Canada: Y2K brigade targets hackers

greenspun.com : LUSENET : TB2K spinoff uncensored : One Thread

http://www.ottawacitizen.com/national/000423/3979249.html

Link

Monday May 01, 2000

Y2K brigade targets hackers

Government plots strategy to handle cyberterrorism

Susan Delacourt

The Ottawa Citizen

Last year's Y2K scare has become this year's "Mafiaboy" for a new working group within the federal government.

Many of the same resources and people deployed in the effort to avert computer meltdown on Jan. 1, 2000 are now focusing on the risks of cyberterrorism and malicious computer hackers.

The new group, known as the "Critical Infrastructure Protection Task Force," was set up about two weeks ago and is working toward a deadline of this fall to deliver its proposals. Infrastructure, in laymen's terms, includes all those things we regard as necessities for work and life: water, utilities, telephones, transportation, financial transactions; most of which are now run mainly by computers.

The task force's efforts became especially pointed last week when a Montreal teenager, identified by his Internet nickname, Mafiaboy, was arrested for the paralyzing attacks earlier this year on U.S. Web giants such as eBay, Amazon.com and CNN.

And just as the infrastructure disaster of the 1998 ice storms in Ontario and Quebec proved to be a valuable education exercise for Y2K, so has Y2K become an important link to understanding more deliberate threats.

Jim Harlick is the executive director of the task force, which operates under the department of National Defence but includes public servants from several branches of government, including Industry and Treasury Board. These people are applying many of the lessons they learned during contingency planning for Y2K to improve security around vital, electronic information in Canada.

In a coincidence, the decision about whether to set up this task force was being considered on the very day last February when Mafiaboy's handiwork was shutting down the huge Internet presences in the United States.

In fact, impetus for this effort is coming strongly from events in the United States, where the public and governments appear to be increasingly seized with the security of the nation's power grids, water systems and banks, which are controlled by computers and could prove vulnerable to attack.

How aware are Canadians of this reality? This is where the Y2K experience is proving helpful, in that a lot of the legwork has already been done in identifying which computer systems and operations are vital to the smooth running of the country. As well, it is unfortunately true that public awareness builds when things go terribly wrong.

"The Mafiaboy thing, of course, adds another layer of knowledge," Mr. Harlick said.

One of the major lessons of the Y2K scare was that the federal government could not be solely responsible for the security of computer systems. Crucial parts of the country's infrastructure are controlled by a complicated web of federal, provincial and municipal governments, with important components also in the private sector and even in the United States.

The big difference between Y2K preparation and protection against cyberterrorism is that one is accidental, the other deliberate. In other words, it's one thing to insulate computer systems from technical breakdowns, quite another to find ways to thwart people determined to get at the functioning heart of the system.

The federal government is naturally aware of that distinction, spokesmen say, but there are ways in which the two are similar. Mr. Harlick says that Y2K's most powerful lessons were in demonstrating Canadians' dependency on computers running properly.

Cyberterrorism has been emerging as a concern for the federal government over the past several years. The Y2K scare also contained an element of this fear, with officials worried that terrorists or mischief makers might deliberately exploit smaller computer glitches to create larger chaos.

Here in Canada, a special Senate committee on terrorism and public safety, in a report issued in January, 1999, put those cyberterrorist concerns on the record:

"With the explosion in new technologies, government departments and agencies responsible for the security of Canada's critical infrastructures have a major challenge to address," the report stated. "The results of vulnerability tests performed in certain departments to replicate a cyber-attack have not been comforting. The committee was assured that federal departments ... are confident that they can do it."

The government's new critical infrastructure protection task force is intended to handle a large part of the challenges identified in that report.

"One of the biggest lessons we learned during Y2K is that the federal government doesn't have ownership of this problem alone," said Kevin Mills, a spokesman for Canada's Communications Security Establishment, which is only monitoring the task force's work for now.

-- (north@american.news), May 01, 2000


Moderation questions? read the FAQ