Experts urge U.S. to prepare for more cyber-attacks

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Experts urge U.S. to prepare for more cyber-attacks

09/26/01 12:33 PM Source: Reuters

URL: http://investor.cnet.com/investor/news/newsitem/0-9900-1028-7310749-0.html

By Andy Sullivan

WASHINGTON, Sept 26 (Reuters) - U.S. government and private-sector computer networks remain highly vulnerable to Internet-based attacks that will likely increase in the near future, experts said on Wednesday.

The United States should step up efforts to defend against an increase in computer viruses and worms, "denial of service" attacks that knock Web sites offline, and other efforts to disable the Internet, telephone systems, banking networks and other vital electronic systems, electronic security experts told Congress.

While both the FBI's National Infrastructure Protection Center (NIPC) and private industry are working hard to stop the threat, the U.S. government should devote significant funds to encourage long-term research, they said.

"What is needed today is essentially a Manhattan Project for counter-terrorism technology," said Michael Vatis, director of the Institute for Security Technology Studies at Dartmouth College.

Recent conflicts between Israel and the Palestinians, the U.S. and China, and India and Pakistan have inspired hackers on both sides to launch attacks, Vatis said, and those cyber-attacks are increasing in volume and sophistication.

Cyber-attacks on the U.S. could come from terrorist groups, sympathetic nations like Iraq and Syria, and others bearing a grudge against the United States, said Vatis, who used to head the NIPC.

WORM FOLLOWED ATTACKS

While no cyber-viruses accompanied the Sept. 11 attacks on the World Trade Center and the Pentagon that left nearly 7,000 dead or missing, a new computer worm called Nimda emerged exactly one week later, infecting roughly 100,000 computers worldwide, 80,000 of those in North America.

Computer users can defend against such worms and viruses by downloading software patches, but the software industry needs to take security more seriously when it designs new products, said Richard Pethia, director of the virus-fighting CERT Center at Carnegie Mellon University in Pittsburgh.

"Today's commercial off-the-shelf software is riddled with holes," Pethia said.

Software makers should design more secure products, Pethia said, and ship them to consumers pre-configured with high security settings. Such efforts will likely mean higher costs and slower progress in the short term but will pay off in the long term, he said.

Both Nimda and Code Red, a computer worm that first emerged over the summer, spread through security holes in computer-server software made by Microsoft Corp. Nimda can also spread through e-mail or corporate networks.

Government agencies should do more to ensure the security of their computer systems as they are frequent targets of cyber-attacks, said Joel Willemssen, managing director of information technology issues at the U.S. General Accounting Office.

"Federal agencies continue to have serious and widespread computer risks," Willemssen said.

All agreed that the U.S. government should devote more money to security efforts within government, like NIPC, and to grants for outside researchers at universities and corporations.

"Over the long term, the importance of research and development is great. We can never really get ahead of the problem through patches," Vatis said.

http://news.cnet.com/investor/news/newsitem-printer/0-9900-1021-7310749.html?tag=ni

-- Martin Thompson (mthom1927@aol.com), September 26, 2001

Answers

The "remedies" imposed against Microsoft, for anti-trust violations, should now focus on requiring it to place top priority on security and anti-cyberterrorism measures --- even if this means some compromise of intellectual property rights to achieve this end.

-- Robert Riggs (rxr.999@worldnet.att.net), September 27, 2001.

Moderation questions? read the FAQ