[iwar] [fc:War.against.terrorism.raises.IT.security.stakes:]

From: Fred Cohen (fc@all.net)
Date: 2001-09-26 12:02:11


Return-Path: <sentto-279987-2380-1001530903-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 26 Sep 2001 12:05:29 -0700 (PDT)
Received: (qmail 30135 invoked by uid 510); 26 Sep 2001 19:02:50 -0000
Received: from n35.groups.yahoo.com (216.115.96.85) by 204.181.12.215 with SMTP; 26 Sep 2001 19:02:50 -0000
X-eGroups-Return: sentto-279987-2380-1001530903-fc=all.net@returns.onelist.com
Received: from [10.1.1.223] by mu.egroups.com with NNFMP; 26 Sep 2001 19:02:31 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_3_2_2); 26 Sep 2001 19:01:37 -0000
Received: (qmail 5174 invoked from network); 26 Sep 2001 19:01:36 -0000
Received: from unknown (10.1.10.27) by 10.1.1.223 with QMQP; 26 Sep 2001 19:01:36 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 26 Sep 2001 19:02:18 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id MAA24007 for iwar@onelist.com; Wed, 26 Sep 2001 12:02:11 -0700
Message-Id: <200109261902.MAA24007@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 26 Sep 2001 12:02:11 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:War.against.terrorism.raises.IT.security.stakes:]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

War against terrorism raises IT security stakes:

Concerns heightened that cyberattacks and physical attacks will be
combined By Patrick Thibodeau, ComputerWorld, 9/26/2001 <a
href="http://www.computerworld.com/storyba/0,4125,NAV47_STO64147,00.html?OpenDocument&~f">http://www.computerworld.com/storyba/0,4125,NAV47_STO64147,00.html?OpenDocument&~f>

A war against terrorism raises the specter of increased security risks
for information managers-risks ranging from nuisance Web site
defacements to the possibility that systems could be targeted in
conjunction with a physical attack as part of an effort to maximize
disruptions. 

Such threats existed before the Sept.  11 terrorist attacks against the
U.S.  But the possibility of a significant attack -specifically, a
combined cyber and physical assault - is being taken much more seriously
since those events. 

What security experts and managers are less certain of is the degree of
risk.  Most said they believe the war against terrorism will raise the
danger level, but some security managers said they were already under
siege. 

"I think we already had a very significant threat prior to Sept.  11,"
said Steve Akridge, chief security officer for the Georgia Technology
Authority, which manages the state's IT.  "On a scale of 1 to 10, we
felt that the threat was an 8.  Maybe now it's a 9," said Akridge. 

The biggest change wrought by the terrorist attacks may be improved
awareness of the importance of information security - especially
contingency planning. 

"Even though it wasn't a computer-related attack, the mind-set now is
that we are no longer immune from this type of incident," said Larry
Seibel, information security director at the Huntington National Bank in
Columbus, Ohio.  "The incident, without a doubt, has served to raise the
level of importance of contingency planning for business and systems
recovery."

The major concern is, of course, physical attacks.  But a U.S. 
congressional commission examining weapons of mass destruction used by
terrorists concluded that cyberattacks in concert with physical attacks
are a major concern. 

"There has been substantial concern [about] the potential consequences
of cyberattacks," said Virginia Gov.  James Gilmore, the Republican
chairman of the congressional commission.  "Communications, if
disrupted, could have significant impact on the [physical] attack
itself, and we have been very focused on that and very concerned about
that particular issue."

Although the number of nuisance attacks may rise, of more concern are
attacks of greater intensity.  "I am less concerned with an increase in
frequency than I am concerned with an increase in ferocity," said G. 
Mark Hardy, a security expert at Ernst &amp; Young International in New
York. 

Tim Atkin, a member of the private-sector group Partnership for Critical
Infrastructure Security and director of critical infrastructure
protection at consulting firm SRA International Inc.  in Fairfax, Va.,
said a cyberattack is "a completely viable option" for a terrorist group
to inflict great damage on the U.S.  "Right now, the view is [that]
nothing should be considered sacred," said Atkin.  "You never know where
an organization like [Osama bin Laden's al-Qaeda] is going to hit."
Reporter Dan Verton contributed to this article. 


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/JNm9_D/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:50 PDT