UPDATE - Cyberspace Attacks...Some Interesting Questions

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Fair use for educational and research purposes only

PUBLIC FORUM - BOSTON GLOBE

Title: We're not ready for cyberspace attacks

By McDonnell Ulsch and Scott Steinert-Evoy, 5/23/2000

Computer hackers made headlines recently by lobbing virtual grenades at some of the world's most popular Internet sites. The ''Love Bug'' and its mutations have wreaked havoc around the world.

But in the war to make businesses secure in today's interconnected world, these attacks were merely skirmishes, nuisance attacks that could have been orchestrated by a C-student testing classroom theories. What would happen if malicious hackers mounted a concerted assault?

Are banks, brokerages, and insurance companies as ready as they were for the glitch known as Y2K?

The answer is largely no. The days when a strong vault, iron bars, and an armed guard seemed an adequate deterrent to bank robbers have fast disappeared. It's not enough to beef up security anymore. The whole concept must be redefined.

With half of the world's computer capacity and more than 60 percent of Internet assets, the United States is the most advanced and most dependent user of information technology. Widespread electronic thefts or disruptions could shake public confidence in the emerging new economic order and wreak financial havoc.

But the specter of these attacks has not received the attention that's merited: not from the Y2K-weary public and new media, and certainly not from the upper echelons of corporate America. Y2K, after all, was something CEOs could easily understand. It was a specific problem, with a specific solution.

Most importantly, Y2K commanded the constant attention of the men and women who run America's publicly held companies. Every CEO faced regular questions from Wall Street analysts on Y2K preparedness. Stock prices rose and fell on the strength of Y2K programs. That kind of attention from the top opens corporate wallets like no back-office Cassandra ever could.

Combating cyberterrorism also requires an enormous commitment. But the solutions, like the problem, are more ambiguous than those associated with Y2K. Each new dawn brings a new day of reckoning. Hackers develop resistant strains to each new vaccine as the Internet becomes a playground for all kinds of malcontents.

Some 118 million people around the world already possess the skills to conduct cyberattacks, according to International Data Corp.

But thinking of security as an ''Internet-only'' problem is a wrongheaded approach destined to fail.

The Internet may be fast emerging as a public network vital to the flow of commerce. But it also depends on the rest of the critical public infrastructure - the national power grid, the telephone switching system - to operate at all. These systems are vulnerable to a dizzying variety of attackers.

Conversely, the best computer security cannot stop a disgruntled former employee with a password - or a key to the basement. These types of inside attacks are by far the most common among US companies.

Some companies have already appointed chief security officers whose mandates encompass both physical and network security. In the future, these professionals must create a security culture where such artificial lines will disappear entirely - and where information security is a hot topic in the boardroom.

Investor punishment of the affected companies is sure to get the attention of Wall Street analysts, and, consequently, top corporate decision makers. They have a long road ahead of them. Instilling a culture of security, unlike slaying the Y2K dragon, is a never-ending quest.

--------------------

MacDonnell Ulsch and Scott Steinert-Evoy work in the Technology Risk Services consulting practice of PricewaterhouseCoopers LLP in Boston.

This story ran on page E04 of the Boston Globe on 5/23/2000. ) Copyright 2000 Globe Newspaper Company

http://www.boston.com/dailyglobe2/144/business/We_re_not_ready_for_cyberspace_attacks+.shtml

====================



-- (Dee360Degree@aol.com), May 23, 2000


Moderation questions? read the FAQ