Home > News > Computer Experts Warn of Cyber Terror (William Wulf testifies before Congress on need for computer security research)

Computer Experts Warn of Cyber Terror (William Wulf testifies before Congress on need for computer security research)

From
October 10, 2001

By Larry Margasak
Associated Press Writer
Wednesday, Oct. 10, 2001; 1:18 p.m. EDT

WASHINGTON –– Computer experts asked Congress Wednesday to imagine a terrorist assault that combines the massive destruction of Sept. 11 with a simultaneous cyber-attack.

Cyber-security expert Terry Benzel, who specializes in computer protection systems, raised chilling "what if" scenarios as she and other experts called for a crash research effort to protect computers against a terrorist attack.

Benzel, a vice president of Network Associates Inc. of Santa Clara, Calif., told the House Science Committee the possibilities are "beyond frightening." She asked: "What if the terrorists were also able to impact our communications system, thus hampering the rescue and recovery efforts?

"What if the attackers were able to compromise systems monitoring the water supply for Manhattan? What if power to parts of the Northeast corridor could have been brought down through a cyber-attack on key systems? We must prepare now to prevent this from happening."

The chairman of the committee, Rep. Sherwood Boehlert, R-N.Y., said that while computer networks are vulnerable to criminal and terrorist attacks, research and development on computer security has not kept pace with the threat.

"To put it simply, we need more people to be doing more creative thinking about computer security. That's what our adversaries are doing," Boehlert said.

Computer networks now are critical to electric power, natural gas, petroleum production and distribution, telecommunications, transportation, water supplies, banking and finance and emergency services.

A Science Committee background paper said many experts believe only 45 to 75 researchers in the nation have the experience to conduct cutting-edge research in computer security.

William A. Wulf, president of the National Academy of Engineering and a professor at the University of Virginia, said the number was slightly higher – 100 to 200 – but agreed "our research base in computer security and network security is minuscule."

He said current security systems were using assumptions developed in the 1960s for individual computers and mainframes. "Now that we've got networks, the whole system is bankrupt," Wulf said.

Benzel, whose company is a leading supplier of network security, said the most alarming scenario is a combined physical and cyber-attack that brings "cascading disruptions on a regional, national or international scale."

An attack on the air traffic control network could reduce the ability to track off-course airplanes. A chemical weapons attack could be combined with an assault on computerized water supply control systems, Benzel said.

Benzel proposed unprecedented sharing of computer security information between industry and government.

She suggested that the new Office of Homeland Security, headed by former Pennsylvania Gov. Tom Ridge, make computer security part of the nation's defense against terrorism.

Federal agencies also need adequate funds to research new ways to protect critical computer networks, she said.

Dr. Eugene Spafford, professor of computer sciences at Purdue University, said computer systems were designed for speed or price, with little concern for security.

"Security cannot be easily or adequately added on after the fact and this greatly complicates our overall mission," he said. "The software and hardware being deployed today has been designed by individuals with little or no security training, using unsafe methods, and then poorly tested."

© Copyright 2001 The Associated Press

Original Article


Original Article | Local Copy

Return To List