|
SCHOOL SECURITY |
|
home | search | Contact | School Security |
|
Solutions For Protecting Your Schools |
|
Cyberterrorism and Schools
According to most experts there is no evidence of a cyberterrorist attack having taken place to date. Terrorists crave attention, drama, and devastation. In contrast, cyber attacks may not pack the same potency. William Church, of the Institute for Infrastructural Warfare, feels, "..today the terrorist groups we're dealing with, I think, are bound to visuals". Another words, an electronic Pearl Harbor may not produce the same terror as the flames and devastation of the physical attack. Should we feel safe? You know the answer already. In 1997, President Clinton created the President's Commission on Critical
Infrastructure Protection to assess the vulnerabilities of critical US
infrastructure, which included:
After this commission reported to the public a "no notice" an exercise called "Operation Eligible Receiver" was conducted by the Department of Defense (DOD). In the exercise the cyberterrorists achieved root access to 36 of the DOD networks, a Navy cruiser computer system, and found that power grid and 911 emergency systems had weaknesses that could be exploited with tools publicly available on the Internet. The Center for Strategic and International Studies reports that it would take fewer than (30) professional computer hackers/crackers strategically placed around the world with a budget of less than $10 million dollars to decimate the technological infrastructure of the American economy. The infrastructure, which would be at the greatest risk, includes military installations, power plants, air traffic control centers, banks, telecommunications centers. Other facilities at risk include police, medical, fire and rescue systems, Wall St. financial networks, water systems, etc.
A recent Government Accounting Office (GAO) report on the FAA cites "serious and pervasive problems" in their network due to "undue exposure to intrusions and malicious attacks". It should be no comfort to travelers to know that the Global Positioning System (GPS) that the FAA wants to rely on exclusively for future airline aviation is particularly vulnerable to "jamming". Richard Clarke, the national coordinator of security infrastructure for the National Security Council, said in a White House press conference that there is an increasing problem in the US of extortion originating overseas. "The borders that used to protect us against this sort of international phenomenon are increasingly less significant, " he said, "and particularly in cyberspace there are no borders." Dr. Dorothy Denning, of Georgetown University feels that it may take 2-4 years for terrorists to develop the capability to conduct "Advanced-Structured" attacks. These types of attacks are described as those perpetrated against multiple system networks, requiring the modification or creation of hacking tools, as well as command and control. She estimates that it may take as long as 6-10 years for terrorists to be able to conduct "Complex-Coordinated" attacks capable of causing mass disruption against heterogeneous defenses, requiring creating sophisticated hacking tools, and development of highly capable target analysis, command and control, and organization learning capability.
It is interesting that it is widely reported that the United States is the only country that has engaged in Cyberterrorism. CIA Director George Tennent testified to Congress that the US had used these types of activities. In one example he mentioned using electronic means to disrupt the bank account of an Arab businessman, possibly bin Laden. So what are we to believe? What are we to do? Most of the information available concludes that while Cyberterrorism is a threat, it is not an immediate one. There are conflicting points of view regarding how imminent the Cyberterrorist threat looms. There should be some solace in the fact that schools are not seen as prime targets for Cyber terrorists. Larisa Paul concludes her paper on Cyberterrorism for the SANS Institute with these thoughts, "We may be making much ado about nothing. But, whether or not it happens, shoring up defenses and developing preventive measures is smart security in the face of "script kiddies", professional hackers, hacktivists, cyberterrorists, or the entire threat spectrum. If you raise your security readiness to the highest threshold, constantly improving on policies and implementation by reviewing your security program, then you get a fighting chance".
Dorothy Denning has a similar message, "…the violent pursuit of political goals using exclusively electronic methods is likely to be a few years into the future. However, the more general threat of cyber crime is very much part of the digital landscape today. In addition to cyberattacks against digital data and systems, many people are being terrorized on the Internet today with threats of physical violence. On-line stalking, death threats, and hate messages are abundant. The Florida teen that threatened violence at Columbine High School in an electronic chat room is one example. These crimes are serious and must be addressed. In so doing, we will be in a better position to prevent and respond to Cyber terrorism if and when the threat becomes more serious." The message is clear; schools cannot afford to ignore data and network security any longer. |
|||||||||||||||||||||||||||||||||||||||||
|
Site Last Updated:
February 8, 2002
. |
