Digg it
Twitter
While cyber terrorism may not be an immediate threat, it would be foolish not to recognize that the United States is facing a "thinking enemy" who will adapt to attack our critical infrastructures and vulnerabilities, says Ruth David, former director for science and technology at the CIA.
David is now president and CEO of Analytic Services Inc., an independent, not-for-profit, public service research institution in Arlington, Va. She and Bill Crowell, CEO of Santa Clara, Calif.-based security firm Cylink Corp. and a former deputy director of the super secret National Security Agency, each participated in rare interviews with Computerworld's Dan Verton. They discussed the threats posed by cyber terrorist attacks and the steps that the public and private sectors should take to thwart them.
There's been speculation, even before Sept. 11, about the U.S.'s vulnerability to an "electronic Pearl Harbor" or cyber terrorist attack. How has this changed since Sept. 11, and how vulnerable are the various economic sectors to cyber terrorist attacks?
David: While it is true that major terrorist attacks to date have targeted human lives, I would not blindly extrapolate that behavior into the future. After all, on Sept. 10, we would not have expected a hijacker to turn a commercial airplane full of passengers into a guided missile, and even on Sept. 12, we did not envision exploding shoes as a threat to aviation.
In the aftermath of the 9/11 attacks, those adversaries almost certainly observed the immediate effect of service interruptions as well as the prolonged economic impact of infrastructure disruptions. While the weapon used was explosive rather than cyber, it doesn't take much imagination to see that similar effects could be achieved through cyber terrorism.
Crowell: Clearly, the vulnerabilities of the nation to cyberattack are growing. Critical national functions like banking, financial services, health, water and communications are increasingly dependent on highly automated systems that connect the many nodes of their operations.
These changes in the degree to which business and the government are dependent on public networks have been occurring for about a decade. The disturbing thing is that all of the trends are in the wrong direction. Business is moving more and more critical functions to networks. The speed and complexity of the deployments make it difficult for them to employ good defenses rapidly. Diversity is decreasing as we migrate more to common operating systems and common network systems.
To what extent is the war on terrorism, particularly the battle for improved homeland security, a technology problem? What roles do you see the government, corporate America and the IT vendor/developer community playing?
David: Technology is only one component. Without supporting policy, effective processes and well-trained people, technologies solve nothing. Deployment of facial recognition technologies at border entry points will not ensure apprehension of terrorists.
Corporate America will play an increasingly important role in developing security technologies to protect nongovernmental personnel and property that may be targeted by terrorists attacking what we are as a nation rather than what we do as a government.
Crowell: The battle for improved homeland security involves both technology and processes. Technology can be used to make the processes more efficient, predictable and effective.
icon.
