Potential For Cyberattack Increases

Much like the nuclear threat during the Cold War in the last century, cyberwarfare is a potential catastrophe that the U.S. and other nations must be prepared to combat, Gartner said. Given the rate of adoption of Internet-based technology, nations will have the ability to conduct cyberwarfare by 2005.

"The world's not going to hell in a hand basket, so we can get that off the table," David Fraley, author of the recent Gartner report, said. "What's important for people to do is continuity planning -- be aware of the different threats and vulnerabilities that could hit their organizations."

Organizations could suffer irreparable harm if they don't have a strategy for keeping their businesses running, if facilities are unable to operate.

"The difference between cyberwarfare and hacking is the magnitude," Fraley said. "Cyberwarfare is on a much grander scale."

Increasing the possibility of cyberattacks is the ever-increasing use of Internet-protocol networking technology to connect critical infrastructure, as well as the movement in voice communications from a circuit- to packet-switched architecture, the research firm said.

IP networks carrying voice traffic use voice-over-IP (VoIP) equipment that is susceptible to traditional Internet threats like worms, viruses and break-ins from hackers. Denial-of-service attacks, for example, that often take down web sites, could be used to disrupt the flow of voice-carrying packets on an IP network, causing a major breakdown in communications.

On the infrastructure level, interfaces allowing maintenance and control of equipment have traditionally been accessed through dial-up modems. As more of these access points are converted to IP network connections, then the vulnerability to attack also increases.

Possible targets of attacks include network interfaces found in equipment used by dams, railroads, electrical grids and power generation facilities, Gartner said. Another target is the interface points between SS7, the central nervous system of the public switched telephone network (PSTN), and IP networks.

Gartner predicts that SS7 will become a key communications target by 2006.

Other trends adding to the potential destruction of cyber-attacks include the conversion of traditional frame relay and X.25 protocols used to connect computer systems in banking and finance to IP networking. Similar conversions are taking place in other industries, such as chemical, oil and gas, electrical, law enforcement and rail transportation.

In its research, Gartner points out businesses can find ways to manage risk through the U.S. National Infrastructure Protection Center, which has published a document entitled, "Risk Management: An Essential Guide to Protecting Critical Assets."

"Most security technology, when used in conjunction with 'best practices,' is appropriate to the proportional risk presented by the threat of cyber-warfare," Gartner said in a statement. "The proportional-risk assumption does not mean that a cyber-warfare attack would be unsuccessful if undertaken by a determined foe, but that risk is low."

*This story courtesy of Techweb.com.