Visions of air traffic systems going black, online commerce grinding to a halt or a major stock market being taken out of commission may seem surreal. But a new generation of terrorism — targeting the “behind the scenes” infrastructure of companies large and small — is on the radar of Al Qaeda and their peers. So where does our nation stand on shoring up our cyber-defenses?
With images of the September 11th attacks forever forged in the nation’s psyche, another much less visible threat may be looming that could catch corporate America and the nation by surprise — while causing severe economic damage.
“The nightmare scenario for most in this space is a huge attack on the root servers or the domain name servers or the critical nodes at the Internet itself,” said Dave McCurdy, Executive Director of the Internet Security Alliance, referring to the digital address books and the electronic conduits that route traffic through cyberspace.
Unlike aviation, nuclear sites or other high profile physical targets — where metal detectors and other security procedures screen people who gain access — the portal to get onto the Internet is simply a telephone dialup and a personal computer.
And with 85 percent of the Internet infrastructure in the hands of the private sector, the government is struggling to find its regulatory footing when dealing with this relatively immature yet enormously vital industry.
“Our understanding of crime in cyberspace is much worse than our understanding of crime on the street or in the corporate suite,” said Richard Hunter, an analyst with the technology research and consulting firm Gartner Group.
The White House weighed in in September with its National Strategy to Secure Cyberspace. The reaction was mixed.
“They have to first set a good example for the country,” said McCurdy. “By setting a good example they have to have good cyber security policies, procedures, and technology. And they’re not there”
To date, the lion’s share of the responsibility has fallen to companies like Verisign. The firm is tasked with managing and guarding a vast Internet that’s spread across all 7 continents — accessed by some 400 million people each day, who make some 400 billion queries.
Ken Silva is on the front lines for Verisign. His team manages two of the Internet’s 13 global root servers.
“Just to give you an idea, the domestic telephony system does about 2 billion transactions today,” he said. “And our 8 billion (Internet transactions) continues to redouble about every 8-12 months.
Analysts expect this breakneck growth to continue through 2005, when they project 10 percent of the world’s commerce will be Internet-based. But critics worry that business investment in cyber-security isn’t keeping up. And that could have dire consequences.
That’s why Gartner Group, in conjunction with the U.S. Naval War College, recently conducted a series of war games that brought together top industry experts and academics. Their mandate was to quantify potential fallout from cyber-terrorism and seek out the biggest holes in the system.
“Insiders, according to the scenarios we developed at Digital Pearl Harbor, could carry off large-scale attacks with damages in the tens or hundreds of millions of dollars that are aimed at disruption, not profit,” said Hunter.
Those dollar amounts aren’t the same magnitude as the September 11th attack, which took an estimated $150 billion toll on the nation’s economy. But the guardians of cyberspace, like Verisign’s director of public policy, Michael Aisenberg, warn that the government can only hope that we’re all doing our jobs well.
“They can jawbone, they can cajole, they can provide leadership, in some cases they can even provide financial support for security on the Net,” he said. “But in the final analysis, it is the private sector custodians of the key assets like Verisign on whose shoulder the responsibility for Internet security rests.”
Now, both business and government words must be matched by action.