|
|
|
|
Cyberspace Security |
|
|
|
The National Strategy to Secure Cyberspace |
|
|
Released in February 2003, the National Strategy to Secure Cyberspace calls for a public-private partnership for cyberspace security: "In general, the private sector is best equipped and structured to respond to an evolving cyber threat. There are specific instances, however, where federal government response is most appropriate and justified."
|
|
|
|
A Letter From Concerned Scientists |
|
|
A group of concerned scientists and national leaders sent President Bush this letter in early 2002 in which they warn, "The critical infrastructure of the United States, including electrical power, finance, telecommunications, health care, transportation, water, defense and the Internet, is highly vulnerable to cyber attack. Fast and resolute mitigating action is needed to avoid national disaster." The scientists warned that the clock is ticking and advocated that the president respond to the cyber threat by setting up a Cyber Warfare Defense Project modeled on the Manhattan Project.
|
|
|
|
Partnership for Critical Infrastructure Security |
|
|
This organization provides a forum for companies and associations involved in critical infrastructure industries. Their Web site includes the following industries' infrastructure plans that were developed in collaboration with the National Strategy to Secure Cyberspace: Banking & Finance, Insurance, Chemicals, Oil & Gas, Electric Power, Law Enforcement, Higher Education, Transportation (Rail), Information Technology & Telecommunications, and Water Systems.
|
|
|
|
Timeline: The U.S. Government and Cybersecurity |
|
|
"The federal government got its defining wake up call on the nation's reliance on information technology systems and the vulnerabilities facing those systems in the years and months leading up to Jan. 1, 2000. Experts warned that the dreaded 'Y2K Bug' would bring down networks and critical systems around the world. But governmental efforts to protect important information systems date back several decades." [washingtonpost.com, Feb. 14, 2003]
|
|
Cyber Terrorism |
|
|
|
Cyber-Attacks by Al Qaeda Feared |
|
|
"Unsettling signs of al Qaeda's aims and skills in cyberspace have led some government experts to conclude that terrorists are at the threshold of using the Internet as a direct instrument of bloodshed. The new threat bears little resemblance to familiar financial disruptions by hackers responsible for viruses and worms. It comes instead at the meeting points of computers and the physical structures they control." [Washington Post, June 27, 2002]
|
|
|
|
The Myth of Cyberterrorism |
|
|
Joshua Green writes in The Washington Monthly, "There is no such thing as terrorism -- no instance of anyone ever having been killed by a terrorist (or anyone else) using a computer. Nor is there compelling evidence that al Qaeda or any other terrorist organization has resorted to computers for any sort of serious destructive activity. What's more, outside of a Tom Clancy novel, computer security specialists believe it is virtually impossible to use the Internet to inflict death on a large scale, and many scoff at the notion that terrorists would bother trying." [The Washington Monthly, November 2002]
|
|
|
|
Bush's Cyberstrategery |
|
|
In this article for Slate, Brendan Koerner argues that the National Strategy to Secure Cyberspace "is chock full of what computer-security experts term 'FUD' -- geek shorthand for spreading bogus 'fear, uncertainty, and doubt.'" [Slate, March 3, 2003]
|
|
|
|
What Are the Real Risks of Cyberterrorism? |
|
|
"Although it is possible for electronic intrusions to damage infrastructure and threaten physical danger, taking control of those systems from the outside is extremely difficult, requires a great deal of specialized knowledge and must overcome non-computerized fail-safe measures. As a result, government and corporate security experts -- while careful not to dismiss the gravity of the issue -- point to this indisputable fact: It is still easier to bomb a target than to hack a computer." [ZDNet, Aug. 26, 2002]
|
|
|
|
Is Cyber Terror Next? |
|
|
In this essay, the noted cyber security expert Dorothy Denning concludes: "At least for now, hijacked vehicles, truck bombs, and biological weapons seem to pose a greater threat than cyber terrorism. However, just as the events of September 11 caught us by surprise, so could a major cyber assault. We cannot afford to shrug off the threat." [Social Science Research Council, November 2001]
|
|
|
|
Cyber Security of the Electric Power Industry |
|
|
"It is unclear what consequences could ensue from a cyber attack against control systems in the electric energy sector. As has been shown by accidents or errors, causing small local or regional outages or disruptions is relatively easy to achieve and could undoubtedly be done by skilled cyber attackers. More coordinated attacks against regional power networks are also possible in light of current vulnerabilities, but would require a certain level of planning and specialized knowledge. Attacks that in some way disrupt the national power grid appear possible, but too little information is currently available to accurately assess the potential impact of cyber attacks on the national grid. Therefore, it is imperative to support and expand testing and research in this area." [Institute for Security Technology Studies, December 2002]
|
|
|
|
Cybercrime... Cyberwarfare... Cyberterrorism... : Averting an Electronic Waterloo |
|
|
The Center for Security and International Studies has published the foreword and summary of recommendations from its task force on information warfare and security. It concludes: "The most important step U.S. officials can take is to articulate and explain to the leaderships of critical infrastructure providers and major, dependent users the nature of the strategic information warfare (SIW) threat, the threat's significance, and the need to prepare for it. The public develops its perceptions of threats from many sources, but the public is more likely to take these threats seriously if leaders demonstrate their seriousness by implementing effective organizational reforms and resource allocation priorities." [Center for Security and International Studies, November 1998]
|
|
|
|
Networks and Netwars: The Future of Terror, Crime and Militancy |
|
|
"The fight for the future is not between the armies of leading states, nor are its weapons those of traditional armed forces. Rather, the combatants come from bomb-making terrorist groups like Osama bin Laden's al-Qaeda, or drug smuggling cartels like those in Colombia and Mexico. On the positive side are civil-society activists fighting for the environment, democracy and human rights. What all have in common is that they operate in small, dispersed units that can deploy anywhere, anytime to penetrate and disrupt. They all feature network forms of organization, doctrine, strategy, and technology attuned to the information age. And, from the Intifadah to the drug war, they are proving very hard to beat." (RAND, November 2001)
|
|
|
|
A Short History of Computer Viruses and Attacks |
|
|
This timeline from The Washington Post ranges from the 1945 discovery of the first computer "bug," to the outbreak of the Slammer worm in January 2003. [Washington Post, Feb. 14, 2003]
|
|
|
|
The Great Cyberwar of 2002 |
|
|
In this fictional scenario, written by John Arquilla for Wired, Liddy Dole faces the biggest crisis of her presidency: the first global cyberwar, where the enemy is invisible, the battles virtual, and the casualties all too real. [Wired, February 1999]
|
|
Cyber Security Organizations |
|
|
|
CERT Coordination Center |
|
|
The CERT Coordination Center is one of the major repositories for identified computer security issues. Its Web site offers a primer on Internet security, as well as a security guide for home computers.
|
|
|
|
Securityfocus.com |
|
|
This Web site has a collection of articles and columns devoted to cyber security issues. It has sections examining viruses and other vulnerabilities in depth, as well as newsletters and forums, including Bugtraq. Of note is an article by David A. Dittrich examining how to calculate damages caused by viruses, worms and other computer crimes.
|
|
|
|
SANS Institute |
|
|
The SysAdmin, Audit, Network, Security (SANS) Institute offers this Web site, which has a reading room with news digests, research summaries, security alerts, and award-winning papers. The Institute, in collaboration with the FBI, also publishes a list of The 20 Most Critical Internet Security Vulnerabilities.
|
|
|
|
Institute for Security Technology Studies (Dartmouth College) |
|
|
The Institute for Security Technology Studies is a national center for cyber security research. Its Web site has a daily news summary of cyber security issues, as well as further information on its core research programs: Information Infrastructure Security, Cyber Forensic Tools, Technical Analysis and Technology Policy Studies, First Responder Technologies, and Technology Training and Education.
|
|