clock menu more-arrow no yes

Filed under:

Lowlifes could pose a high risk to modern, high-tech society

Suddenly, electric power goes off. Or telephones go dead. There's chaos in the electronic banking system. Are the incidents electronic accidents or deliberate attacks?

Computer security experts from government and private industry voiced agreement Tuesday that as the most technologically advanced society in the world, the United States is uniquely vulnerable to electronic attack.How soon the threat would be real and what could be done to block it were principal topics of discussion on the opening day of the National Information Systems Security Conference.

"Our profound vulnerability is growing on a daily basis," said Charles Abzug of the Institute for Computer and Information Sciences. "Since our society is the most technologically advanced in the world, we are more vulnerable than anyone else."

Robert Marsh, a retired Air Force general who is chairman of the President's Commission on Critical Infrastructure Protection, told the conference that "while a catastrophic cyber attack has not occurred, we have enough isolated incidents to know that the potential for disaster is real and the time to act is now."

The commission is expected to send its report to the White House next week. Marsh said the panel would recommend far greater cooperation and sharing of information between government and private industry, accelerated research and a nationwide program to educate people on the scope of the problem.

But questions were quickly raised as to how much information the government could share from a report that is classified.

"We have to solve this dilemma because if we don't, we have no sharing of information," said Thomas J. Falvey, a commission member who is a security expert at the Transportation Department.

Marsh conceded in an interview that there will be a need to break down reluctance within industry and government to share sensitive information.

He said there is a need to "devise the means by which the private sector can in fact be willing to share its information and not fear that it will leak."

At the same time, the government "is going to have to recognize that in this new era, it's the private sector that needs some of this threat information and this warning information."

As examples of cyber attacks already experienced, Marsh cited incidents at Langley Air Force Base in Virginia and Griffis Air Force Base in Rome, N.Y.

"A flood of e-mail messages originating in Australia and Estonia - and routed through the White House computer system - virtually shut down Langley air base's e-mail for hours," he said.

Someone in England routing messages through Latvia, Colombia and Chile and commercial Internet service providers gained access to computers at Rome Laboratory at Griffis and "launched attacks against a wide array of defense and government computer systems," said Marsh.

One of the difficulties in such cases is determining whether it is the work of a mischievous hacker or an attack by a hostile government.

"If Iran attacked AT&T, how does AT&T know that's an act of war rather than some kid fooling around?" asked John Pescatore, a senior consultant at Trusted Information Systems, a developer of computer security software.