Cyber-threats are
economically motivated and cyber-terror is politically driven. These attacks
occur under a guise of virtual anonymity and are often not attributable to any
one organization or individual. What risks do they present? And how vulnerable
are we?
For terrorists, the psychological
value of a sustained attack is that people lose confidence in their
infrastructure. A disruption in the financial infrastructure creates insecurity
in banks and in the stock market. A sustained disruption of a power system can
create unrest in cities, disruption of telecommunications, and even food
shortages. “A worst-case scenario would be a sustained failure of critical
infrastructure like a power grid or a financial structure,” says Matthew DeVost,
founding director of the Terrorism Research Center and president of
Total
Intelligence Solutions.
When it comes to cyberterror, most
of us envision armies of invading botnets that compromise networks for nefarious
purposes. But a cyber attack could well be physical. “Cable cutting is a key
component of any cyber war,” says Paul Sop, CTO of Prolexic,
which specializes in denial-of-service (DOS) attack mitigation services. “The
U.S. has retrofitted submarines that can go down and snip undersea fiber cable,
and other countries have this, too.” Sop says the commercial Internet has
nothing built into it to work around major disruptions of hardware
infrastructure.
DeVost points out that in 2000, the
CIA told a
congressional committee that more than 100 countries were developing cyberwarfare
capability, but those at the forefront are the U.S., China, Russia, and Israel.
“Russia and China both have hacking groups that specialize in bots, phishing, and
spam, while Israel has concentrated in security,” says Sop. “Meanwhile, the U.S.
has some of the top professionals in knowledge and hacking
ability.”
In some ways, the “war” is already
underway -- but it hasn’t been getting much attention. “I’ve supported probably 30
to 40 forensic investigations of cyber attacks, but only two were reported,”
says DeVost. "Companies don’t like to engage law enforcement because of the
unfavorable publicity that results.”
Mitigating cyber risks is a global
and national security issue; however, companies can be proactive with security by
adopting risk management programs.
“Companies should consider
changing their architecture so their networks do not have single points of
failure, because it’s very hard for cyber attackers to be effective when there
is not a single point of attack,” says Sop. “Enterprises and service providers
should have multiple data centers. If you have multiple servers deployed, do not
link them all to a single database.”
Future cyber attacks will be more
difficult to detect. They will hide behind the “noise” of the Internet, and you
may never know your equipment is infected. “Companies should make sure they have
the ability to do forensic analysis, and get law enforcement involved,” says
DeVost. “The argument for law enforcement is: If no one is prosecuting the
perpetrator of cyber threats, there is no criminal deterrent. These criminals
need the fear of getting caught.”
Enterprises should also put their
computing resources through the paces of real cyber-attacks, not just
simulations. If you don’t subject your systems to the real thing, you have no
way of knowing if your security measures are working. Due diligence is important
in safeguarding our information. So are awareness and
education.
>These are the computers that are part of the ".mil" domain.
I know and I agree, but line between military and nonmilitary is hard to define. Internet revolution, let's say Net 2.0 is bringing more freedom and faster information exchange. With more speed there will be more problems to secure critical data. Business information value is depend from time.
>Attacking servers, deploying malicious virus attacks and stealing
computer information are all criminal acts. And when a nation such as
China uses these attacks during peacetime against both military and
civilian economic targets, it crosses the line of acceptable behavior.
This is state sponsored crime.
In this case I disagree. Spying (stealing information) is in human nature, everybody is spying to get better job, business, ... Attacking servers cannot be attached just to one nation. I am convinced that this is just propaganda against "bad" communistic regime and big economical power of China. Reality can and it is different.
Peacetime does not exists! We live in one world, we have war in Afganistan, Irak, some Africa states, we had 9/11 and that is state sponsored crime too ;)
In answer to your question, "Military computer" networks refer to the US military intranet known as the unclassified IP router network (NIPRNET). These are the computers that are part of the ".mil" domain.
Attacking servers, deploying malicious virus attacks and stealing computer information are all criminal acts. And when a nation such as China uses these attacks during peacetime against both military and civilian economic targets, it crosses the line of acceptable behavior. This is state sponsored crime.
I've no intention to underestimate the gravity of cyberterror but i still believe we are carving to the culture of fear the terrorist want us to live in. I still hold the view that cybercrime should be more of a concern than cyberterror. The terrorist will always use their traditional way of killing and inflicting pain on innocent lives.
Whilst it's not wrong to prepare for such attacks in the future, we should be careful not to overblown this issue and put in on par with nuclear/chemical warfare.
“America is under widespread attack in cyberspace”, testified General
James Cartwright of the US Strategic Command to Congress in March 2007.There were more than 80,000 attempted attacks on military computer networks in 2007.
What is military computer?
Information war is nothing unusual ... trying to get as mouch information as possible is business politics driven, like it was pointed in the article. In politics there is no limit and attacking servers is just one small signal about what is going on.
On the other hand, behind computer, servers and in the network, there are people, operators, who have control over information by the nature and that is biggest risk and if you need to acchive almost secure informations, you have to isolate people on every hub of your information strucuture, which is expandalbe by nature.
I believe that organized cyber warfare, funded and supported by nations pose a bigger threat to the Internet. China is very active in the area of cyber warfare. A recent report by the Heritage Foundation entitled, “Trojan Dragons: China’s International Cyber Warriors” (http://www.heritage.org/Research/AsiaandthePacific/upload/wm_1735.pdf) describes the emphasis that China is placing on cyber warfare.The Chinese People’s Liberation Army (PLA) has cyber warfare brigades that are already at work probing, hacking and stealing data from US and European computer systems.The Chinese cyber attacks haven’t been limited to government systems.In fact, their primary target is economic and industrial information systems.China’s intelligence collection is the top intelligence threat to America’s science and technology secrets.
