Experts predict major cyberattack coming
Corporate icons could be targets, and trillions of dollars worth of damage is possible
Computerworld - A terrorist-sponsored cyberattack against major U.S. networks and businesses is no longer a question of if, but when and to what extent, according to former senior intelligence and security officials.
Although the laundry list of warnings surrounding possible attacks has left people confused about what to prepare for, many experts with firsthand experience in counterterrorism said plans should be put in place to respond to a conventional bombing or chemical attack against a prominent private U.S. company, which would be followed closely by a cyber- or physical attack against regional communications and power systems to hamper rescue and recovery efforts.
A former senior intelligence official said companies considered American icons, such as General Electric Co., General Motors Corp. or IBM, could find themselves under siege.
The ex-official, who requested anonymity, said it's urgent that secure communications channels be established between CEOs of large multinational companies and government agencies such as local FBI offices.
Despite reports that Osama bin Laden has ordered the direct targeting of U.S. economic symbols, there has been no evidence to suggest that traditional terrorist groups have abandoned bombs and guns for computers, said Eric Shaw, a former CIA profiler who now works at Stroz Associates LLC, a cybercrime consulting firm in New York.
Plot Against Microsoft?
Global corporations, especially ones with ties to India or Israel, are big targets, Shaw said. In fact, he added, shortly after Indian authorities apprehended an al-Qaeda operative who warned of the December 2001 attack against the Indian Parliament, the suspect reportedly confessed to having knowledge of an infiltration operation against Microsoft Corp.
Microsoft spokesman Matt Pilla said the company hasn't been contacted by Indian authorities. But based on an internal security review and the various claims made by the suspect, the company doesn't consider the threat to be credible. However, Pilla said, Microsoft has beefed up both network and physical security around its corporate offices in the wake of Sept. 11.
Microsoft likely wouldn't be the only company targeted by so-called hackers for hire, experts said.
There are thousands of hackers capable of causing significant regional disruptions of the telecommunications and power grids as a way to amplify the effects of a physical attack, according to Stuart McClure, president and chief technology officer of Mission Viejo, Calif.-based Foundstone Inc.
"It's also safe to say that they have the blueprints for the networks," he said.
Jim Williams, director of security solutions at Omaha-based security services company Solutionary Inc. and a former member of the FBI's San Francisco computer-intrusion squad, said the cyberthreats to the nation's telecommunications, power and emergency services systems are
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts