Rising Threat - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Rising Threat

As war looms, the risk of cyberattacks from hackers and terrorists grows. Are you ready?

Increased tensions have business-technology managers concerned. "Customers are asking more about both network and building security than they used to," says Josh Richards, chief technology officer at Digital West Networks. The hosting company hasn't noticed any unusual activities, Richards says, but as the United States moves toward an attack on Iraq, "we'll all be a little more paranoid and more alert."

Experts disagree on how vulnerable the nation's critical infrastructure is, especially so-called SCADA, or supervisory-control and data-acquisition, systems that utility companies use to remotely monitor and control their operations. Joe Weiss, consultant with KEMA Consulting and former technical lead for cybersecurity of digital control systems security for the Electric Power Research Institute, says SCADA systems are vulnerable. "They were never designed with security in mind, and these systems are connected to the Internet," he says. "There's no doubt that you can get unauthorized access to these systems. It's been done often." But James Lewis, director of the technology program at the Center for Strategic and International Studies, a Washington think tank, says any attacks against SCADA systems would be unlikely to cause anything more than "minor disturbances, like the outages in phone or electrical power that we already experience."

According to network-security vendor Symantec Corp.'s Internet Security Threat Report, which is based on real-time attack information from more than 400 companies in more than 30 countries, about 60% of power and energy companies experienced at least one severe event in the second half of 2002. The attacks, however, didn't "necessarily endanger critical systems, such as SCADA systems," according to Symantec.

More likely targets may be the Internet's domain-name servers, which store Internet addresses, and the Border Gateway Protocol, used by routers to send traffic around the Internet. Research presented last week to the International Telecommunication Union in Geneva indicates that an attack against country-code domains could make an entire country disappear from the Internet because its domain-name servers couldn't be reached, with serious repercussions on its economy.


STEVE DAVID PHOTO

Companies must think about security when they put new processes and systems in place, P&G's David says.
An attack on the Border Gateway Protocol could create a black hole on the Internet, says Vinton Cerf, co-inventor of TCP/IP and senior VP for architecture and technology at telecommunications service provider WorldCom. A tech-savvy hacker or terrorist could do some damage to the Internet by compromising the protocol, Cerf says. ISPs use many techniques to check the validity of the information received from other routers. But if a hacker or a terrorist broke into a router and injected bad routing data, it could be broadcast across the Internet, and some traffic wouldn't reach its intended destination. Some Internet engineers have started using hash codes, a method of verifying a sender's identity and digitally signing routing table updates, he says. "I'll feel a little better if we're all using hash codes," Cerf says.

Business-technology managers may need to ratchet up security efforts even more. Despite experiencing a variety of worms, viruses, denial-of-service attacks, and other threats, "security is now almost the last thing companies think about when they put in place new systems or business processes," said Steve David, CIO and business-to-business officer at Procter & Gamble Co., at the InformationWeek conference. "There has to be a shift." The SQL Server worm in January was the first to penetrate Procter & Gamble's firewalls, and though it didn't cause serious damage, it was a real "wake-up call," he said.

One chief information security officer at a major financial-services firm says he welcomes all efforts to create a more secure Internet, secure software, and better tools to protect apps and networks. "We're preparing the best we can, monitoring and hardening our systems," he says. "The rest is patching and praying."--with Robin Gareiss and Jennifer Zaino

Photo of David by Sacha Lecca

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Commentary
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Commentary
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll