Skip to main content /TECH with /TECH

Protecting your network in a time of terrorism

Network World Fusion

By Sharon Gaudin

(IDG) -- Think you're ready for a network attack? You're probably not.

The Sept. 11 terrorist strike against New York's World Trade Center, a global financial hub, crippled several financial giants for days, costing the country billions of dollars. Now less than two weeks later, security experts warn that future attacks could target businesses' computer networks, destroying critical information or knocking them offline and striking a further blow to the U.S. economy.

"Given an economy that is already hurting, the risk of threats and significant damage from a cyberattack are real," says Tim Belcher, CTO of security firm RipTech and a former employee of the U.S. Department of Defense.

"It was always assumed that a small group of terrorists could do much more damage to the cyberworld than the physical world. There was some surprise that this [first attack] wasn't a cyberattack," he says.

"We know how damaging this could be," adds Belcher, who estimates that only 10 percent of businesses using the Internet have security measures in place beyond a firewall.

And the lack of a fortified security effort is not going to be acceptable in a time of terrorist threats and a heightened state of alert, according to Richard Power, editorial director of the Computer Security Institute in San Francisco. INFOCENTER
Related Stories
Visit an IDG site search

"We're entering a whole new era now," Power says. "America has suffered a terrorist attack of historic proportions, and now we're going to go after the perpetrators. Cyberattacks may be inevitable... Physical and cyberattacks in conjunction could cause panic across a whole economic sector."

And Renee Guttmann, director of information security at Time, a publishing giant in midtown Manhattan, now knows firsthand about securing a company's critical information during a terrorist attack. She immediately shifted into crisis mode when she heard a plane had struck Tower One of the World Trade Center.

"It was instantaneous," Guttmann says. "We knew even after the first plane hit that this wasn't just an accident. When you're in security, your senses are alert to different events going on. This is a kind of event that as soon as you see it, your instincts tell you that this is just not a simple matter. It's a cause for alarm."

Guttmann says the information security staff activated their crisis plan, hardening up the network's perimeters, alerting security consultants and sealing off access to the building. She says they also increased their network monitoring, scanned the Internet for mentions of Time in chat rooms or on message boards and asked employees to alert them to any suspicious activity on the network or in the building.

And she says they haven't lowered their defenses since the attack, especially in light of the subsequent outbreak of a destructive worm, Nimda.

"There doesn't seem to be any downtime from a fairly high state of security alert," Guttmann says. "This has made things more real."

Ken VanWyk, CTO of ParaProtect, a security portal in Centreville, Va., says Guttmann and other security managers are smart to remain in a high state of alert against a range of threats. He says terrorist strikes, like many well-planned hacker breaches, can take many forms, including outright attacks to bring down a network, Web site defacement, new viruses and worms, and denial-of-service attacks.

The government is issuing warnings for a variety of intrusions.

On Sept. 14, the National Infrastructure Protection Center issued an advisory that they expect "an upswing in incidents," including bringing old viruses, or at least chunks of them, out of storage and simply renaming them. Attachments with phony names such as "World Trade Center photos" or "Firefighters fund" could con a lot of people eager for information about the terrorist attacks into unwittingly exposing their networks to viruses.

"If I was a security manager at a major corporation, I'd be making sure that my perimeter protections were up to date and I had thorough methods to detect problems immediately," VanWyk says. "If someone is trying to get in, there's almost always signs of someone wiggling the doorknob first."

Gregor Bailar, CIO at Nasdaq, the world's first electronic stock market, says his staff is on high alert and constantly looking for signs of an intrusion, both to the physical building and to Nasdaq's computer network. Nasdaq was headquartered at 1 Liberty Plaza, adjacent to the World Trade Center Towers. That location was evacuated safely after the Sept. 11 attacks. The 127 employees who worked there have been relocated to other facilities in New York City, Connecticut and New Jersey.

Market operations, including the technology that runs the market, were not affected by the tragedy, or the relocation of the employees.

"We know we are a target," says Bailar, who adds that Nasdaq is in constant contact with federal authorities, because it is an element of the National Information Infrastructure. "There has to be a whole discipline to how you manage these large infrastructures, and now we have to be even more vigilant about both physical access and forensic readiness."

Bailar, who runs a network with more than 7,000 workstations attached from various sites, adds that there are so many potential threats it's difficult to even count them all.

RipTech's Belcher says financial institutions, such as Nasdaq and major banks, are considered to be prime targets for any potential network attacks. Healthcare facilities, the Federal Aviation Administration's air traffic control towers and power distribution grids also make the list. However, financial institutions are some of the most secured businesses in the country, most experts agree. And Belcher says the utilities, as well, have been ramping up security over the past year.

And network intrusions, even terrorist threats, have been an ongoing concern to American businesses, according to Special Agent Andrew Black of the FBI's San Francisco bureau. "There are groups all over the world that have been trying to steal our information," he says.

But security experts say the bar has just been raised and network administrators need to raise their security precautions along with it.

Vincent Locurio, technical support manager of UPS Atlanta, says the international courier definitely is more concerned about network and physical security since the Sept. 11 attacks.

"What we used to do securitywise, which was pretty good, has to be re-evaluated," says Locurio, who adds that he's confident that if the company was attacked, it could be back up and running in a day. "We do something called failtrack where we assume one of the centers isn't always going to be there. We make sure the other sites can handle 100 percent of the traffic. If not, we upgrade immediately. We do this testing frequently."

"My advice," Locurio says, "is to plan for the unexpected."

April Jacobs and Sandra Gittlen contributed to this report.

• Disaster recovery: Are you ready?
(Network World Fusion)
• Getting back to business in NYC
(Network World Fusion)
• Good planning kept NASDAQ network running during attacks
(Network World Fusion)
• Re-evaluating disaster-recovery plans
(Network World Fusion)
• War against terrorism raises IT security stakes
• Sept. 11 attacks stir national ID card debate
• Will liberty be the next casualty?
(Network World Fusion)
• What can we do to fight terrorism and hate?
(Network World Fusion)

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top