Somewhere Between Fear and Complacence Lies Common Sense

Common sense security

We can't help but remember what happened in the United States on September 11, 2001. With the 1-year anniversary upon us, many, if not most, people increasingly wonder whether we'll experience more terrorism of a similar caliber. Not only do people wonder and speculate about physical terrorism but also about Internet-related terrorism. Will terrorists attack crucial computer infrastructures? Your guess is as good as mine.

Nevertheless, VNU Business Publications reported that "CSO Magazine" recently conducted a survey that revealed that nearly half of the chief security officers (CSOs) who responded expect network-based terrorist attacks within the next year. According to the VNU report, "The poll was carried out between July and August. Some of the respondents have links with intelligence and law enforcement. Those who replied to the survey were divided almost 50/50 on whether the US Government and businesses were prepared to respond to cyber attacks. But almost all of the CSOs surveyed said that technology vendors needed to boost security aspects of their products." In addition, 93 percent think that Al-Qaeda terrorists might perpetrate attacks.

The BBC News recently published a news report titled, "Hack attacks on the rise," which cited mi2g as its source. Some of you have cautioned me that the information in mi2g reports can be deceptive, so let's examine what mi2g told the BBC. According to the report, mi2g said that August was a record-breaking month "for malicious hackers with 2002 set to become the worst year for digital attacks on record." Maybe that's true. But it's also true that since intrusions have been tracked, the number of reported intrusions has increased every year.

"If the US attacks Iraq then expect \[further\] chaos in cyberspace," warned mi2g Chairman DK Matai. "Despite laws that have been passed which qualify digital attack as terrorism, we could see the US and its allies \[who support\] the war on terrorism attacked digitally as we head towards \[September 11\] and the weeks building up to the proposed attack on Iraq." Well, that wouldn't be surprising, would it?

Meanwhile, back at "CSO Magazine," writer Art Jahnke posed the question, "Is Our Government Prepared for a Major Cyber Attack?" Jahnke's article begins, "A new survey conducted by the Business Software Alliance \[BSA\] has found that almost half of all IT professionals believe that the government will be hit by a major cyber attack some time in the next year. Wait, it gets worse. One third of those who believe that a cyber attack is on the way also believe that such an attack is extremely likely, and almost three quarters think the government is unprepared." Jahnke ends his commentary by asking readers, "Is the BSA's new cyber attack survey just another effort to use fear to put money in the pockets of BSA members?"

To some extent, we've already "been there" and "done that" with nuisances such as CodeRed, Nimda, Melissa, and other viruses; Trojan horses; and various severe Distributed Denial of Service (DDoS) attacks. Haven't we learned our lessons yet? Why are US military computers, such as those at Fort Hood, Texas, left wide open? Why are National Aeronautics and Space Administration (NASA) systems left wide open for prowlers to steal space shuttle data? And we have to wonder why military networks, other sensitive government sites, and critical infrastructures such as energy plants are connected to the Internet in the first place. It doesn't take a rocket scientist—no pun intended—to figure out that the best defense is a great offense.

Reports such as those I've mentioned might contain elements of truth, fear-mongering, and commercial ulterior motives. I can't fully know the originators' motivations. What I do know is that it takes only a fair amount of common sense to keep your networks relatively secure. So secure them before an attack takes place or unplug them from the Internet until you're secure enough to plug back in. Don't risk suffering the speculated-upon attacks unprepared.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.