Skip to main content /TECH with /TECH

Five thoughts about cyberterrorism


By Daniel Horgan

(IDG) -- Is your organization prepared to handle a cyberattack? Will you know where to go if you are not?

Stephen T. Barish, manager of security technology solutions at Ernst and Young, offers advice on how to make your network security airtight.

What measures should a corporation take to prevent a cyberattack? INFOCENTER
Related Stories
Visit an IDG site search

First, you must establish what your risk level is. Understand your business risk by considering what it is that your organization does from an American economic perspective. Also understand your technical risk by knowing where you are vulnerable to a physical or cyber attack. Once we understand the risk, the second step is to design countermeasures. Typically, an enterprise security strategy and security architecture has its foundation in policy and procedure, which executives will endorse. The final tier in the pyramid is the actual technical products that we put in as countermeasures.

How do you make good network security work?

You have to layer your protective measures. Simply putting a firewall up and monitoring what comes through it is a very big oversight. You should always have multiple security controls in place. Don't rely on a product to give you good security, but approach it with a programmatic focus. Build everything on a foundation of what the business requires so that you don't spend too much on security and not get a realistic return on your investment.

What should a company do when they suspect an attack?

Coordinate with the federal agencies who assist companies when they think they are under attack. An organization called InfraGard, which is sponsored by the National Information Protection Center through the offices of the FBI, provides a forum for people to exchange information about computer crime. The goal is to provide better protection for all of corporate America and our critical information infrastructure. This can be a powerful tool for those who think they have been targeted.

There has never been a need for security in the public sector greater than the need right now. We live in an environment where the security that government agencies, intelligence communities, and federal law enforcement provided to safeguard the elements that make our nation go is shifting to corporate America. We now have an obligation not only the shareholders, but to the American people in general to pick up the slack caused by this shifting threat and protect the underpinnings of our society.

What is the difference between the cyberterrorist and the everyday hacker?

Hackers are interested in exploiting the detailed underpinnings of the Internet and its security ramifications for their own personal enjoyment or for some desire to make a name for themselves. The mindset of the hacker is "I want to do something either for the shear thrill of the challenge or for the public recognition of my abilities." The cyberterrorist is a completely different animal. If you look at traditional terrorist movements and what they are trying to accomplish, you see things that are very insidious, well-planned, highly rehearsed, and well-coordinated. That's what makes the recent events of the WTC bombings so terrifying to America is the degree of coordination it took to execute that attack and planning with which how to actually strike into the heart of the American psyche. A terrorist tries to build awareness of his goals and change international events. From the cyberterrorist perspective, look for highly planned, well-researched attacks on critical pieces of information infrastructure rather than something that indiscriminately targets a wide variety of sources, for instance, a widespread denial of service attack.

What is the primary action to take to lockout cyberterrorists?

Control Internet access. Build a program that understands what access you require to achieve your business objectives, and eliminate everything else. Technically you can do that through routers and firewalls. You can monitor that compliance through intrusion detection, and most importantly, you need to respond when you see a problem. Incident response is one area we fail in. Don't be afraid, be encouraged, be proactive about going out and doing the right thing from a security perspective. We're all in the business of making money, but it's times like these where we have to sit back and think from a corporate or individual perspective to improve our posture as a nation. For every corporate entity, by locking down and protecting your infrastructure, by coordinating together through some of the national computer emergency response teams and some of the non-profit organizations, we stand a chance of actually making a difference here.


Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top