[iwar] [fc:Richard.Clarke.Prepares.for.Cyber.'Pearl.Harbor']

From: Fred Cohen (fc@all.net)
Date: 2002-08-14 05:45:28 

Return-Path: <sentto-279987-5174-1029329082-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 14 Aug 2002 05:46:09 -0700 (PDT)
Received: (qmail 11601 invoked by uid 510); 14 Aug 2002 12:43:15 -0000
Received: from n2.grp.scd.yahoo.com (66.218.66.75) by all.net with SMTP; 14 Aug 2002 12:43:15 -0000
X-eGroups-Return: sentto-279987-5174-1029329082-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.67.197] by n2.grp.scd.yahoo.com with NNFMP; 14 Aug 2002 12:44:42 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_7_4); 14 Aug 2002 12:44:41 -0000
Received: (qmail 11036 invoked from network); 14 Aug 2002 12:44:41 -0000
Received: from unknown (66.218.66.217) by m4.grp.scd.yahoo.com with QMQP; 14 Aug 2002 12:44:41 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta2.grp.scd.yahoo.com with SMTP; 14 Aug 2002 12:44:41 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g7ECjSr09792 for iwar@onelist.com; Wed, 14 Aug 2002 05:45:28 -0700
Message-Id: <200208141245.g7ECjSr09792@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 14 Aug 2002 05:45:28 -0700 (PDT)
Subject: [iwar] [fc:Richard.Clarke.Prepares.for.Cyber.'Pearl.Harbor']
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20
X-Spam-Level: 

NewsMax 



Richard Clarke Prepares for Cyber 'Pearl Harbor' 

Dave Eberhart
Monday, Aug. 12, 2002 

In the early morning hours of August 6, a series of electronic attacks were launched 
against U.S. Internet providers and Web sites on the East Coast. Insidiously, the 
attacks moved across the country to similar targets on the West Coast. Richard Clarke, 
the Bush Administration's national coordinator for security, infrastructure protection 
and counter-terrorism watched anxiously, wondering if this might be the big one. 


After a while it became clear to Clarke and his staff that the 700 percent spike 
in traffic that was jamming the cyber highways appeared to be coming from a relatively 
small number of machines, allowing Internet providers to protect their networks by 
filtering data from the attacking computers.

Just days before the disquieting attacks, Clarke was telling National Public Radio 
about his estimate of the worst-case-scenario - that looming cyber "Pearl Harbor" 
he likes to talk about as he travels the country pitching the virtues of security 
to private enterprise, the owners and overseers of 85 percent of the nation's fragile 
and vulnerable cyber infrastructure. 

"Then there's the unknown, unknown. Have our enemies already penetrated our critical 
infrastructure successfully and we don't know it? Or are they in a position where 
- if there is a big conflict between us and them - they are already in a position 
to disable our critical infrastructure?"

Currently, Clarke and his second-in-command, Howard Schmidt, the former chief security 
officer of Microsoft, fall under the Office of Homeland Defense and occupy offices 
on the 10th floor of the old Secret Service building, two blocks west of the White 
House.

Clarke makes no secret of the fact that he is waiting with bated breath for the 
emergence of the giant Department of Homeland Security. 

"It will have the National Infrastructure Protection Center, transferred from the 
FBI; the Critical Infrastructure Assurance Office, transferred from the Department 
of Commerce; the National Communications System, transferred from the Department 
of Defense; and [a federal security unit], transferred from the General Services 
Administration...." 

"It will concentrate our forces." Clarke enthuses. "It will concentrate the skilled 
staff that we have, and it will ensure added cooperation and added coordination both 
within the government and with the private sector.'' 

In the meantime, Clarke and Schmidt must content themselves with badgering industry 
and cyber security vendors to get on the same dance card. Part of the rhetorical 
arsenal is a hefty collection of war stories designed to make the most lackadaisical 
cringe and crack open the company coffers to invest in those software patches, firewalls 
and other paraphernalia of the Internet security game.

'Door Locks' 

"Fundamentally, cyberspace security is about buying and using door locks," advises 
Clarke. "Last year, it cost $15 billion to recover from viruses, worms and denial-of-service 
attacks," he warns.

One of Schmidt's favored teaching anecdotes: "When the Melissa virus hit at one 
company...it took about $14 million dollars to bring that whole system up online 
after 10 days. When the Anna Kornikova virus hit the same company, they were able 
to contain it within 30 minutes with better processes, and that 30 minutes translated 
into about $12,000 worth of effort - quite a difference."

For his part, Clarke likes to hash over the invasions of "Code Red" and "Nimda" 
viruses that made the rounds last summer.

"We [the Critical Infrastructure Protection Board, of which he is chairman] had 
Cisco, Microsoft, and WorldCom all on conference calls, when we finally figured out 
this thing had infected thousands of servers. We were able to take apart the code 
and learn what it would have the servers do and when it would have the servers do 
it. At 4 p.m., we discovered that at 8 p.m. that night it would have all the servers 
attack one site - www.whitehouse.gov. 

"What we were able to do...was to get to the major [Internet service providers such 
as AOL, MSN, etc.], asking them to block the White House...address on their edge 
servers. When you dial up on your AOL modem, the first place it hits on AOL is the 
local, or edge, server. Because we were able to act quickly, the tsunami [cyber attack] 
just fizzled. That's a classic example of how government and industry work together."

Clarke, 51, has experience at crisis management, having served as President Clinton's 
counterterrorism adviser for most of the 1990s. Although seldom dwelling on those 
days, he does draw an analogy between yesterday's unheeding aviation industry and 
today's sometimes dangerous complacency in that big hunk of the nation's privately 
owned infrastructure: 

"There were many in the aviation industry, who knowing their vulnerabilities to 
stop terrorism nonetheless did not take care of them because they thought they would 
be inconvenient. They thought it would be costly. They thought it would raise questions 
about the goals and missions of the aviation industry. The aviation industry now 
wishes it had done otherwise. We - all the rest of us - still have an opportunity 
to take a look at our vulnerabilities.'' 

When not beating the security drum, Clarke and Schmidt are busy educating Congress. 
The big bogeyman in that department is the much-debated exemption to the Freedom 
of Information Act [FOIA] that would ensure information given to the federal government 
about computer attacks would not be made public. 

Security Flaws

CEOs are keen on the exemption because they are concerned about loosing the confidence 
of customers and stockholders if it gets out to the world that their systems are 
vulnerable to hackers. 

And it's not just systems at stake, but the reputation of expensive software packages, 
the grist of the industry. Clarke notes that last year 2,000 security flaws in software 
were discovered in this country. He's looking for a figure closer to 3,000 this year. 


"Our lawyers say the law, as currently written, would allow us to protect that information," 
says Clarke. "But that doesn't persuade companies to give us the information. Their 
lawyers believe they need additional protection; therefore we need to get additional 
protection." 

Amendments to the FOIA aside, Clarke would be happy to simply get the private sector 
to follow the lead of the federal government, which is moving toward spending 8 percent 
of its IT budget spent on IT security. 

Clarke likes to quote a Forrester Research survey indicating Fortune 500 companies 
spend an average of 0.0025 percent of revenue on security - less than the budget 
of the coffee concession. 

"If you spend more on coffee than you do on security, you will be hacked. And moreover, 
you deserve to be hacked," Clarke sums up.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
4 DVDs Free +s&p Join Now
http://us.click.yahoo.com/pt6YBB/NXiEAA/RN.GAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT