Technology Focus: Cyber Threats Outrun Y2K Challenges, Disaster Scenarios

  @DavidZie on February 12 2012 10:28 AM
Shady RAT
The Shady RAT Operation, which revealed several US government agencies fell victim to a hack attack, is nothing shocking from what one security expert sees. REUTERS

Turn the clock back 13 years to 1999. Seek out the Chief Information Officer of any large business. What was the big worry? Y2K.

Remember Y2K, shorthand for the millennium shift.the fear that as the clock struck midnight for Jan. 1, 2000, planes would fall out of the sky and power plants would explode?

Remember that nothing of the sort happened? For years before, though, technologists prepared. Software experts worked on bug fixes. Millions of PCs and servers were chucked. Utilities, airlines and railroads all made sure their systems were ready.

Now come back to 2012: consider cyberattacks, hacking and computerized warfare. Look at how much more Internet access is available worldwide and the proliferation of electronic devices, especially smartphones. Last year, nearly 480 million of them were sold, estimates IHS iSuppli.

The dangers are far worse. Last week, both security software developer Symantec, which sells Norton Anti-Virus, and domain name registrar VeriSign acknowledged they'd been hacked. So did the United Nations. Citigroup acknowledged a cyberattack in the U.S. and Brazil. The U.S. Central Intelligence Agency Web site was put out of commission apparently by Anonymous, whose exploits have become very well known.

Certain other corporate attacks enjoy notoriety such as the Choicepoint theft of hundreds of thousands of credit card files; Intel and McAfee's Shady RAT discovery that more than 70 global enterprises had been attacked and admissions by the Pentagon that national interests, probably from China, had breached many departmental portals.

People don't seem to care, said Joel Bomgar, whose Jackson, Miss.-based eponymous company provides security services to Massachusetts Institute of Technology and many enterprises.  Millions of users of Symantec's PCAnywhere software in use since before 2000 are largely unprotected, he said.

Sixty to 70 percent of all intrusions succeed because the hackers can control these programs, Bomgar said in an interview.

It's not just old programs, said C. Warren Axelrod, a veteran cybersecurity expert who's testified before Congress and currently advises Wall Street. Attacks into networks protected by Symantec or EMC's RSA Security are partially sophisticated and also often poised by insiders, he said.

But neither governments nor enterprises - much less consumers - have the ability to protect themselves with the proliferation of data, new appliances and the offshoring of so much manufacturing, Axelrod warned.

Now that so many chips are manufactured in Asian semiconductor foundries, there's an assumption their firmware or designed-in software, is secure. Not so, Axelrod complained. The chipmakers aren't even using statistical sampling to determine whether they're safe.

Chances are a Taiwanese or Chinese hacker could essentially hack systems all the way down to the chip level, leaving them highly vulnerable.

All this comes as the government and enterprises are shifting more and more traffic to the cloud, or Internet-based computing. I'm quite bullish about all this, said Leon Lasker, chief information of Computer Sciences Corp., one of the biggest service providers with a giant enterprise portfolio.

Last month, Steven VanRoekel, Chief Information Officer of the U.S., said he plans to send as much data to the cloud as possible, seeking public-private partnerships. Security, he said, is key but will remain the mission of the Pentagon.

That effectively means there will be vulnerability everywhere.

VanRoekel said the government can be reasonably sure of security. President Obama, for one, has a federally issued BlackBerry from Research in Motion, which he uses to communicate with people such as Secretary of State Hillary Clinton and Treasury Secretary Timothy Geithner.

At the end of the day, they need to be sure anything seriously related to national security isn't posted on the BlackBerry. Ever.

The Roman poet Juvenal asked, Quis custodiet ipsos custodies? Latin for Who will guard the guards themselves? Nothing has changed.

Join the Discussion