past, although "there's still a 
long way to go." 

One of the most frustrating aspects of cyber protection is that even 
as industry continues to produce newer and better software and 
applications, the number of vulnerabilities associated with those 
doubles every year, he said.

"The dilemma is that with the stronger underpinnings, there are two 
times as many holes to patch," Neugent said. 

The White House's recently released National Strategy to Secure 
Cyberspace is a step in the right direction, he said, adding that he 
is especially pleased that it gives the Homeland Security Department 
the authority to establish "government red teams" to conduct 
cyberattack exercises against the nation's critical infrastructure 
networks and then increase protection through those operations.

As a Mitre employee, Neugent said he shared many passages in his book 
with his customers - DOD and intelligence community officials - to 
ensure that nothing in the novel could be used by a terrorist or rival 
government against the United States.

"I erred on the side of caution because I didn't want to encourage the 
bad guys, but I did want to nudge the good guys into action," he said. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.