UGN Security
Posted By: smarts Cyber War (Vulnerabilities) - 04/25/03 07:49 AM
How vulnerable are we?

A letter from concerned scientists:

Following the Sept. 11 attacks, a group of concerned scientists sent President Bush this letter, in which they warn, "The critical infrastructure of the United States, including electrical power, finance, telecommunications, health care, transportation, water, defense and the Internet, is highly vulnerable to cyber attack. Fast and resolute mitigating action is needed to avoid national disaster." The scientists advocate that the president respond to the cyber threat by setting up a Cyber Warfare Defense Project modeled on the Manhattan Project.


How real is the threat?

Many authorities on national defense and the Internet are warning that the critical infrastructure of the U.S. -- including electrical power, finance, telecommunications, health care, transportation, water, defense, and the Internet -- is highly vulnerable to cyber attack. How imminent is such a threat? And how prepared are we? Here are excerpts from interviews with Richard Clarke, former White House adviser on cyberspace security; Amit Yoran of Symantec; O. Sami Saydjari of Cyber Defense Agency; former FBI security expert Ron Dick; James Lewis of the Center for Strategic and International Studies; John Arquilla of the Naval Postgraduate School; former Deputy Secretary of Defense John Hamre; and Scott Charney of Microsoft.


What's needed to secure cyberspace?

Does the U.S. need a regulatory mechanism to get people to pay attention to cyber security? Would liability laws help? More encryption technology? Or a more robust government/private-sector partnership? Here are views on the measures needed and the challenges involved in improving cybersecurity, drawn from FRONTLINE's interviews with Amit Yoran of Symantec; James Lewis of the Center for Strategic and International Studies; John Arquilla of the Naval Postgraduate School; John Hamre, former deputy secretary of defense; Michael Skroch of Sandia National Laboratories; O. Sami Saydjari of Cyber Defense Agency; Scott Charney, chief security strategist at Microsoft; and Richard Clarke, former White House adviser on cyberspace security.


What are Al Qaeda's capabilities?

Over the past year, investigators have accumulated intelligence about Al Qaeda's interests and skills in using cyberspace to launch an attack. Many experts believe terrorists could likely combine such a cyber-based disruption with a real-world physical attack to amplify the impact. Here are excerpts from interviews with Richard Clarke, former White House adviser on cyberspace security; John Arquilla of the Naval Postgraduate School; James Lewis of the Center for Strategic and International Studies; John Hamre, former deputy secretary of defense; Michael Skroch of Sandia National Laboratories; Ron Dick, former FBI security expert; and a hacker who spoke on condition of anonymity.


Vulnerabilities: The power grid?

In a potential cyber attack on the U.S., there are experts who believe one of the targets could be the country's electric power grid. By exploiting vulnerabilities in the control systems utility companies use to remotely monitor and manage their operations, U.S. cities could be blacked out for extended periods of time. Here are excerpts from interviews with Richard Clarke, former White House adviser on cyberspace security; O. Sami Saydjari of Cyber Defense Agency; Ron Dick, former FBI security expert; James Lewis of the Center for Strategic and International Studies; Michael Skroch of Sandia National Laboratories; John Arquilla of the Naval Postgraduate School; and John Hamre, former deputy secretary of defense.


Vulnerabilities: SCATA systems?

Digital control systems, such as SCADA systems, supervise and control real-world structures like gas pipelines, oil refineries, and power grids -- and they can be manipulated remotely. That, says experts, makes them a potential prime target for terrorist groups who could get inside these systems and inflict physical damage on the nation's infrastructure. Is the clock ticking on this kind of cyber-based threat? Here are excerpts from interviews with Tom Longstaff of the CERT Research Center; James Lewis of the Center for Strategic and International Studies; Joe Weiss of KEMA Consulting; Amit Yoran of Symantec; Michael Skroch of Sandia National Laboratories; and a hacker.


Vulnerabilities: Software?

Some of the most recent worms that have affected computers worldwide took advantage of software vulnerabilities that were previously known to manufacturers. There's also the problem of known vulnerabilities in the software used in SCADA systems. Although many companies maintain that they are doing their best to prevent and self-correct for inadvertent vulnerabilities, critics say the manufacturers should be held more accountable for software security. Here are excerpts from interviews with Amit Yoran of Symantec; John Hamre, former deputy secretary of defense; Richard Clarke, former White House adviser on cyberspace security; Joe Weiss, a security consultant for KEMA Consulting; O. Sami Saydjari of Cyber Defense Agency; Scott Charney, chief security strategist at Microsoft; and a hacker.
Posted By: Rapture Re: Cyber War (Vulnerabilities) - 04/25/03 07:28 PM
really needed 3 threads for this?
Posted By: Infinite Re: Cyber War (Vulnerabilities) - 04/25/03 07:44 PM
/me nods in agreement at rapture
Posted By: smarts Re: Cyber War (Vulnerabilities) - 04/26/03 06:48 AM
Nice and ORGANISED that way.
Sheesh.
Posted By: SilentRage Re: Cyber War (Vulnerabilities) - 04/26/03 01:09 PM
ja, you don't hear me complaining. I read all 3 long posts, nice postings. Perhaps better fits in the news forum though. That's my only thought.

Where'd you get it? Naming sources is always a good idea.
Posted By: pergesu Re: Cyber War (Vulnerabilities) - 04/26/03 07:26 PM
No complaints here. Rapture and Infinite, shut your traps smile
Posted By: dashocker Re: Cyber War (Vulnerabilities) - 04/26/03 10:20 PM
Hmmm, SR, you read this? Then you would notice it is a FRONTLINE report. Which I believe airs on PBS. Some interesting stuff here, but it's just another scare tactic being used against the American people. I'm really, really scared of Al-Qaeda "owning" my box. Not, I doubt the government is either. Taking out some power vs. blowing up an embassy? Bombs win everytime. Most of the vulnerable systems outlined are not as weak as this report makes them seem. These infrastructure related computers no doubt require very specialized and *expensive* software. It's not as if I can boot up telnet and go about taking down an oil pipeline. Surely
a private individual going in and attempting to purchase some of the same stuff used by AT&T, for example, will get noticed. I'm not saying our nation's valuable computer systems aren't at risk; I just don't like being terrorized by my own countrymen.
Posted By: SilentRage Re: Cyber War (Vulnerabilities) - 04/26/03 11:37 PM
yes, I read it and I don't watch PBS, and I never see FRONTLINE reports. Capish?
Posted By: dashocker Re: Cyber War (Vulnerabilities) - 04/28/03 10:03 PM
I think you spelled "Capish" wrong...
Posted By: pergesu Re: Cyber War (Vulnerabilities) - 04/28/03 10:14 PM
Rage spells phonetically. The word he's going for is "capisce," but it's never said right in movies anyway. No more discussion of this crap in this thread, or it gets closed.

>> Rage Insert
"capisce" is the foreign word "coppish" ( http://www.word-detective.com/012000.html#coppish ) comes from. In fact, I searched for the word before I typed it, and the "capish" spelling is commonly used. But I agree with perg, spell checking bullshit should be kept to yourself. Not in reply to an otherwise intelligent discussion. And if anything more is said about spelling, then that post should be deleted - not the whole topic closed. I want to delete dashocker's post, but perg already replied.
<<
© UGN Security Forum