Computers, technology at risk for terrorist attacks

|tab|

Jim Dow, PE, is a Microsoft Certified Systems Engineer and a Microsoft Certified Database Administrator. He is general manager of Tritel Communications and Consulting, a locally owned communications and technology business.|ret||ret||tab|

|ret||ret||tab|

A few weeks ago I had the privilege of attending the SecureXchange forum sponsored by Symantec in Washington, D.C., during the "sniper lockdown." One of the reasons I attended was due to my company's involvement in homeland security work for the Transportation Security Administration in our region. Since the subject of the meetings were to discuss and assess security information, the idea that you had to be aware of what was going on around you simply added to the sense of urgency.|ret||ret||tab|

The keynote speaker and a participant was Richard Clarke, President Bush's cyber-security chief.|ret||ret||tab|

"Much like the airline industry before Sept. 11, high-tech companies, customers, and government agencies are well aware of security vulnerabilities but are reluctant to pay to fix them," Clarke said.|ret||ret||tab|

"It's just a matter of time before terrorists use these flaws to launch a cyberspace equivalent of the Sept. 11 attacks on critical national infrastructure such as the electricity grid," he added.|ret||ret||tab|

"Airlines had known for years about the weaknesses in the industry's security mechanisms, but chose not to address them. This (information security) industry runs the same risks as the aviation industry."|ret||ret||tab|

Think this is a small possibility and we can live with the risk? Look at what small nuisances Nimda, Code Red, Klez or the most recent Bugbear have done. A couple of weeks ago a denial of service attack was thrust upon the World Wide Web. As I recall, it took down 11 of the 13 critical Internet root DNS servers.|ret||ret||tab|

Notice I called these small nuisances? Any of these viruses/worms could have just as easily wiped your disks, systems and all your company data. The DOS attack could have taken the Web down indefinitely.|ret||ret||tab|

Let's turn our attention to some real threats. As Clarke mentioned, for instance, losing the complete electrical grid. What would that cost? |ret||ret||tab|

What if all credit card data, readily available and all over the Internet, was released worldwide? |ret||ret||tab|

What if all government sites/communications were sabotaged and all government dollars/services stopped? I guess you could go either way on this one depending on your politics, but it would still bring us to a halt.|ret||ret||tab|

These are not remote possibilities anymore, but only a matter of time if we do not take a proactive approach. |ret||ret||tab|

Today, our economy and national security are fully dependent upon information technology and the information infrastructure.|ret||ret||tab|

So what are we to do? Government and industry must work together and fund the research necessary to stop or minimize this threat on the global scale. Each entity must do whatever is necessary to understand its vulnerability to itself and how that may affect everyone else.|ret||ret||tab|

On an individual business scale, information technology managers must be held accountable for protecting their companies and customer data. |ret||ret||tab|

To this end, the Healthcare Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act were passed. These caused certain businesses to try to protect customer privacy and data. As usual, they were enacted because business did not act on its own.|ret||ret||tab|

Companies cannot just be concerned about their own little world anymore. We are all connected through cyberspace, and whatever happens out there will eventually affect us.|ret||ret||tab|

How does an individual or a company contribute to the security of our vital national information?|ret||ret||tab|

Start looking at home, in your own company. Unfortunately, our own employees pose the largest threat to breaches of information security. How tight are your internal security policies?|ret||ret||tab|

Information technology managers should look at the international ISO 17799 standard, information technology-code of practice for information security management. It is a basic model for business information security. |ret||ret||tab|

I urge businesses to obtain this standard and consider using it as a basis for setting up, measuring or strengthening their in-house information security. Will it put you in a better position? Possibly. Will it make you more aware of what you need to be doing? Absolutely.|ret||ret||tab|

Do not assume that you are secure if you have not been hacked. I contend you are lucky or missing something. Suggestion: Contract with experts outside your company, with no bias, to test your security, inside and out.|ret||ret||tab|

Get involved with The National Strategy to Secure Cyberspace at www.ciao.gov. Although the deadline to respond has passed, please go to the site, download the document and read it. This is our government's preliminary answer to the problem.|ret||ret||tab|

Be careful out there.|ret||ret||tab|

[[In-content Ad]]