Rising Threat - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Rising Threat

As war looms, the risk of cyberattacks from hackers and terrorists grows. Are you ready?

Just two days after the Department of Homeland Security officially opened its doors, government-and business-security managers scored a victory of sorts with a successful public-private effort to combat a potential threat to more than 1.5 million E-mail systems around the world. The work served as a dress rehearsal for the kind of cyberattacks the government expects will increase as geopolitical tensions rise and a war with Iraq looms.

When the Sendmail vulnerability and the patches for it were simultaneously made public last week, key commercial organizations such as banks and utilities, as well as government agencies, were prepared to deal with the problem, having been alerted to it in late February by officials at the government's Critical Information Sharing and Analysis Centers. Issuing the patches was the culmination of work that began in December, when security software vendor Internet Security Systems Inc. warned the National Infrastructure Protection Center, now a part of Homeland Security, of the vulnerability in the Sendmail Mail Transfer Agent, which handles half to three-quarters of all Internet E-mail traffic. If exploited, the vulnerability could disrupt E-mail systems, emergency services, telecom networks, and other online systems worldwide, ISS warned.

The new department quietly worked with businesses and government agencies to secure highly vulnerable communication systems, according to sources, including people at computer-security education group SANS Institute and ISS. Homeland Security, working with ISS, contacted software developer Sendmail Inc. and Sendmail distributors such as Hewlett-Packard, IBM, Silicon Graphics, Sun Microsystems, and the Sendmail Consortium, which immediately began developing patches.

To secure open-source Linux and Berkeley Software Design, or BSD, versions of Sendmail, the CERT Coordination Center, a group that provides security information and monitoring, asked vendors such as OpenBSD, Red Hat, and SuSE to assist in correcting the source code. Homeland Security notified the Defense Department--the first group to receive the patches on Feb. 25--and the Federal CIO Council about the flaw. The Federal Computer Incident Response Center and the Office of Management and Budget also joined in the effort.

"The cooperation on this effort was the best I've ever seen," says Alan Paller, director of research at the SANS Institute. "When has there ever been an example of the White House, OMB, federal and civilian CIOs, DoD, and nearly 20 software vendors, all working together under the Department of Homeland Security's encouraging leadership?"

The government is prepping for cyberwar in other areas. The new House Homeland Security Committee last week created five subcommittees to focus on security, one of which will oversee federal cybersecurity, science, and research and development efforts for homeland security. The move follows the approval of the Cybersecurity Research and Development Act, which pro-vides $900 million over five years for universities to create IT security centers and research ways to protect computer systems.

The joint public-private effort that the Homeland Security Department led may become standard operating procedure as war gets closer. The National Infrastructure Protection Center and officials in the United Kingdom have warned that cyberattacks against Western interests will likely increase as global tensions rise.


Government and business should prepare for more serious cyberattacks, Clarke says.
Richard Clarke, the former special adviser to the president for cyberspace security, in his first speech since leaving that post last month, told attendees at the InformationWeek Spring Conference last week that terrorists may use the Internet to attack America's infrastructure. Captured computers and documents make clear that al-Qaida operatives used the Internet to do "virtual reconnaissance" on U.S. infrastructure, not only on companies but on dams and power plants and the software that runs them, he said. They also were downloading hacker tools from Web sites, Clarke said.

Some recent activity, such as denial-of-service attacks against the Internet's domain-name servers and the Slammer worm, seem to be evidence of "some funny things happening in cyberspace" that stopped short of causing serious harm, Clarke said. "It looked to me like people were seeing what you could do to be really destructive but not being really destructive, yet."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll