Infrastructure
News
11/19/2004
04:57 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Attacks That Blend Threats Against People, IT Systems Predicted

William Hancock, chief security officer at Savvis Communications, says the migration of power-grid systems to the Internet has increased their vulnerability.

In San Francisco on Thursday, William Hancock, VP of security practice and strategy and chief security officer of IT service provider Savvis Communications, told a group of IT professionals and reporters that the sky was falling.

Hancock said he expects the emergence of "blended-threat" attacks that combine war on critical infrastructure occurring simultaneously with attacks designed for large-scale fatalities such as biological terrorism. Hancock went as far as to predict that such attacks would exceed those on the World Trade Center in magnitude of disaster.

The cyberwarfare aspect of such an attack could happen in any number of ways. He described the migration of the power grid from protocols such as DECnet and OSI to TCP/IP as one area of increasing vulnerability. With more of these power-grid systems connecting directly to the Internet, he warned, they become susceptible to denial-of-service attacks that could cause blackouts across the United States.

As a more mundane example, a new PC connected to the Internet could become infected with a worm within 25 minutes--before it has completed downloading the patches necessary to protect it against the most current threats, Hancock said.

Layered defenses are necessary, he argued. "There's not a firewall made that you can't get through."

Hancock, chairman of the National Reliability and Interoperability Council Focus Group 2B, Cybersecurity, a council of advisers to the Federal Communications Commission, said that while he didn't want to be an alarmist, the state of Internet security is alarming.

Testifying before Congress in September on identity theft--currently favored by worm writers and phishers--Hancock focused on what could be done, principally in the area of identity management.

"Identity management of the future cannot be simplistic password methods of the past," he said. "It will need to incorporate advanced concepts such as biometrics and cryptographically sound methods to ensure the identity of a device, application, or individual is permitted to access data elements in databases and other information repositories."

That's essentially what Microsoft chairman Bill Gates said at the Microsoft IT Forum in Copenhagen earlier this week, where he addressed the "weakness of the password."

In his keynote address, Gates said that we cannot rely on passwords to protect health data, financial data, or records access. "Therefore, moving to biometric identification, and particularly in moving to smart cards, is a way that is coming," he predicted. "This is something that has been talked about for several years, but now we finally see the leading-edge customers taking that step."

Comment  | 
Print  | 
More Insights
2014 Next-Gen WAN Survey
2014 Next-Gen WAN Survey
While 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.