“America is under widespread attack in cyberspace”, testified General James Cartwright of the US Strategic Command to Congress in March 2007.There were more than 80,000 attempted attacks on military computer networks in 2007.These attacks were often successful in impacting US military operations.Of concern to the government isn’t the high school hacker having fun, but the concerted Internet attacks that are coming out of China.In the last three months, attacks against the US government from China have tripled.The Chinese cyber warfare units have already penetrated the US military’s unclassified but sensitive IP router network (NIPRNET) and have designed software to disable it in time of conflict.
The Chinese have developed a very sophisticated and advanced capability to attack and degrade US and European computer networks and it is time that western nations recognize the threat.This threat is not only to the military, but to commercial, financial and energy networks.The actions of the Chinese cyber warriors in penetrating and stealing data from foreign nations have crossed the boundary of acceptable international behavior during peace time.
In my opinion the cyber terror threat may involve two aspects; the vulnerability and the risk of a diffuse attack against resources classified critical. These include financial system, internet backbone and power system resources etc. The good news is that according to a recent analysis by the IBMs Internet Security Systems X-Force, vulnerabilities actually decreased by 3.3% in the second half of 2007 as compared to last year. However according to a Business Rountable's assessment in 2006 experts do not agree about the actual risk of a diffuse cyber attack.
Viewed from this perspective, some would argue that potential cyber attack risk against critical infrastructure is actually lower than the other known risks like breach of privacy, crime against minors, throttling of internet traffic and anti-trust violations.
Each second that passes we are creating a bigger dependancy towards the internet, and networks in general. It's not a bad thing, but it does come with some issues. Cyber-terror being one of the worst.
Everything in history has came with a price, it's the job of the decision makers to decide if the risk is acceptable, compared to the benefits it draws.
You ask if our systems are vulnerable?You bet we are! And the most critical systems- those that manage our water, power and fuel are perhaps the most easily penetrated and the hardest to reclaim. If somebody gets your credit card info, get a new one.If a keystroke logger has been installed on your PC, go off line and scrub it out.But what if a hack has penetrated your thermostat?Your water meter?Or the systems that distribute your gas, electric or water. And what about the critical systems to maintain societal trust- voting machines.Plenty said about those.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
SIP (Session Initiation Protocol) is an increasingly important Internet integration technology, but there are still areas where critical interoperability work remains to be done -- including on IP PBXs, on SIP-enabled service provider connections, and on fax-over-IP (FoIP) solutions.
It started as a living room conversation in 1998 and grew into a worldwide movement of software developers believing in the principle of creating and circulating software for free. It was a turn-of-the-century counter-movement to the established world of proprietary software that had characterized the 20th century, and which major companies had used to maintain market dominance.
By its very nature, interoperability engages the efforts of many, and this past May’s SIPit 26 testing event for the Session Initiation Protocol (SIP) was no exception. Sixty-seven attendees from 28 companies from 15 different countries attended the five-day event in Kista, Sweden, which tested interoperability among SIP applications, IP (Internet protocol) communications equipment, consumer and enterprise fixed and mobile technology networks, and both edge and end devices.
There was a time when the use of radio telescopes to scour space for signs of life was reserved for scientists and university students, but extraterrestrial life-seeker SetiQuest is expanding its search corps to "citizen scientists" by using Internet-inspired technologies and social innovations like global communities, open-source, and collaboration.
Getting to Work on Smart Work: How IT Is Transforming the Implementation of the 'Internet of Things' Organizations in all industry sectors are becoming more instrumented, interconnected, and intelligent -- and that's changing the way they approach virtually every facet of their operations. It's up to IT to help organizations adopt a "Three I's" approach that leverages the emerging Internet of Things and enables them to work smarter. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Comparing Internet services is tough because service providers price and market their services based on a best-case scenario connection that most consumers will never enjoy.
Comcast and other broadband providers just might exempt content they own from counting against consumer Internet usage caps. Would that make their broadband services more desirable?
A recent scandal involving a school's use of remotely activated Webcams to locate lost or stolen laptops may portend, not only legal action against the school, but also a loss of trust in video that is critical to developing video collaboration over the Internet.
The iPhone has created a new form of the 80/20 rule, according to AT&T, which claims only 3% of iPhone users generate 40% of wireless traffic. But is that really a justification for usage caps and pricing tiers? What did AT&T think was going to happen with the iPhone pricing plan, and are they shoveling something else at us now that we're hooked?
China is investing heavily in fiber to the premises to propel itself into the world broadband Internet first division. What's it deploying, and what's it going to do with all that bandwidth?
Sites like Speedtest.net, which use data from users to construct a new picture of what the Net looks like, are making it harder and harder for service provider spin merchants to mislead the public about how much broadband capacity they are really getting.
Telecom operators say they are adding new high-speed broadband wireless technology to their networks to improve services for users, but they are also introducing tiered pricing which punishes us for taking advantage of the new speed. No fair, says Tom Nolle.
There's a public-policy war on copyright that nobody is winning, and inconsistencies in viewpoint and interpretation seem to be multiplying. We need to step back and think our policies over again, or we risk having a strategy that fails everyone.
Ultraviolet is an industry-wide attempt to standardize video content delivery across multiple platforms. Apart from the fact that it’s based in the cloud, relies on the DRM system, and isn’t backed by Apple… it sounds great!
The FCC's Sixth Broadband Report has a hidden secret. But here’s a hint: The regulatory body plans to regulate broadband as a telecommunications service.
Once defined by epic journeys, planning, and maps, the phrase "on the road" takes on new meaning in a digital age, where we can make all our decisions using our connected devices en route.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
