Outflanking The Cyberterrorist Threat

Computerworld - While cyberterrorism may not be an immediate threat, it would be foolish not to recognize that the U.S. is facing a "thinking enemy" who will adapt to attack our critical infrastructures and vulnerabilities, says Ruth David, former director for science and technology at the CIA.
David is now president and CEO of Analytic Services Inc., an independent, not-for-profit, public service research institution in Arlington, Va. She and Bill Crowell, CEO of Santa Clara, Calif.-based security firm Cylink Corp. and a former deputy director of the supersecret National Security Agency, each participated in rare interviews with Computerworld's Dan Verton. They discussed the threats posed by cyberterrorist attacks and the steps that the public and private sectors should take to thwart them.

There's been speculation, even before Sept. 11, about the U.S.'s vulnerability to an "electronic Pearl Harbor" or cyberterrorist attack. How has this changed since Sept. 11, and how vulnerable are the various economic sectors to cyberterrorist attacks?
David: While it is true that major terrorist attacks to date have targeted human lives, I would not blindly extrapolate that behavior into the future. After all, on Sept. 10, we would not have expected a hijacker to turn a commercial airplane full of passengers into a guided missile, and even on Sept. 12, we did not envision exploding shoes as a threat to aviation.
In the aftermath of the 9/11 attacks, those adversaries almost certainly observed the immediate effect of service interruptions as well as the prolonged economic impact of infrastructure disruptions. While the weapon used was explosive rather than cyber, it doesn't take much imagination to see that similar effects could be achieved through cyberterrorism.
Crowell: Clearly, the vulnerabilities of the nation to cyberattack are growing. Critical national functions like banking, financial services, health, water and communications are increasingly dependent on highly automated systems that connect the many nodes of their operations.
These changes in the degree to which business and the government are dependent on public networks have been occurring for about a decade. The disturbing thing is that all of the trends are in the wrong direction. Business is moving more and more critical functions to networks. The speed and complexity of the deployments make it difficult for them to employ good defenses rapidly. Diversity is decreasing as we migrate more to common operating systems and common network systems.

To what extent is the war on terrorism, particularly the battle for improved homeland security, a technology problem? What roles do you see the government, corporate America and the IT vendor/developer community playing?