Gartner Forecasts Greater Potential For Cyberattacks

[InfoSec News <isn () c4i org>]

http://www.securitypipeline.com/news/showArticle.jhtml%3Bjsessionid=OB5UFEWRASQTMQSNDBGCKHQ?articleId=17301712

By Antone Gonsalves
TechWeb News 
January 15, 2004 

Dependence on the Internet for voice communications and data
distribution will increase the likelihood of cyberwarfare, a high-tech
research firm said Thursday.

Much like the nuclear threat during the Cold War in the last century,
cyberwarfare is a potential catastrophe that the U.S. and other
nations must be prepared to combat, Gartner Inc. said. Given the rate
of adoption of Internet-based technology, nations will have the
ability to conduct cyberwarfare by 2005.

"The world's not going to hell in a hand basket, so we can get that
off the table," David Fraley, author of the recent Gartner report,
said. "What's important for people to do is continuity planning--be
aware of the different threats and vulnerabilities that could hit
their organizations."

Organizations could suffer irreparable harm if they don't have a
strategy for keeping their businesses running, if facilities are
unable to operate.

"The difference between cyberwarfare and hacking is the magnitude,"  
Fraley said. "Cyberwarfare is on a much grander scale."

Increasing the possibility of cyberattacks is the ever-increasing use
of Internet-protocol networking technology to connect critical
infrastructure, as well as the movement in voice communications from a
circuit- to packet-switched architecture, the research firm said.

IP networks carrying voice traffic use voice over IP (VoIP) equipment
that is susceptible to traditional Internet threats like worms,
viruses and break-ins from hackers. Denial-of-service attacks, for
example, that often take down web sites, could be used to disrupt the
flow of voice-carrying packets on an IP network, causing a major
breakdown in communications.

On the infrastructure level, interfaces allowing maintenance and
control of equipment have traditionally been accessed through dial-up
modems. As more of these access points are converted to IP network
connections, then the vulnerability to attack also increases.

Possible targets of attacks include network interfaces found in
equipment used by dams, railroads, electrical grids and power
generation facilities, Gartner said. Another target is the interface
points between SS7, the central nervous system of the public switched
telephone network (PSTN), and IP networks.

Gartner predicts that SS7 will become a key communications target by
2006.

Other trends adding to the potential destruction of cyber-attacks
include the conversion of traditional frame relay and X.25 protocols
used to connect computer systems in banking and finance to IP
networking. Similar conversions are taking place in other industries,
such as chemical, oil and gas, electrical, law enforcement and rail
transportation.

In its research, Gartner points out businesses can find ways to manage
risk through the U.S. National Infrastructure Protection Center, which
has published a document entitled, "Risk Management: An Essential
Guide to Protecting Critical Assets."

"Most security technology, when used in conjunction with 'best
practices,' is appropriate to the proportional risk presented by the
threat of cyber-warfare," Gartner said in a statement. "The
proportional-risk assumption does not mean that a cyber-warfare attack
would be unsuccessful if undertaken by a determined foe, but that risk
is low."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.