Attacks That Blend Threats Against People, IT Systems Predicted - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

04:57 PM
Connect Directly

Attacks That Blend Threats Against People, IT Systems Predicted

William Hancock, chief security officer at Savvis Communications, says the migration of power-grid systems to the Internet has increased their vulnerability.

In San Francisco on Thursday, William Hancock, VP of security practice and strategy and chief security officer of IT service provider Savvis Communications, told a group of IT professionals and reporters that the sky was falling.

Hancock said he expects the emergence of "blended-threat" attacks that combine war on critical infrastructure occurring simultaneously with attacks designed for large-scale fatalities such as biological terrorism. Hancock went as far as to predict that such attacks would exceed those on the World Trade Center in magnitude of disaster.

The cyberwarfare aspect of such an attack could happen in any number of ways. He described the migration of the power grid from protocols such as DECnet and OSI to TCP/IP as one area of increasing vulnerability. With more of these power-grid systems connecting directly to the Internet, he warned, they become susceptible to denial-of-service attacks that could cause blackouts across the United States.

As a more mundane example, a new PC connected to the Internet could become infected with a worm within 25 minutes--before it has completed downloading the patches necessary to protect it against the most current threats, Hancock said.

Layered defenses are necessary, he argued. "There's not a firewall made that you can't get through."

Hancock, chairman of the National Reliability and Interoperability Council Focus Group 2B, Cybersecurity, a council of advisers to the Federal Communications Commission, said that while he didn't want to be an alarmist, the state of Internet security is alarming.

Testifying before Congress in September on identity theft--currently favored by worm writers and phishers--Hancock focused on what could be done, principally in the area of identity management.

"Identity management of the future cannot be simplistic password methods of the past," he said. "It will need to incorporate advanced concepts such as biometrics and cryptographically sound methods to ensure the identity of a device, application, or individual is permitted to access data elements in databases and other information repositories."

That's essentially what Microsoft chairman Bill Gates said at the Microsoft IT Forum in Copenhagen earlier this week, where he addressed the "weakness of the password."

In his keynote address, Gates said that we cannot rely on passwords to protect health data, financial data, or records access. "Therefore, moving to biometric identification, and particularly in moving to smart cards, is a way that is coming," he predicted. "This is something that has been talked about for several years, but now we finally see the leading-edge customers taking that step."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll