Be Prepared for Cyberterrorism

Computerworld - During a recent Gartner conference, Robert Gates, formerly a director of the CIA and currently the president of Texas A&M University, warned attendees that companies must prepare for terrorism in all aspects of business. He also asserted that the three big threats to business today are terrorism, global organized crime and economic espionage. According to the U.S. Department of Homeland Security's definition, acts of terrorism range from threats of terrorism, assassinations, kidnappings, hijackings, bomb scares and bombings, and cyberattacks to the use of chemical, biological and nuclear weapons. While any one of the aforementioned events could have a dramatic effect on the integrity and availability of your valuable information assets, the threat of cyberterrorism should be taken particularly seriously.
"Within the past several years, the U.S. has been the target of increasingly lethal terrorist attacks, which highlight the potential vulnerability of our networked systems," Keith Lourdeau, deputy assistant director of the FBI's Cyber Division, said in testimony before the Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security in February 2004. "These attacks were carried out by terrorists wanting to harm U.S. interests in order to forward their individual cause. Our networked systems make inviting targets for terrorists due to the potential for large-scale impact to the nation."
Lourdeau further pointed out that vulnerabilities to our networked systems can be attributed to a number of factors and that threats originate from a number of sources. These include easy accessibility to those systems via the Internet; the wide availability of tools that can be used maliciously by anyone with a point-and-click ability; the globalization of our nation's infrastructures, which increases their exposure to potential harm; and the interdependencies of networked systems, which make attack consequences harder to predict and perhaps more severe.
This is where incident management and business continuity come into play. A computer security incident is considered to be any event wherein some aspect of a computer system is threatened. Such incidents include the loss of data confidentiality, disruption of data or system integrity, or disruption or denial of availability.
Planning for business continuity includes being prepared for a variety of threats: viruses, hack attacks (originating both internally and externally), industrial espionage, denial-of-service attacks, unauthorized access to systems, hoaxes and fraud. Advance planning for such threats has, for many organizations, required the investment of massive numbers of man-hours and enormous financial infusions.
Nevertheless, many businesses remain insufficiently equipped to deal with cyberterrorism because they have failed to understand the nature of threats, or they simply don't have the employees with