Net Admins Redouble Efforts to Prevent Cyber-Attacks
An FBI warning has administrators of the nations corporate networks double-checking--and double-locking--their systems in the wake of Tuesdays terrorist attacks in New York and Washington.
But despite the federal Terrorist Threat Advisory, which calls for IT professionals across the country to "implement appropriate security measures--both physical and cyber," experts say corporate America is a long way from ready, or safe.
Security service provider RedSiren Technologies Inc. spent the days after the terrorist assaults advising clients to take down all noncritical external Internet connections, including remote access and instant messaging capabilities. The company followed its own advice, shutting down its external Web site in the wake of the attack.
RedSiren Chief Security Officer Daine Gary is a member of the FBIs InfraGard advisory board, which issued the terrorist alert. "We know how vulnerable the country could be. We are so dependent on these networks," Gary said.
Since Tuesdays assaults on the World Trade Center and the Pentagon, Gary said a number of clients have asked for additional security measures for their networks, which RedSiren, of Pittsburgh, is providing for free for now.
Unisys Corp. is helping a number of clients in New York and Washington get back in business following the attacks, officials said. They declined to name the users specifically. For the rest of its customers, the Blue Bell, Pa., company is stressing caution.
"We are advising clients to be more vigilant," said Sunil Misra, managing principal for the Unisys eSecurity and Privacy practice. "There is, right now, no evidence of an active attack. The logs have been quiet. It may be that the hacker community, like the rest of us, has been taken by surprise and has not taken advantage of the vulnerability."
Misra called the FBI advisory "common sense" even absent specific evidence of an impending attack. He said the state of corporate infrastructure security "is not very good," adding that security assessments of networks serving airlines, nuclear plants, telecommunications facilities and other important functions need to be increased.
"This is not the time to be an alarmist," said Misra, in Boston. "But the fact is that the next attacker may not be wielding a knife. He may be wielding a laptop."
The primary concern for RedSiren is safeguarding client networks from attack. But the subversion of corporate computing power for malicious activities is also a concern. While he had no evidence that Tuesdays terrorist assault had been aided by unauthorized use of networks or computers, "it wouldnt be a surprise to find that out," he said.
Among the recommendations RedSiren is making to clients is to review critical logs for suspicious traffic in an effort to keep corporate computers from being used for distributed-denial-of-service attacks and other malicious intents, Gary said.
"Weve taken steps to make sure that we neither get hit by the forces that would do us harm nor that we be used by others as an instrument of assault," said the IT manager of a Boston-based financial services company who requested anonymity. "There are going to be other actions, we are all pretty sure of that. Cyber-terrorism is bound to be part of the mix."
Unisys Misra said that while the attack against a corporate network may be more common and could disrupt business, unauthorized use of networks and computers to plan or execute other terrorist attacks "is a greater concern in purely human terms."
NetSolve Inc., of Austin, Texas, a provider of remote network management services, has also been warning customers to keep an eye out for suspicious network activity.
"We sent out bulletins to existing customers [saying they] might see an increase in threats against their networks and warned them to be on the lookout," said Chuck Adams, NetSolves general manager for security services. "[Were] stepping up the level of monitoring we do on a day-to-day basis."
Adams said in the wake of the FBI warning, his company had lowered the threshold for the severity of an event that would trigger a response. So far, NetSolve had not seen any increase in suspicious activity, he said.
The FBIs InfraGard warning of increased terrorist threat comes as the agency activates its Strategic Information and Operations Center in Washington. The FBI advisory does say that the agency "has no information of any additional specific threats directed against additional targets or critical infrastructures in the United States." The advisory will expire Oct. 11.
The InfraGard program began as a pilot project in 1996, when FBI agents in Cleveland sought help from local computer professionals to find ways to protect critical public and private information systems. Today, all 56 field offices of the FBI nationwide have opened an InfraGard chapter, with hundreds of private companies participating.
All of the warnings are designed to raise awareness in a climate where security often gets overlooked, industry sources said.
"We all know security is hard work," Misra said. "It doesnt pop up on the priority list, and nothing gets done until things happen."