Return-Path: <sentto-279987-5174-1029329082-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 14 Aug 2002 05:46:09 -0700 (PDT) Received: (qmail 11601 invoked by uid 510); 14 Aug 2002 12:43:15 -0000 Received: from n2.grp.scd.yahoo.com (66.218.66.75) by all.net with SMTP; 14 Aug 2002 12:43:15 -0000 X-eGroups-Return: sentto-279987-5174-1029329082-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.197] by n2.grp.scd.yahoo.com with NNFMP; 14 Aug 2002 12:44:42 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_7_4); 14 Aug 2002 12:44:41 -0000 Received: (qmail 11036 invoked from network); 14 Aug 2002 12:44:41 -0000 Received: from unknown (66.218.66.217) by m4.grp.scd.yahoo.com with QMQP; 14 Aug 2002 12:44:41 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta2.grp.scd.yahoo.com with SMTP; 14 Aug 2002 12:44:41 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g7ECjSr09792 for iwar@onelist.com; Wed, 14 Aug 2002 05:45:28 -0700 Message-Id: <200208141245.g7ECjSr09792@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 14 Aug 2002 05:45:28 -0700 (PDT) Subject: [iwar] [fc:Richard.Clarke.Prepares.for.Cyber.'Pearl.Harbor'] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: NewsMax Richard Clarke Prepares for Cyber 'Pearl Harbor' Dave Eberhart Monday, Aug. 12, 2002 In the early morning hours of August 6, a series of electronic attacks were launched against U.S. Internet providers and Web sites on the East Coast. Insidiously, the attacks moved across the country to similar targets on the West Coast. Richard Clarke, the Bush Administration's national coordinator for security, infrastructure protection and counter-terrorism watched anxiously, wondering if this might be the big one. After a while it became clear to Clarke and his staff that the 700 percent spike in traffic that was jamming the cyber highways appeared to be coming from a relatively small number of machines, allowing Internet providers to protect their networks by filtering data from the attacking computers. Just days before the disquieting attacks, Clarke was telling National Public Radio about his estimate of the worst-case-scenario - that looming cyber "Pearl Harbor" he likes to talk about as he travels the country pitching the virtues of security to private enterprise, the owners and overseers of 85 percent of the nation's fragile and vulnerable cyber infrastructure. "Then there's the unknown, unknown. Have our enemies already penetrated our critical infrastructure successfully and we don't know it? Or are they in a position where - if there is a big conflict between us and them - they are already in a position to disable our critical infrastructure?" Currently, Clarke and his second-in-command, Howard Schmidt, the former chief security officer of Microsoft, fall under the Office of Homeland Defense and occupy offices on the 10th floor of the old Secret Service building, two blocks west of the White House. Clarke makes no secret of the fact that he is waiting with bated breath for the emergence of the giant Department of Homeland Security. "It will have the National Infrastructure Protection Center, transferred from the FBI; the Critical Infrastructure Assurance Office, transferred from the Department of Commerce; the National Communications System, transferred from the Department of Defense; and [a federal security unit], transferred from the General Services Administration...." "It will concentrate our forces." Clarke enthuses. "It will concentrate the skilled staff that we have, and it will ensure added cooperation and added coordination both within the government and with the private sector.'' In the meantime, Clarke and Schmidt must content themselves with badgering industry and cyber security vendors to get on the same dance card. Part of the rhetorical arsenal is a hefty collection of war stories designed to make the most lackadaisical cringe and crack open the company coffers to invest in those software patches, firewalls and other paraphernalia of the Internet security game. 'Door Locks' "Fundamentally, cyberspace security is about buying and using door locks," advises Clarke. "Last year, it cost $15 billion to recover from viruses, worms and denial-of-service attacks," he warns. One of Schmidt's favored teaching anecdotes: "When the Melissa virus hit at one company...it took about $14 million dollars to bring that whole system up online after 10 days. When the Anna Kornikova virus hit the same company, they were able to contain it within 30 minutes with better processes, and that 30 minutes translated into about $12,000 worth of effort - quite a difference." For his part, Clarke likes to hash over the invasions of "Code Red" and "Nimda" viruses that made the rounds last summer. "We [the Critical Infrastructure Protection Board, of which he is chairman] had Cisco, Microsoft, and WorldCom all on conference calls, when we finally figured out this thing had infected thousands of servers. We were able to take apart the code and learn what it would have the servers do and when it would have the servers do it. At 4 p.m., we discovered that at 8 p.m. that night it would have all the servers attack one site - www.whitehouse.gov. "What we were able to do...was to get to the major [Internet service providers such as AOL, MSN, etc.], asking them to block the White House...address on their edge servers. When you dial up on your AOL modem, the first place it hits on AOL is the local, or edge, server. Because we were able to act quickly, the tsunami [cyber attack] just fizzled. That's a classic example of how government and industry work together." Clarke, 51, has experience at crisis management, having served as President Clinton's counterterrorism adviser for most of the 1990s. Although seldom dwelling on those days, he does draw an analogy between yesterday's unheeding aviation industry and today's sometimes dangerous complacency in that big hunk of the nation's privately owned infrastructure: "There were many in the aviation industry, who knowing their vulnerabilities to stop terrorism nonetheless did not take care of them because they thought they would be inconvenient. They thought it would be costly. They thought it would raise questions about the goals and missions of the aviation industry. The aviation industry now wishes it had done otherwise. We - all the rest of us - still have an opportunity to take a look at our vulnerabilities.'' When not beating the security drum, Clarke and Schmidt are busy educating Congress. The big bogeyman in that department is the much-debated exemption to the Freedom of Information Act [FOIA] that would ensure information given to the federal government about computer attacks would not be made public. Security Flaws CEOs are keen on the exemption because they are concerned about loosing the confidence of customers and stockholders if it gets out to the world that their systems are vulnerable to hackers. And it's not just systems at stake, but the reputation of expensive software packages, the grist of the industry. Clarke notes that last year 2,000 security flaws in software were discovered in this country. He's looking for a figure closer to 3,000 this year. "Our lawyers say the law, as currently written, would allow us to protect that information," says Clarke. "But that doesn't persuade companies to give us the information. Their lawyers believe they need additional protection; therefore we need to get additional protection." Amendments to the FOIA aside, Clarke would be happy to simply get the private sector to follow the lead of the federal government, which is moving toward spending 8 percent of its IT budget spent on IT security. Clarke likes to quote a Forrester Research survey indicating Fortune 500 companies spend an average of 0.0025 percent of revenue on security - less than the budget of the coffee concession. "If you spend more on coffee than you do on security, you will be hacked. And moreover, you deserve to be hacked," Clarke sums up. ------------------------ Yahoo! Groups Sponsor ---------------------~--> 4 DVDs Free +s&p Join Now http://us.click.yahoo.com/pt6YBB/NXiEAA/RN.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT