Terrorism fight could prompt new cyberattacks against U.S. companies

posted onSeptember 27, 2001
by hitbsecnews

WASHINGTON -- A congressional committee was told Wednesday that the U.S. war on terrorism could increase the number cyberattacks aimed at U.S. companies already struggling to repair an increasing array of vulnerabilities to Internet-connected systems.

"I believe the threat is even greater today then it was before Sept. 11," said Michael Vatis, a former FBI assistant director and former head of National Infrastructure Protection Center (NIPC). The NIPC, based at FBI headquarters, was formed in 1998 to handle threat assessment, investigations and responses to any attacks on critical U.S. infrastructures.

Vatis's prediction is based on an analysis that found a rise in cyberattacks in connection with physical conflicts, such as the Israeli/Palestinian conflict and the U.S. and China spy plane incident.

Vatis also told the Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations that the very infrastructure of the Internet is susceptible to attack. "The possibility is there to take down significant portions of the Internet and the critical infrastructures that rely on the Internet," he said.

Richard Pethia, director of Carnegie Mellon University's CERT Coordination Center, echoed Vatis in testimony also delivered to the subcommittee Wednesday.

"Much of the Internet is very resilient and very robust and able to recover from an attack," he said. "But there are those few key points like domain-name servers that don't have enough redundancy or ability to quickly recover from attack. If we focused in on those key points, we can make a lot of progress [protecting those points] in a short period of time," he said.

Harris Miller, president of the Information Technology of America in Arlington, Va., said it would be inaccurate to say the Internet is vulnerable. "There are obvious physical risks," he said. But major infrastructure operators are building in protection.

One security problem cited in testimony focused on software quality and the ability of systems administrators to stay abreast of fixes and patches needed to protect their systems.

"Today's commercial off-the-shelf technology is riddled with holes," Pethia said. Last year, CERT reported 1,090 vulnerabilities caused by software designs that don't adequately protect Internet-connected systems. That number is expected to climb to 2,000 this year, he said.

Software and design practices "used today do not yield software that is resistant to attack," said Pethia, and end-users can't keep pace. "The sheer number of vulnerabilities is overwhelming organizations," he said. Reactive solutions such as applying patches and software updates "are reaching the limit of their effectiveness."

But Ron Dick, the current NIPC chief, said that probably 80 percent of the issues his agency tackles could have been avoided if systems administrators "would just download a patch and repair their systems."

Miller said that while no design is perfect, software makers are nonetheless trying to build systems with the highest security settings. End-user companies don't always take advantage of those security features and sometimes turn them off, he said.

If a customer refuses to use those security features, "then you get your problems. So how do we get this kind of acceptance, just like how do you convince people to use seat belts?" Miller said.

Government officials have been looking for ways to improve security awareness, and the Bush administration, which is working on a new national plan for protecting critical infrastructure, also appears to be playing more of a direct, organizing role on immediate security issues.

Soon after the Nimda worm started spreading last week, a National Security Council (NSC) official organized a conference call last with some 100 people involved in the IT industry to discuss the virus. Miller said the NSC has had a lot of interest in information security issues but is now becoming more "systematic" in its approach.

IDG.

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs