|
Cyberterrorism and Schools
Part II: How Real is the Threat of Cyber Terrorism?
 February,
2002
| The Center for Strategic and
International Studies reports that it would
take fewer than (30) professional computer
hackers/crackers...with a budget of less than
$10 million dollars to decimate the technological
infrastructure of the American economy. |
|
 |
|
 |
|
According to most experts there is no evidence of a cyberterrorist
attack having taken place to date. Terrorists crave attention,
drama, and devastation. In contrast, cyber attacks may not
pack the same potency. William Church, of the Institute for
Infrastructural Warfare, feels, "..today the terrorist
groups we're dealing with, I think, are bound to visuals".
Another words, an electronic Pearl Harbor may not produce
the same terror as the flames and devastation of the physical
attack. Should we feel safe? You know the answer already.
In 1997, President Clinton created the President's Commission
on Critical Infrastructure Protection to assess the vulnerabilities
of critical US infrastructure, which included:
 |
Telecommunications |
|
Water supply |
|
Banking and finance |
|
Transportation |
|
Electrical power |
|
Energy services |
|
Oil and gas distribution
and storage |
|
Emergency and government
services
|
|
After this commission reported to the public
a "no notice" an exercise called "Operation
Eligible Receiver" was conducted by the Department of
Defense (DOD). In the exercise the cyberterrorists achieved
root access to 36 of the DOD networks, a Navy cruiser computer
system, and found that power grid and 911 emergency systems
had weaknesses that could be exploited with tools publicly
available on the Internet.
The Center for Strategic and International
Studies reports that it would take fewer than (30) professional
computer hackers/crackers strategically placed around the
world with a budget of less than $10 million dollars to decimate
the technological infrastructure of the American economy.
The infrastructure, which would be at the greatest risk, includes
military installations, power plants, air traffic control
centers, banks, telecommunications centers. Other facilities
at risk include police, medical, fire and rescue systems,
Wall St. financial networks, water systems, etc.
A recent Government Accounting Office (GAO)
report on the FAA cites "serious and pervasive problems"
in their network due to "undue exposure to intrusions
and malicious attacks". It should be no comfort to travelers
to know that the Global Positioning System (GPS) that the
FAA wants to rely on exclusively for future airline aviation
is particularly vulnerable to "jamming".
Richard Clarke, the national coordinator of
security infrastructure for the National Security Council,
said in a White House press conference that there is an increasing
problem in the US of extortion originating overseas. "The
borders that used to protect us against this sort of international
phenomenon are increasingly less significant, " he said,
"and particularly in cyberspace there are no borders."
Dr. Dorothy Denning, of Georgetown University
feels that it may take 2-4 years for terrorists to develop
the capability to conduct "Advanced-Structured"
attacks. These types of attacks are described as those perpetrated
against multiple system networks, requiring the modification
or creation of hacking tools, as well as command and control.
She estimates that it may take as long as 6-10 years for terrorists
to be able to conduct "Complex-Coordinated" attacks
capable of causing mass disruption against heterogeneous defenses,
requiring creating sophisticated hacking tools, and development
of highly capable target analysis, command and control, and
organization learning capability.
| ...Cyberterrorist threat looms.
There should be some solace in the fact that
schools are not seen as prime targets for
Cyber terrorists. |
|
|
|
|
|
It is interesting that it is widely reported
that the United States is the only country that has engaged
in Cyberterrorism. CIA Director George Tennent testified to
Congress that the US had used these types of activities. In
one example he mentioned using electronic means to disrupt
the bank account of an Arab businessman, possibly bin Laden.
So what are we to believe? What are we to
do? Most of the information available concludes that while
Cyberterrorism is a threat, it is not an immediate one. There
are conflicting points of view regarding how imminent the
Cyberterrorist threat looms. There should be some solace in
the fact that schools are not seen as prime targets for Cyber
terrorists.
Larisa Paul concludes her paper on Cyberterrorism
for the SANS Institute with
these thoughts, "We may be making much ado about nothing.
But, whether or not it happens, shoring up defenses and developing
preventive measures is smart security in the face of "script
kiddies", professional hackers, hacktivists, cyberterrorists,
or the entire threat spectrum. If you raise your security
readiness to the highest threshold, constantly improving on
policies and implementation by reviewing your security program,
then you get a fighting chance".
| The message is clear; schools
cannot afford to ignore data and network security
any longer. |
|
|
|
|
|
Dorothy Denning has a similar message, "…the
violent pursuit of political goals using exclusively electronic
methods is likely to be a few years into the future. However,
the more general threat of cyber crime is very much part of
the digital landscape today. In addition to cyberattacks against
digital data and systems, many people are being terrorized
on the Internet today with threats of physical violence. On-line
stalking, death threats, and hate messages are abundant. The
Florida teen that threatened violence at Columbine High School
in an electronic chat room is one example. These crimes are
serious and must be addressed. In so doing, we will be in
a better position to prevent and respond to Cyber terrorism
if and when the threat becomes more serious."
The message is clear; schools cannot afford
to ignore data and network security any longer.
Top
|
