In these uncertain times, we must look both outside and inside our borders for potential sources of terrorism. However, even greater vigilance is needed regarding our computer and communication networks. These networks have no borders that we can actually watch, as data streams move from street to street, city to city, state to state, and country to country through copper, fiber, and the airwaves. The best defense is to put up a strong offense, while at the same time building and adding both hardware and software that will provide extra layers of security.
Many corporations and government organizations have firewalls and antivirus software in place to prevent unwanted visitors or payloads from reaching their internal networks. But they may often overlook the fact that the threat can come from within. Such a threat can take the form of a disgruntled employee or someone on staff who has a secret agenda of gaining access to an organization's computer from behind the firewall. The threat could even come from someone posing as part of the after-hours cleaning crew. Such a person could go from desk to desk searching for employee passwords that were carelessly left in open view or for a workstation left on with full network access.
Today's antivirus software, although strong, only detects the simplest measures that a cyberterrorist may employ. What would work better is a full security strategy that compartmentalizes the corporate network, preventing any software threat from propagating across the entire organization. In addition, as corporate-heavy as it may seem, enforcing a strong sense of password security or adding some levels of biometric security would help limit the number of systems that employees access, minimizing the damage possible.
Threats coming from outside an organization also vary. They could be as "simple" as someone trying to gain network access by breaking through the firewall and leveraging weaknesses in the operating system and then using that opening to capture corporate information (databases, credit-card lists, etc.), or by someone delivering messages by taking over a corporate Web site and altering the content. Much more ruthless attacks can accomplish untold amounts of damage by destroying files, taking over a company's servers to cause denials of service, or using those servers to flood the network with worms and viruses.
To smoothly function, our society depends on both computer and voice communications. We can't let either outside or inside forces bring us to our proverbial knees with a few strokes on a keyboard. We must find additional ways to protect these essential services, and when necessary, develop new products that will make it harder for the cyberterrorists to break through our armor.
I am, in a sense, making a call to arms—that is, electronic arms. Our companies, our schools and utility systems, and our nation all require better protection from those who would try to immobilize us or cause extensive economic damage by crippling the communications networks. We must develop better tools to monitor systems and alert us when something is wrong, as well as to accelerate our ability to track down these electronic criminals across the network.
Reprints
