FBI warns 'electronic Pearl Harbor' possible

[Every few months, for the past five years we get the same
 line. 'electronic Pearl Harbor' blah blah. This along with "this has
 been a serious wake up call".]

A stealth attack on the Internet-based system controlling a
major electric power grid knocks out power to hundreds of thousands of
homes. A hit on a system controlling emergency services cuts off "911"
telephone access for entire communities, putting lives at risk.Sound
like science fiction? A top FBI official warned in a briefing before a
congressional committee Tuesday that "the electronic equivalent of a
Pearl Harbor or an Oklahoma City" is on tap if the government fails to
take every precaution, including collecting intelligence on attacks that
might be in the planning stages.Although such a catastrophe has yet to
occur, "the statistics and our current cases demonstrate our dangerous
vulnerabilities to cyber attacks," said Michael Vatis, deputy assistant
director of the Federal Bureau of Investigation, and chief of the
bureau's new National Infrastructure Protection Center, which tracks
Internet security issues.Vatis, speaking before Congress' Joint Economic
Committee, ran down a laundry list of recent hacking incidents, from
breaches in Department of Defense systems to a hack that disabled
telecommunications systems at a regional Massachusetts airport.In the
airport incident, a teen-age hacker cut off access to the airport's
control tower, preventing runway lights from being turned on, Vatis told
the committee."This case is a wake-up call for those who would argue
that hacking is simply harmless fun," he said. Vatis cited a study

[Low and behold.. "wake up call".]

completed this year by the Computer Security Institute showing that 64
percent of companies polled had reported system breaches -- up 16
percent over 1997. Total financial losses for the 241 companies in this
group that could put a dollar figure on those losses was $136.8 million,
he said.That represented a 36 percent increase in reported losses over
the 1997 figure of $100.1 million.Another study, by the CERT (Computer
Emergency Response Team) security group at Carnegie Mellon University
"indicated a disturbing increase in the use of automated scripts," or
pre-configured hacking tools distributed over the Internet, "enabling
malevolent network users to attack very large numbers of systems with
much greater efficiency," Vatis said.

 Cybercrimes on the upswing

FBI computer crime investigations are up 133 percent so far this year over
1997, with 480 pending cases to date, as compared to 206 last year, he
said, although he added that systems administrators may have simply
gotten better at detecting intrusions, and that some companies,
realizing the problem is becoming more widespread, are now more willing
to share data about their own security breaches.Heading off these cyber
attacks will mean a combination of "the collection and analysis of
information gathered from all available sources, and the dissemination
of our analyses and of warnings of possible attacks to potential
victims, whether in the government or in the private sector," Vatis
said.But he added that the FBI's National Infrastructure Protection
Center will not act as "the nation's systems administrator, responsible
for physically securing everyone's systems against intruders, or
advising on the latest security software." That job must be left to

["Gee, we don't know anything about securing our systems..
 lets pawn this off on the private sector!"]

industry, he said."If an attack does occur, our role is to serve as the
federal government's focal point for crisis response and investigation.
That job is big and difficult enough," Vatis said.