/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_attachments/e5a192dd9dad5557cb09464fea56c36554600cb518b6d4d68d4e75abaedffa2e.jpg)
He has performed network security assessments for some of the world's largest corporations, including all facets of critical infrastructure, with work spanning 22 countries across four continents. He has also worked with US Federal law enforcement agencies on some of America's most notorious computer crime cases.
Co-author of books like 'Implementing Internet Security', 'Internet Security Professional Reference', and 'The Complete Internet Business Toolkit', he is now Vice President, Technology, Patch Advisor. Meet Chris Goggans, as Pratima Harigunani of CyberMedia Newsspeaks to him and finds out his views on current Cybercrime and terror issues.
How dangerous is Cyber-terrorism?
I hate that term. It is either terrorism or not. Cyber-terrorism is a misnomer. How does it matter whether one plans an attack on paper, on phone or on email? But yes, there is the factor of force-multiplier, specially in country related attacks. This relates to the ability of the first responder to deal with the aftermath.
Computer-based attacks against soft pieces of infrastructures like financial or Telecom organizations can cause greater chaos in times of emergency. I don't want to lessen the significance of the word 'terrorist' by associating it with things that don't impact human lives.
But who do you call a terrorist? In case of information warfare from China to US, the penetration of government networks could be feat for someone, could be disaster for someone. A Chinese would look at it differently and a US citizen would look at it differently. Can we call them a terrorist?
There have been several reported country-target attacks like that on Estonia apparently originating from Russia in the recent past. What's your take on this new face of terrorism, like State-sponsored attacks?
Most of the incidents have been that of DOS (Denial Of Service) flavour. The real offensive threats are growing and cover various facets of organized crime which could be financially related or could be about stealing military or IP information.
Any latest trends?
Insecure web applications have become one of the biggest targets for attackers.
From some recent US government contractor attacks we have learnt lessons like even the most insignificant network device can provide information that uncovers a major attack path In situations, where accounts and passwords are shared across platforms, a single compromise of the weakest platform can lead to massive compromise.
From another Civilian Government Agency attack, lessons are there as well. Passwords embedded in web applications are never a good thing. Web application vulnerability assessment have become as important as network vulnerability assessment. Database security is also critical and often goes checked.
Is technology being adequately harnessed on the defensive side of crime and terror?
Unfortunately, it depends on what we are trying to defend. Everyone says crime has gone more sophisticated, not to me. It's just a matter of a well-thought out and well-planned act of crime. We have to understand that technology spreads in every facet of society and anyone can use it in a way he wishes to deploy it.
So technology's role is overplayed?
Technology is so ubiquitous. It's just a tool. Using car in a bank robbery doesn't make it tech-related. Similarly, criminals would always use tools that make their job easier. In today's world where Internet, blackBerry or cellphones are at anyone's disposal, technology is just a medium.
Any comments on terror strikes? What's the best way to counter them?
It's a fundamental breakdown in Intelligence infrastructure. We need to take care of the issue about lack of co-ordination between agencies. Avoid Knee-Jerk reactions. The best way is not reacting unless proper thinking has been supplied behind actions. It's very easy to lose in this first wave of information warfare if we don't take threats seriously.
US faced the same scenario with people not taking warnings seriously. They would not be suspense anymore. With so much pre-existing agency knowledge and internal agency issues, there's a lot that can be done. We are at a point when even news agencies have information about terror targets. This could be just a tip of the iceberg and quite a scary thing.