Rising Threat - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Rising Threat

As war looms, the risk of cyberattacks from hackers and terrorists grows. Are you ready?

Increased tensions have business-technology managers concerned. "Customers are asking more about both network and building security than they used to," says Josh Richards, chief technology officer at Digital West Networks. The hosting company hasn't noticed any unusual activities, Richards says, but as the United States moves toward an attack on Iraq, "we'll all be a little more paranoid and more alert."

Experts disagree on how vulnerable the nation's critical infrastructure is, especially so-called SCADA, or supervisory-control and data-acquisition, systems that utility companies use to remotely monitor and control their operations. Joe Weiss, consultant with KEMA Consulting and former technical lead for cybersecurity of digital control systems security for the Electric Power Research Institute, says SCADA systems are vulnerable. "They were never designed with security in mind, and these systems are connected to the Internet," he says. "There's no doubt that you can get unauthorized access to these systems. It's been done often." But James Lewis, director of the technology program at the Center for Strategic and International Studies, a Washington think tank, says any attacks against SCADA systems would be unlikely to cause anything more than "minor disturbances, like the outages in phone or electrical power that we already experience."

According to network-security vendor Symantec Corp.'s Internet Security Threat Report, which is based on real-time attack information from more than 400 companies in more than 30 countries, about 60% of power and energy companies experienced at least one severe event in the second half of 2002. The attacks, however, didn't "necessarily endanger critical systems, such as SCADA systems," according to Symantec.

More likely targets may be the Internet's domain-name servers, which store Internet addresses, and the Border Gateway Protocol, used by routers to send traffic around the Internet. Research presented last week to the International Telecommunication Union in Geneva indicates that an attack against country-code domains could make an entire country disappear from the Internet because its domain-name servers couldn't be reached, with serious repercussions on its economy.


Companies must think about security when they put new processes and systems in place, P&G's David says.
An attack on the Border Gateway Protocol could create a black hole on the Internet, says Vinton Cerf, co-inventor of TCP/IP and senior VP for architecture and technology at telecommunications service provider WorldCom. A tech-savvy hacker or terrorist could do some damage to the Internet by compromising the protocol, Cerf says. ISPs use many techniques to check the validity of the information received from other routers. But if a hacker or a terrorist broke into a router and injected bad routing data, it could be broadcast across the Internet, and some traffic wouldn't reach its intended destination. Some Internet engineers have started using hash codes, a method of verifying a sender's identity and digitally signing routing table updates, he says. "I'll feel a little better if we're all using hash codes," Cerf says.

Business-technology managers may need to ratchet up security efforts even more. Despite experiencing a variety of worms, viruses, denial-of-service attacks, and other threats, "security is now almost the last thing companies think about when they put in place new systems or business processes," said Steve David, CIO and business-to-business officer at Procter & Gamble Co., at the InformationWeek conference. "There has to be a shift." The SQL Server worm in January was the first to penetrate Procter & Gamble's firewalls, and though it didn't cause serious damage, it was a real "wake-up call," he said.

One chief information security officer at a major financial-services firm says he welcomes all efforts to create a more secure Internet, secure software, and better tools to protect apps and networks. "We're preparing the best we can, monitoring and hardening our systems," he says. "The rest is patching and praying."--with Robin Gareiss and Jennifer Zaino

Photo of David by Sacha Lecca

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 2
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll