WASHINGTON -- The task of protecting America's communications and
information networks isn't getting any easier.
And federal agencies and private companies face a steeper and steeper
battle, according to data presented Friday at the Network Reliability and
Interoperability Council meeting at the Federal Communications Commission.
Indeed, while computer viruses used to take days to spread across the
Internet, the Code Red virus propagated in 37 minutes in 2001, and the more
recent Slammer worm spread in about eight minutes.
"The propagation time for evil to hit everybody has gone from days to
minutes," said Bill Hancock, chairman of the Network Reliability and
Interoperability Council's cybersecurity focus group and vice president of
security at Cable & Wireless. (The NRIC is made up of representatives from
the telecommunications, cable, wireless, satellite and ISP industries.)
Nonetheless, Hancock said Slammer would have died quickly if companies had
installed available patches to disable vulnerable ports. Instead, it took
about three days to neutralize.
"We live in a no-trust environment, and we need to figure out how to deal
with that," he said.
Others insisted that companies take Internet security as seriously as
physical security in the post-Sept. 11 world.
"I think people are treating cyberspace with renewed vigor," Richard
Notebaert, NRIC chairman who is CEO of Qwest, said in an interview after
the meeting. "We take this very seriously."
Notebaert conceded that small firms without many resources often face
challenges or delays in updating patches and fixing other network problems.
But he argued that problems aren't widespread.
"Prevention is so much better now than it was," he said. "But sometimes a
patch gets stuck in an in-basket."
As companies' vigilance increases, however, so do the threats.
Hancock said convergence of voice and data into packet networks and the
practice of assigning TCP/IP addresses to wireless devices has turned just
about everything into a "hackable target." He said engineers must work
together to improve signaling protocol security and increase compatibility.
A common problem is that network protocols and operating systems don't have
the same security features, forcing tough choices for administrators
responsible for keeping networks up and running.
"In some cases, you may have to turn off (security) features to get the
operating system to work," Hancock said.
Physical security is also often overlooked.
Experts said managers should be increasingly worried about "blended
attacks" in which terrorists could simultaneously target physical and
virtual infrastructure to compound damage or to disrupt the ability of
first-responders to communicate and respond to an emergency.
"Sept. 11 had a big impact on the communications infrastructure," said Karl
Rauscher, director of network reliability at Lucent Technologies' Bell Labs
unit and chairman of NRIC's physical security focus group. "But that was
just collateral damage."
In case of a direct attack on the nation's communications networks,
Rauscher said companies should plan for every contingency, including
storing extra fuel reserves for generators and backup equipment, mapping
out alternative transportation and even checking for chemical residue that
could damage equipment in the wake of a chemical attack.
The 56 NRIC members will vote on more than 200 "best practices"
recommendations by March 28, then start the tough process of getting
members to adopt them across the country. With the telecommunications
sector in a financial slump, persuading companies to spend money
implementing the guidelines won't be easy.
Full story...
http://www.wired.com/news/print/0,1294,58067,00.html
