Forwarded from: William Knowles <wkc4i.org>

http://www.wired.com/news/politics/0,1283,56766,00.html

By Michael Grebb
Dec. 09, 2002

WASHINGTON -- Internet and telecommunications experts, here on Friday
to discuss homeland security, said increasingly complex software
operating systems and networks have made it easier than ever to
disrupt U.S. communications systems.

At the same time, hackers don't need to be highly skilled to wreak
havoc.

"Over time, we're getting very sophisticated attacks from morons,"
said Bill Hancock, chair of the cybersecurity focus group of the
Network Reliability and Interoperability Council, which coordinates
voluntary "best practices" to maintain a streamlined communications
infrastructure.

NRIC members include Sprint PCS, AOL Time Warner, Verisign and
WorldCom, among others.

In January, the FCC chartered NRIC to recommend ways for companies to
thwart cyberattacks post-Sept. 11.

On Friday, NRIC issued its initial recommendations, several of them
culled from existing industry best practices that companies are
already supposed to follow -- but often don't.

"One of the things that has happened over the last decade is that we
have moved from proprietary to open networks," said Shawn Abbott,
president of Rainbow e-Security, an Irvine, California, cybersecurity
firm. "This has created new threats and vulnerabilities. We're really
playing catch-up here."

Others have questioned whether voluntary measures are enough to
protect homeland security.

But at the meeting, FCC chairman Michael Powell argued that modern
networks are so intertwined that companies all have a stake in making
sure they run smoothly. "This is a form of mutually assured
destruction," he said.

Powell, however, didn't rule out mandating some security measures for
regulated industries -- such as cable, broadcast, satellite and
telephone -- if it becomes necessary to protect national security.

Hancock, meanwhile, urged system administrators to ax unnecessary
software and features that give hackers more attack options, partition
and isolate pieces of the network to make them harder to detect, and
set up multiple defense layers.

Hancock also said the added complexity of today's software -- combined
with the increasing availability of hacker tools on the Web --
actually makes it easier for inexperienced hackers to break in.

"The simpler thing was less functional but also less dangerous," said
Powell at a press conference following the event. "With those features
comes added vulnerabilities (that some people) aren't aware of."

NRIC also addressed physical security, urging the government to help
fund grounds security at key telecom facilities, increase scrutiny of
mergers that would put communications infrastructure in foreign hands,
and fund employer background checks on workers with access to critical
facilities.

Earlier this year, NRIC members adopted a plan to cooperate to restore
service in case of a national emergency such as a terrorist attack.
They also adopted systems to provide detailed contact information and
identify key people to bring Internet and communications networks back
online.

"We have much more to do," said Powell. "It's not effective until it's
implemented."

 
*==============================================================*
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]