World Watch
Google itself said the intruders seemed to be seeking information on the activ- ists’ communications with other activists and with Western news media, but that the snooping did not succeed. Google also said that attacks were perpetrated against other American companies.
The Monitor story also discussed a 2008 “Trojan Horse” attack on American energy companies. In that attack, the Monitor said, the intruders spied on three U.S. companies, targeting infor- mation on their oil and gas exploration efforts. As explained in The Huffington Post, energy companies spend hun- dreds of millions of dollars sending geologists, work crews and exploration gear to remote locations to find oil and gas. Their findings, the companies’ “crown jewels,” could be used to permit competitive bid- ding by rivals who did not make those outlays.
The Huffington Post, citing FBI and corporate cyber security experts, noted that these and many other attacks came from
disrupted so many networks. The feder- ally funded CERT Coordination Center is a major nerve center dealing with Internet security issues. The CERT/CC is operated by the Software Engineer- ing Institute (SEI) at Carnegie Mellon. Among other initiatives, the SEI created the Capability Maturity Model and Ca- pability Maturity Model Integration for computer programmers.
The Washington-based United States Computer Emergency Readiness Team (U.S.-CERT), mentioned above, is part of the National Cyber Security Division of the U.S. Department of Homeland Security. Formed in 2003, it works
cannot afford their own security teams. oCERT, while not affiliated with the university, is authorized to use the CERT service mark.
Still another initiative is the Federal Information Security Management Implementation (FISMA) Project of the National Institute of Standards and Technology. FISMA’s goal is to pro- mote the development of key security standards and guidelines to support the implementation of and compliance with the Federal Information Security Management Act, including: • Standards for categorizing informa- tion and information systems by mission impact;
...the truth is that network intrusions and the insertion of malicious software– “cyber attacks” in vernacular—have been troubling computer security experts for many years.
computers in China. As the Post put it, “for all the shock and spectacle of an al-Qaeda terrorist attack the Monitor investigation makes clear that a largely silent war is going on via the Internet and deep within the databases of inter- national companies. The stakes in the global cyber-war are at least as high as those in the global war on terror.”
The Defenders Step Up
Notwithstanding the attacks cited above, however, the United States is not totally defenseless. The Computer Emer- gency Response Team (CERT), founded at Carnegie Mellon University during the late 1980s to respond to the spread of computer worms, works under gov- ernment contract to help companies, educational institutions, and agencies at all levels fight off attacks.
In addition, the CERT Coordination Center was founded by the Defense Advanced Research Projects Agency in 1988 after the Morris computer worm
46 HISPANIC ENGINEER & Information Technology | 2011
as a public-private partnership, and frequently cooperates with the CERT Coordination Center.
U.S.-CERT acts as a clearing house for information about current security is- sues, vulnerabilities and hostile exploits through its National Cyber Alert System, and it works with computer companies to develop remedies. According to its website, U.S.-CERT is one of more than 250 organizations calling themselves “CERTs” or similar names, While U.S.- CERT is independent of these groups, it sometimes coordinates with them in event of security incidents.
The Open Source community has the oCERT project, “a public effort provid- ing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like the national CERTs offer services for their respective countries.” oCERT works to help “large infrastructures, like major distributions,” and smaller projects that
• Standards for minimum security requirements for information and information systems;
• Guidance for selecting appropriate security controls for information systems; • Guidance for assessing se- curity controls in information systems and determining their effectiveness;
• Guidance for the security authorization of information
systems, and
• Guidance for monitoring the security controls and security authorization of information systems.
Space does not permit the enumerate all of the agencies and CERTs work- ing here and in other countries, but it should suffice to point out that in a country as big as the United States, with as many corporations and small busi- nesses, academic institutions, state, local and federal government agencies, and individual computer users as it contains, the job of protecting the security of computer networks and the information they maintain, is a massive one. And since the implementation of the World Wide Web, coordination of these secu- rity programs with those of other coun- tries is even more complex and massive. But the prevalence of cyber attacks–U.S. government agencies alone experience thousands of attacks each day—means that massive job is critical.
www.hispanicengineer.com
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64