Forwarded From: darek milewski <darekm@cmeasures.com>
U.S. Government Report Exposes Computer Security Threat
Washington, D.C. -- Computer hackers using software widely available on
the World Wide Web could bring down the nation's electrical power grid and
military command and control systems, according to a U.S. government
report released today.
A complete overhaul of U.S. national security agencies and policies is
needed to avert cyber attacks that could cripple the nation's and
Corporate America's critical infrastructure, the report states.
The report, entitled, "CyberCrime, CyberTerrorism, and CyberWarfare:
Averting an Electronic Waterloo," recommends several procedures U.S.
policy makers can implement to defend the nation's critical
infrastructures from information warfare. "Averting an Electronic
Waterloo" is the result of a three-year effort by the Center For Strategic
and International Studies' Global Organized Crime project, chaired by
William Webster, former FBI and CIA director.
To illustrate how vulnerable the U.S. defense and national security
community is to an information attack, the report notes the results of a
recent Joint Chief of Staff exercise code-named "Eligible Receiver." A
group of security experts, known as a "red team," used software widely
available from hacker Web sites to prove that they could disable major
portions of the U.S. electric power grid and deny computer services to the
entire Pacific military command and control system through an information
warfare attack.
"It's unsettling to know that you could be experiencing an attack from
almost any quarter and not know when it started or where its coming from,"
said Senator Charles Robb (D-Va.), a member of the Senate Select Committee
on Intelligence.
"CyberCrime looks at the problem of cyber attacks on the U.S.
infrastructure -- a serious problem which, in the opinion of most
[experts], has not been adequately addressed," Webster said.
A broad-based security policy must address the total impact of the
information revolution on national security, but will not be effective
unless government works closely with private corporations -- which are
often on the front lines of cyber attacks, the report states.
Robb said the U.S. should prepare now and not wait for a catastrophe to
occur. In fact there are already indications that about 20 foreign nations
have already successfully penetrated U.S. information systems, according
to the report.
CSIS task force recommends the development of a national security policy
for the Information Revolution. The president should issue an executive
order that requires a top-down review of all the organizations responsible
for information security and CyberCrime.
CSIS also recommends that the government support private-sector efforts to
improve information security such as the Information Systems Security
Board proposed by the telecommunications industry. ISSB would be a private
sector-organized group which would evaluate and endorse information
security standards.
In the past the government has lead the private sector. But with the
growing cyber threat, that can't continue to happen. "The private sector
cannot sit back and wait for government to lead," Robb said. By Rutrell
Yasin
http://www.internetwk.com/news1298/news121598-4.htm
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Dec 21 08:40:39 1998