Computerworld - A research paper released last month by the Center for Strategic & International Studies (CSIS), a Washington-based think tank, argues that computer networks and critical infrastructures are distinct entities and that the threat from cyberterrorism is far less serious than the government and the media contend.
"The assumption of vulnerability is wrong," argues James A. Lewis, a CSIS analyst and author of "Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats."
"While many computer networks remain very vulnerable to attack, few critical infrastructures are equally vulnerable," according to Lewis. "Computer network vulnerabilities are an increasingly serious business problem, but their threat to national security is overstated."
But Lewis offers few examples and technical details to support his claims, which stand in stark contrast to much of the new thinking by high-level national security experts on the issue of critical infrastructure protection and cybersecurity.
In a recent interview with Computerworld, for example, Brenton Greene, deputy director of the National Communications System, an executive-branch agency responsible for maintaining and restoring communications during times of national crisis, said the physical and cyber aspects of critical-infrastructure protection can't be separated. Major physical events will have digital ramifications and vice versa, said Greene.
That's also the conclusion of the recently released annual report of the Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction, led by former Virginia Gov. James S. Gilmore (see story). "Cyberspace has been isolated and specialized, thus limiting its perceived relevance to day-to-day outcomes and even its relevance to what are viewed as clear and present homeland security threats," the commission stated.
In an interview, Gilmore said the commission's studies show that cyberterrorism is a clear and present danger to critical infrastructure.
"The information technology, Internet and computer world that we now live in is vulnerable, and it must be analyzed together with other physical parts of critical infrastructure in order to protect the nation," he said.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts