|
|
|
|
Computer Security Experts Worry About Possibility of Cyber AttackBy MICHAEL BUETTNER (AP)-Sushil Jajodia spends his days thinking about things that would keep most of us awake at night. The director of the Center for Secure Information Systems at George Mason University believes that terrorists can turn the United States' technological advancement against it, using our computers to wreak havoc on a scale comparable to the Sept. 11 attacks -- and do so relatively easily. Worse, he's convinced that too little is being done to protect against an assault in cyberspace. "What made 9/11 so destructive was that it was a coordinated attack," involving 18 hijackers, four airplanes and multiple targets, Jajodia noted. A similarly coordinated assault in cyberspace would be easier, he said. "They don't have to risk their lives and they don't have to be sophisticated or knowledgeable to launch an attack," he said. "A bunch of terrorists could get together and launch attacks against power plants, launch them against NASDAQ. ..." CACI International Inc., based in Arlington, provides information technology services, including network security services, mainly for government clients. Its division manager for information assurance, Jim Hogler, also worries about cyberterrorism. "If there were a cyber attack, what form would it take?" he asked. "I spend a lot of time thinking about that. Would it be a virus? Denial of service? What is that thing we haven't thought of yet? I don't think flying a plane into a building was something anyone had thought about before 9/11." In fact, computers are under attack constantly, said Eugene Huang, Virginia deputy secretary of technology. "We face threats on a daily basis -- attempted intrusions and hacks," he said. "Just this month, for the state's main Web site, we've recorded almost a quarter-million attempts to exploit well-known security holes." Such "holes" have long since been patched by the state's security experts, Huang noted. State network security experts "are actively monitoring all of the computers that are connected to the Internet and present a potential pathway for attack." While such attempted intrusions into the state's computers represent more or less casual hacking that is unlikely to result in deaths, many experts warn that people intent on committing actual physical harm against the United States will one day try to use computers as their weapons. Among the possible forms a cyberterrorist assault might take, the most alarming involve the disruption of computers that control nuclear power plants, transportation systems -- including air traffic control -- and food-processing plants. Nightmare scenarios have nuclear reactors melting down, airplanes being rerouted to crash into population centers, trains smashing into each other above ground and subway trains underground, fatal doses of additives being introduced into prepared foods. "Vulnerabilities are everywhere," Jajodia noted. "Anytime anything is connected to the Internet, it is vulnerable and could easily be attacked." If there's good news in cyberdefense, it's that experts generally see little likelihood of those particular nightmares coming true. The computers that control vital industrial and transportation systems are set up to give warnings if anything deviates too far from normal operation. Dominion Virginia Power operates what may be the two most obvious terrorist targets in Virginia, the two nuclear power plants in Surry and Louisa counties. The company declined to answer specific questions about its defenses against cyber attack, but spokeswoman Irene Cimino offered a general statement of Dominion's position: "We always take security very seriously," she said. "Since Sept. 11, Dominion has heightened its awareness and security measures to ensure the safety of all our assets and employees." If physical danger from cyberterrorism seems far-fetched, economic chaos may be a more realistic fear, as Jajodia's unfinished remark about NASDAQ suggests. Relatively simple virus programs such as the "Iloveyou" virus in 2000 -- created by a novice computer student -- have already disrupted computers worldwide and cost businesses millions of dollars in lost productivity and repairs. A successful effort to shut down or destroy businesses' computer systems could dwarf Sept. 11 in actual dollar costs, if not in lives. Businesses generally take the possibility seriously, said Hogler, noting that CACI was seeing growing demand for its security services even before Sept. 11. "I think there was a trend to tighten up security as a result of the Y2K problem and the viruses," he said. "I think we knew what had to be done before 9/11, but 9/11 made people decide to go ahead and do it." Jajodia, however, doesn't believe businesses or government are doing enough of what really needs to be done -- spending money to upgrade computer defenses. "I see very little sign of it," he said. "I see an isolated program here and there." The government, he said, must take the lead in cybersecurity and require businesses to increase their level of protection. "The government has to step up and say, 'This is important,' and spend some money on education and research, put pressure on vendors to produce better products" such as software that doesn't leave computer owners vulnerable to attack. Otherwise, he said, he believes "the next great attack will be in cyberspace." This article also available at www.wvbt.com.
The Information Assurance Scholarship Program is open to U.S. Citizens pursuing undergraduate, masters, and doctoral degrees from the Centers of Academic Excellence in Information Assurance Education Copyright © 1994-2004 Center for Secure Information Systems, George Mason University. |
