Daily News Editorial wrote:
> Computers and the Internet are used to control and coordinate
> airports, radio stations, electric utilities and radio communications
> between first responders. Imagine how much worse the panic and death
> toll on 9/11 might have been if New York were left without electric
> power, without access to computers and without working phones, radio,
> television or traffic lights.
> A cyberattack could plunge all or part of the nation into chaos.
There IS cause for concern, but the risk varies greatly from one
application to another.
Also, "cyberattack" has many different meanings. Much of it simply
could be a traditional physical attack on infrastructure, such as
putting an explosive down a utility manhole or blowing up a computer
room. How much protection does critical power substations have
against being bombed?
Many networks are very vulnerable to viruses. For example, an email
virus could cripple everyone's desk top with a flood of emails. That
might have nothing to do with an application, but if one's desktop is
down, can one still control an application? For critical control
points, such control units should be fully isolated except for their
dedicated function. Operators shouldn't be emailing their girlfriends
or surfing the net from such computers.
Critical applications should not be controlled through the Internet at
all. That is way too risky. It's all right for an applicaton to use
Internet protocols within itself, but it should be completely isolated
from the Internet. That is direct lines between control and the
field, with secondary backup lines.
> Still, federal bureaucrats have their heads stuck in the sand. In May,
> red-faced officials at the Veterans Affairs Department acknowledged that
> sensitive personal information on more than 26 million veterans --
> including names, addresses and Social Security numbers -- had gone
This turned out to be much ado about nothing. The laptop was stolen
for itself, not for the data on it. I suspect almost all such thefts
are for the physical item, not the data.
(We do need far better controls on protecting information, though.)
In this day and age the existence of sabotage viruses and the like is
inexcusable. The sabotage isn't by James Bond type figures climbing
down the skylight. A great many people are skilled enough to make
viruses, they just choose not to. The Internet should be far more
secure. It's like using a bathroom door lock to protect the gold at
We'll probably need a national or international body to control the
Internet and eliminate the numerous weakspots in it, kind of like the
way the FCC and intl bodies allocate radio frequencies and telephone
signal protocols. This business of hijacking unprotected servers is
Although this is blasphemous to say so, we'll probably need border
controls on Internet traffic entering the United States just as there
is on physical goods. Or quarentine borders around countries that
create malicious viruses, phishing, etc.
I still insist the term "virus" is very misleading. It implies it's
something we can't really control very well, like the common cold.
But that's false. It's sabotage, not naturally from nature, but
specifically created by people. Maybe if the headlines read "ABC BANK
HIT BY SABOTAGE, 3RD ATTACK THIS WEEK" people would take notice and
[public replies, please]