[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] CIA to issue cyberterror intelligence estimate
From:       InfoSec News <isn () c4i ! org>
Date:       2004-02-25 10:09:50
Message-ID: Pine.LNX.4.44.0402250409310.23149-100000 () idle ! curiosity ! org
[Download RAW message or body]

Forwarded from: William Knowles <wk@c4i.org>

http://www.computerworld.com/securitytopics/security/story/0,10801,90448,00.html

By Dan Verton 
FEBRUARY 24, 2004
COMPUTERWORLD

WASHINGTON -- The CIA, working with the FBI, the Department of
Homeland Security and the Pentagon, this week will publish the
first-ever classified National Intelligence Estimate (NIE) on the
threat of cyberterrorism against U.S. critical infrastructures.

News about the estimate, which was first requested in March 2000 by a
senior member of the House Armed Services Committee, came today during
a Senate Judiciary subcommittee hearing on cyberterrorist threats and
capabilities.

However, Sen. John Kyl (R-Ariz.), chairman of the Senate Subcommittee
on Terrorism, Technology and Homeland Security, and ranking member
Sen. Diane Feinstein (D-Calif.) expressed concern that the Department
of Homeland Security has not focused enough high-level attention on
the threat posed by terrorist-sponsored cyber disruptions or physical
attacks against critical cyber infrastructures.

"I'm afraid that we're not taking this threat seriously enough," said
Feinstein. In particular, she said she was troubled by the decision to
move the position once held by former cybersecurity czar Richard
Clarke from the White House to where it now sits, several layers down
in the DHS bureaucracy. She questioned the extent to which Amit Yoran,
the current director of the National Cyber Security Division at the
DHS, can influence the overall national homeland security strategy.

Yoran, however, said the DHS does not view cybersecurity as a separate
entity, but "one element" of a larger critical infrastructure
protection strategy.

Kyl pressed Yoran to answer specific questions about the cyberthreats
posed to the U.S. by both nation-states and terrorist organizations.  
Yoran was unable to provide any answers and relied instead on
supporting testimony from John Malcolm, deputy assistant attorney
general at the Justice Department, and Keith Lourdeau, deputy
assistant director of the FBI's Cyber Division.

According to Yoran, the DHS takes a "threat-independent" approach to
cybersecurity and does not assess the capabilities or intent of any
specific group or individual. "We'll have to wait and see what the NIE
says," Yoran told Kyl.

Lourdeau said the FBI's assessment indicates that the cyberterrorist
threat to the U.S. is "rapidly expanding." In addition, the FBI
predicts that "terrorist groups will either develop or hire hackers,
particularly for the purpose of complementing large physical attacks
with cyberattacks," he said.

Describing what could have become a cyberterrorist incident, Lourdeau
explained how two hackers on May 3, 2003, sent an e-mail to the
National Science Foundation's Network Operations Center. In it, they
claimed to have penetrated the NSF network that controls life-support
systems for dozens of scientists at a South Pole research station at a
time when weather conditions would not permit aircraft to deliver
assistance.

The e-mail, which threatened to expose the vulnerability data unless
the attacker was paid money, "contained data only found on the NSF's
computer systems, proving that this was no hoax," said Lourdeau.

The FBI eventually determined that the intruders were using computers
in a cybercafe in Romania and had first hacked into a system operated
by a trucking company in Pittsburgh before breaking into the NSF
network. The two hackers were arrested in June.

Malcolm urged the committee "not to allow the provisions [of the USA
Patriot Act] to sunset." According to him, key provisions of the law,
including those that permit courts to issue nationwide search warrants
for electronic communications, are "essential to any prosecution of
cyberterrorism."


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]