Says security-built networks, cooperation could offer protections
A terrorist cyberattack on the U.S. infrastructure could be inevitable, a top FBI official said, but public and private cooperation to protect ourselves may be able to head it off at the pass.
Harold Hendershot, chief of the FBI's counterintelligence/counterterrorism's Computer Intruder Unit, also pointed to key security weaknesses in current networks the bureau has uncovered as potential sources of problems for corporations.
He made his remarks during his keynote address at PC Expo, held at the Jacob Javits Convention Center in New York--still reeling from the Sept. 11 attacks on the World Trade Center.
"Terrorists, fortunately, have not used the Internet to exploit the infrastructure," Hendershot said. To date, he said, they have used the Internet "mainly for communication, e-mail, chat rooms and to research. But I'm telling you, it's coming."
Even seemingly innocent Web activity has created cause for concern, he said. The government has detected on occasion significant "data-mining" activity on public infrastructure Web sites--apparently researching information on items such as water supplies and emergency services--coming "from countries that cause us concern."
The government has subsequently issued a warning to agencies and corporations to be wary of what details of public infrastructure are publicized over the Web.
Pointing to his ultimate "nightmare" scenario, Hendershot said he feared a combination of a Sept. 11-proportion attack combined with a cyberattack on infrastructure, including, possibly, 911 emergency systems. Cooperation, planning and security could fend off such a scenario, he said.
Hendershot also noted that, using relatively primitive devices, he and the FBI have found significant flaws in wireless networks. He told the audience that by using an empty Pringles container, cheap transistor radio equipment from Radio Shack and a laptop, he drove around the Washington, D.C., area and was able to tap into the wireless networks of several businesses and law firms.
"Wireless has gone crazy" with growth, Hendershot said. But, he added, "Security is not really built into networks."
An unscientific FBI survey of 223 companies found that 90 percent had suffered some sort of network intrusion and those that had logged $456 million in losses as a result, he said. The average loss of $2 million, he said, was up from $400,000 just several years ago.