February 24, 2004 (Computerworld) --
WASHINGTON -- The CIA, working with the FBI, the Department of Homeland Security and the Pentagon, this week will publish the first-ever classified National Intelligence Estimate (NIE) on the threat of cyberterrorism against U.S. critical infrastructures. News about the estimate, which was first requested in March 2000 by a senior member of the House Armed Services Committee, came today during a Senate Judiciary subcommittee hearing on cyberterrorist threats and capabilities. However, Sen. John Kyl (R-Ariz.), chairman of the Senate Subcommittee on Terrorism, Technology and Homeland Security, and ranking member Sen. Dianne Feinstein (D-Calif.) expressed concern that the Department of Homeland Security has not focused enough high-level attention on the threat posed by terrorist-sponsored cyber disruptions or physical attacks against critical cyber infrastructures. "I'm afraid that we're not taking this threat seriously enough," said Feinstein. In particular, she said she was troubled by the decision to move the position once held by former cybersecurity czar Richard Clarke from the White House to where it now sits, several layers down in the DHS bureaucracy. She questioned the extent to which Amit Yoran, the current director of the National Cyber Security Division at the DHS, can influence the overall national homeland security strategy. Yoran, however, said the DHS doesn't view cybersecurity as a separate entity, but "one element" of a larger critical infrastructure protection strategy. Kyl pressed Yoran to answer specific questions about the cyberthreats posed to the U.S. by both nation-states and terrorist organizations. Yoran was unable to provide any answers and relied instead on supporting testimony from John Malcolm, deputy assistant attorney general at the Justice Department, and Keith Lourdeau, deputy assistant director of the FBI's Cyber Division.
According to Yoran, the DHS takes a "threat-independent" approach to cybersecurity and does not assess the capabilities or intent of any specific group or individual. "We'll have to wait and see what the NIE says," Yoran told Kyl. Lourdeau said the FBI's assessment indicates that the cyberterrorist threat to the U.S. is "rapidly expanding." In addition, the FBI predicts that "terrorist groups will either develop or hire hackers, particularly for the purpose of complementing large physical attacks with cyberattacks," he said. Describing what could have become a cyberterrorist incident, Lourdeau explained how two hackers on May 3, 2003, sent an e-mail to the National Science Foundation's Network Operations Center. In it, they claimed to have penetrated the NSF network that controls life-support systems for dozens of scientists at a South Pole research station at a time when weather conditions would not permit aircraft to deliver assistance. The e-mail, which threatened to expose the vulnerability data unless the attacker was paid money, "contained data
"Welcome to a special IT Blogwatch EXTRA: as Richi Jennings watches bloggers' reactions to the Russian hackers who claim to..."
Read more...
"As if taxpayers needed another reason to scorn the IRS. I read yesterday that the inspector general review of several..."
Read more... Read more Security posts or See all Blogs
One positive development stemming from the collapse of Wall Street may be a boost in interest in computer science and IT careers among students who were previously interested in financial services jobs.
From Laggard to Leader: Transforming the Data Center
From Laggard to Leader: Transforming the Data Center Register for this complimentary webcast today! Go to the webcast
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing
Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage
Download this white paper today! (Source: HP) Designed for CIOs, IT managers, data center managers and grid computing architects seeking to improve performance, SAS Grid Computing on the HP BladeSystem c-Class helps accelerate growth and mitigate risks with a simplified, consolidated infrastructure that's agile enough to efficiently handle change. SAS Grid Manager on HP BladeSystem can lower costs through automation, virtualization and improved IT efficiency. Download this white paper
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Securing your network begins at the gateway, also called the perimeter, to keep unauthorized users, viruses and malicious code from entering your systems. Deploying multilayer technologies is your first line of defense. With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. One of the key facets of a successful security strategy is protecting the servers that run critical applications and house so much of your essential data. Having the right policies, procedures and server configurations is critical.
Fired up about IT?Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.
Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage.
Preston Gralla: Apple plays the bully again
Apple is once again unleashing its attack dog lawyers. This time against a college for using an apple in its logo. ... [more]
See your link here
Subscribe to
Computerworld 
or
Other Security Stories
From Laggard to Leader: Transforming the Data Center
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. 
Download this white paper today!
Read up on the latest ideas and technologies from companies that sell hardware, software and services. 
The Security Zone
Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.
Preston Gralla: Apple plays the bully again
Apple is once again unleashing its attack dog lawyers. This time against a college for using an apple in its logo. ... [more]