By Gary Flood
How real is the possibility of electronic warfare? According to the White House, this is now definitely an issue of concern to US Government authorities. The President’s Commission on Critical Infrastructure Protection, established in July 1996 and charged with delivering a final report in October, held a news conference Wednesday to outline its possibly grim finding that the US lacks the tools to fight a possible computer assault on critical infrastructure such as telecommunications, banking and power grids. While the head of the specially-convened panel, Robert Marsh, adds that there no immediate attack is foreseen, such an assault is sure to present itself eventually. The group believes that there is simply no firewall – the technology often touted as being an impregnable defense against even the most determined hacker – that a group of experts cannot penetrate. Furthermore, the fact that so many key networks, including the internet, are distributed across many geographical boundaries, makes it potentially much easier both to identify weak points and accumulate enough data to bring the whole system down. Key areas of infrastructure vulnerable to cyber threats are telecommunications, electric power systems – including system control and data acquisition – and banking and finance. The commission notes that the annual loss of what it claims are billions of dollars is now an accepted overhead in the international banking community, due to the activities of cyber- criminals, suggesting that as commercially sensitive networks are routinely penetrated, so eventually will Government ones. Though of course many routinely are; though so far more as pranks by individuals proving they can break such codes, rather than any group or nation with sinister intent. Another aspect of the problem is that the Government lacks tools to identify infrastructure threats – which has an ominous note of Clipper chip legitimation of monitoring of cyber activity, perhaps. The warning comes, ironically, at the same time that other experts claim the once-fashionable virus problem is still a real, indeed escalating, threat. A study just published by the National Computer Security Association (NCSA) claims that an organization’s chance of encountering a virus in early 1997 is an order of magnitude greater than just a year ago. Over 99% of a sample study of 300 IS managers contacted at large and medium sized companies in North America admit to having had some kind of an encounter with a virus on Intel platforms; worse, the group claims the rate of infection is rising, with he number of virus encounters in January being almost equal the total number of encounters between July and December of last year. Microsoft Word macro viruses are now the majority of pestilences, accounting for 66% of incursions, presumably due to the ease with which they can be transmitted (by simply opening a document), and the fact that these kinds of files tend to get passed around a lot more than other programs. More than a quarter of all respondents reported that one of their users received a virus in an e-mail attachment, up from 9% percent the previous year. And 21% of respondent organizations, up from 11% the previous year, had received a virus through files downloaded from BBSes, online services, or the web. Yet fewer than 30% had deployed virus scanning software at their e-mail gateways, proxy servers, or firewalls. It is worth noting, though, that at this desktop level the threat is more of a nuisance than a debilitating terrorist attack – the cost of recovery from a viral infestation is only $8,300 and the average amount of PC downtime resulting from an attack is now about six hours, since macro viruses tend to make server shutdowns unnecessary. Seems to suggest some evil genius should write a macro that would worm its way into the Pentagon’s computers? Forget we said that – someone might take up the suggestion for real…
á
Content from our partners
