The noise level on this topic has raised considerably this month and I have pulled together all the relevant postings into the following thought-provoking story.
With about 85% of the USA's critical infrastructure--energy utilities, manufacturing & transportation facilities, telecommunication & data networks, and financial services--in the private sector and not sharing security information with each other, it's no wonder that there are concerns of
orchestrated cyberterrorist attacks bringing the country to its knees.
To address this, a new Cyber Incident Detection & Data Analysis Center, or
CIDDAC, is being formed to warn law enforcement of critical infrastructure attacks
which could be the battlefields of future wars. Several businesses and organizations are testing a new process for anonymously sharing cyberthreat and attack data with their peers and government agencies (through CIDDAC) without being subject to law-enforcement audits or public scrutiny.
To further reinforce the importance of this inititaive, an article in the August issue of IEEE-USA Today's Engineer warns that the information technology infrastructure in the US, including air traffic control systems, power grids, financial systems, and military and intelligence cyber networks, is highly vulnerable to terrorist and criminal attacks, noting that
US cybersecurity is 'almost out of control'.It would only be a matter of time before cyber-terrorists exploited this vulnerability and the
Washington Times reports that Islamic extremists are already organising themselves together for a "Digital Jihad". A Web forum called al-Farooq, for Muslim extremists, is calling on its members to organize an Islamist hackers' army to carry out Internet attacks against the U.S. government. The site has posted tips, software and links to other resources to help would-be cyber-jihad warriors and represents a how-to manual for the disruption and/or destruction of enemy electronic resources, including e-mail, Web sites and computer hardware. The forum called for the creation of an Islamist organization, dubbed "Jaish al-Hacker al-Islami," - the Islamic Hacker's Army.
And it doesn't stop there - Mark Rasch, former head of the Justice Department's computer crime unit, has noticed a disturbing trend: Al-Qaida and other terror groups together with foreign governments are
trying to hire skilled Internet hackers to penetrate US government and commercial computer networks, he says. And plenty of hackers seem willing to do the work.
Also, the
the Washington Post reports that web sites in China are being used heavily to target computer networks in the Defense Department and other U.S. agencies, successfully breaching hundreds of unclassified networks.
With mission-critical networks under attack, the US Department of Defence (DOD) is working furiously to plug infosecurity holes, launching the
Manhattan Project. Unless DOD changes how it operates and learns to defend its cyber networks, many military experts say it will not be able to wage an effective battle in the cyberwar that is emerging as the 21st century's biggest challenge.