How Safe Is The Internet?

Welcome Guest. | Log In| Register | Membership Benefits

How Safe Is The Internet?

Hackers' break-in at General Electric raises questions about the Net's security

By Clinton Wilder
Issue: Dec. 12, 1994

Thanksgiving was not the happiest of holidays for General Electric Co. Sometime during the week of Nov. 21, unidentified computer hackers bore through GE's Internet security "firewalls" and accessed GE systems that contained proprietary information.

There was no apparent damage to the data, but the incident caused GE to shut down Internet access for 72 hours as a precaution. It also sent a shudder through U.S. corporatio ns rushing to embrace the Internet as a major conduit for electronic commerce.

Security problems are an undeniable fact of life on the Internet, whose very openness makes it an unmatched vehicle for reaching millions of customers at minimal cost. Still, many corporations that use the Net to hawk wares and services remain undaunted, viewing incidents like the GE break-in simply as a risk of doing business online.

'No Foolproof Methods'
These companies fully support the concept of firewalls-software programs constructed of security measures, such as password authentication-which keeps the public Internet separate from a company's private networks and databases.

"You have to evaluate what you will do over the Internet and what risks you're willing to take," says Jerrold Grochow, VP and chief technical officer at American Management Systems Inc. (AMS) in Fairfax, Va., which activated a server on the World Wide Web in November. Security will get better, he says, but so will hackers . "There will never be any foolproof method," Grochow says.

AMS is carefully monitoring its own firewall because the company "is not absolutely convinced it's unbreakable," Grochow adds.

At least one major corporation is moving slowly with Internet ventures because of potential security breaches like the GE incident. Tyson Foods Inc. in Springdale, Ark., says it won't bring up a Web server for at least a year, or until it has developed a firewall that is "very secure," says Steve Hankins, VP of information systems. Until then, Tyson employees doing Internet research will continue to use computers at the University of Arkansas in nearby Fayetteville.

But Tyson appears to be the exception. GE says it will proceed with its Internet plans, albeit with redoubled security efforts. Just one day after news of its hacker break-in came to light, GE announced that four of its business units joined CommerceNet, the Menlo Park, Calif., consortium of companies seeking to promote business transactions on the Net.

"I don't believe this latest incident dampens our interest in playing a key role in Internet commerce," says Scott Stone, manager of interactive and database services at GE Information Services (GEIS) in Rockville, Md. "In fact, these kinds of issues need to be brought out so we can identify where the security leaks might occur."

Some 58,000 Internet users have accessed GE's Web server since Oct. 13 when GEIS--and GE's Plastics, Capital Services, and Power Systems business units--began posting customer information on their own Web home pages , according to Sharon Pender, an Internet program manager at GEIS.

Does such access come with a price of data vulnerability? Perhaps. Though it's not clear how the hackers broke into the company, GE believes that being able to reach customers around the world is worth the risk, and it remains convinced that its firewalls will prove adequate. "If there's one word about the way we feel, it's undaunted," says Rick Pocock, general manager of mar keting communications at GE Plastics in Pittsfield, Mass. "We have such confidence that the Internet is the way to go. We're there to make information available."

Forecast: Showers
One thing's for sure: The GE break-in won't be the last incident of its kind. In fact, during the same week, an unauthorized user hacked into the server of Pipeline Network Inc., a Net acess provider in New York, and posted a message from a group called the Internet Liberation Front. The service shut down for six hours. And in October, hackers illegally downloaded IBM and Microsoft software from a computer at Florida State University. "All the hype about commerce on the Net will get regular cold showers like this," warns Jim Bidzos, president of RSA Data Security Inc., an online security firm in Redwood City, Calif.

Another potential risk of business in cyberspace stems from the culture clash between corporate America and Internet purists who fear the Net's free-spirited commune will be torn up and re placed by a giant online shopping mall. The Internet Liberation Front's angry message warned businesses not to turn the Internet into a "cesspool of greed."

But Pipeline Network founder James Gleick doesn't see cyber-terrorism at work, at least not yet. "I don't know that there is any such group" as the Internet Liberation Front, he says. "I think it's somebody kidding himself about how important he is."

A scarier thought: The vast majority of Internet break-ins go unreported. For obvious reasons, companies don't want the world to know their firewalls may be vulnerable. "You can't ever tell the true rate of Internet break-ins," says Mark Rasch, a Washington attorney who in 1990 prosecuted then-Cornell University student Robert Morris, perhaps the most notorious Internet hacker in history. "With more companies accessing the Internet, there's an exponential increase in information available for the taking," Rasch adds.

Internet security falls into two basic categories: firewalls that protect internal information, and encryption schemes that encode business transactions, particularly credit-card authorization and debiting (for more on precautions you can take, click here ). Encryption has become a hot topic in recent weeks, with Microsoft Corp. and Visa International agreeing to develop a system based on technology from RSA Data Security.

More products for secure Internet commerce will roll out Dec. 6-8 at the Internet World show in Washington, including Enhanced Mosaic 2.0 from Spyglass Inc. in Naperville, Ill.

Not Just Knocking
"Customers aren't just knocking on my door inquiring about Internet security-they're flat-out running me over," says Matthew Howard, security product manager at router maker Cisco Systems Inc. in Menlo Park, Calif. That stampede is sure to continue as businesses head onto the Internet with a mixture of enthusiasm and trepidation.

"As online business develops, the security will develop along with it. I'm convinced of that," says Joe Harris, former director of information technology at NBC's stations division and now president of MIDX Worldwide, a media industry consultancy in Key Largo, Fla. "Internet security concerns are only as warranted as security concerns about doing business anywhere."

Those concerns--founded very strongly in reality--still aren't likely to make a noticeable dent in the juggernaut of online commerce.

with additional reporting by Bruce Caldwell, Joseph C. Panettieri, and Marianne Kolbasuk McGee

Comments on this story?