CATASTROPHIC CYBER ATTACK
Catastrophic cyber attack said possible http://www.nando.net/newsroom/ntn/info/100797/info20_8231_noframes.html Copyright 1997 Nando.net Copyright 1997 The Associated Press
Hackers and Security Experts Warn Senate Panel October 7, 1997
Neither industry nor government has the means to protect the nation against computer attacks that could shut down communications and power grids, the chairman of a presidential commission studying the problem said Tuesday. "While a catastrophic cyber attack has not occurred, we have enough isolated incidents to know that the potential for disaster is real and the time to act is now," said Robert T. Marsh, chairman of the Commission on Critical Infrastructure Protection. In a speech to the National Information Systems Security Conference, Marsh said that several government and academic sites that prided themselves on tight security were targets of a recent e-mail attack. "A flood of e-mail messages originating in Australia and Estonia -- and routed through the White House computer system -- virtually shut down Langley air base's e-mail for hours," he said. In another case, someone in England routing messages through Latvia, Colombia and Chile and commercial Internet service providers gained access to computers at Rome Laboratory at Griffis Air Force Base in Rome, N.Y., and "launched attacks against a wide array of defense and government computer systems," said Marsh. In an interview before his speech, the retired Air Force general said that "the tools are available, the knowledge is available to do serious harm." Marsh's commission is scheduled to give its report to President Clinton next week.
He said it would recommend far greater cooperation and sharing of information between government and private industry, accelerated research and a nationwide program to educate people on the scope of the problem. In the interview, Marsh conceded that there will be a need to break down reluctance within industry and government to share sensitive information. He said there is a need to "devise the means by which the private sector can in fact be willing to share its information and not fear that it will leak." At the same time, the government "is going to have to recognize that in this new era, it's the private sector that needs some of this threat information and this warning information." Marsh said the threat comes from a broad spectrum of what he called "bad actors," including recreational hackers, organized criminals and terrorists. "We have found no smoking keyboard," he said, "no evidence of anybody wanting to try a debilitating attack on our critical infrastructure." But, he said, the tools to do serious harm to the nation's infrastructure "are readily available. They can be effectively utilized by people with only rudimentary skills and basic understanding of computers." He said there is evidence of "unauthorized penetrations into all manner of automated information technology systems every day of the week."
Marsh told the conference that the cyber threat represents a "cultural change" that requires a concentrated educational effort at all levels from graduate programs to grammar school. The commission will recommend that the White House sponsor conferences "to spur new curricula in computer ethics and intellectual property for elementary and secondary schools." The commission also is calling for a doubling of federal funding, to $500 million, for research into ways to combat cyber threats.
Author: Jeri Clausing Issue: Security Description:
An elite group of seven hackers who call themselves LOpht Heavy Industries and have names like Mudge, Space Rogue and Brian Oblivion, came to Capitol Hill yesterday to warn Congress that computer security is so lax that they could cut off the entire nation from the Internet in 30 minutes or less. They also could keep the global network disabled for so long "it would definitely take a few days for people to figure out what was going on," said Mudge. The group told the Senate Governmental Affairs Committee that their goal was "to raise the bar," to get companies to develop more secure products. "The committee praised the group, all of whom hold real jobs by day, for their efforts, and pushed for answers on what they could do to make the country less vulnerable to terrorists attacks as the world becomes more and more reliant on computers."