|Threats to Information Systems on the Rise |
Threats to Information Systems on the Rise
By Special Agent Daniel Fleeger, Air Force Office of Special Investigations.
Andrews Air Force Base, Maryland -- April 30, 2001 (AFPN) -- As Air Force reliance on computers and information systems has grown, so has the propensity for adversaries to exploit them to do damage.
The Air Force has experienced a steady increase in the number of attacks against its information systems, and experts agree that the number of attacks is only going to increase.
One reason is the availability, ease of use, and sophistication of publicly available computer-attack software. Such attacks once required the skills of a computer expert. They can now be achieved by the novice computer user armed with easily obtained software.
The novice attacker is not the only threat. In general terms, computer and information systems attackers can be grouped into five major categories.
The foreign intelligence service operative is an aggressive adversary who attempts to exploit the information infrastructure for intelligence purposes. He or she can identify members, evaluate their level of access to information of intelligence value, and even recruit their services -- all in cyberspace. There are significant advantages to doing business this way, such as easily concealing one's identity and gaining information rapidly.
The cyberterrorist attack goes beyond mere computer intrusions, denials of service or defacing of Web pages to actual destruction of data or systems. Use of the Internet and other information systems give terrorist groups a global and near real-time command and control communications capability. Because such groups have limited resources, and electronic intrusion can help them achieve their objectives at minimal cost, it's expected that cyberterrorism will increase.
Organized crime targets computer systems to commit fraud, acquire and exploit proprietary information, and steal funds. Criminal organizations use electronic intrusion to hinder police investigations, collect intelligence, destroy or alter data on investigations, and monitor the activities of informants.
Hackers, not too many years ago, were motivated primarily by curiosity about computer systems and network operations. In most cases, they were unlikely to engage in serious criminal activities. In contrast, today's hackers appear to be motivated by greed, revenge and politics, and their actions have become more malicious. They are more likely to aim their attacks not just at individuals, but also at enterprise information systems.
The malicious insider, who has legitimate access to proprietary information and mission-critical systems, poses a significant threat because of having trusted status and familiarity with security practices. When an insider betrays his trust, he has a much greater opportunity and ability to do harm than anyone on the outside. Moreover, he is less likely to be detected. The malicious insider, motivated by greed, revenge, or even political ideology, can act alone or with outsiders.
The threats to Air Force information systems are numerous and significant. To combat them, the Air Force Office of Special Investigations brings to bear a number of capabilities, including defensive briefings to high-risk units and personnel, countermeasures against technical surveillance devices (or "bugs"), computer crime investigators who specialize in combating crimes against computers and information systems and counterintelligence investigations.
But OSI can't do it alone. Everyone with access to computers and information systems is a partner in the war against cyber threats. If you detect intrusion activity, or receive unsolicited or suspicious e-mail, or discover new software or tools on your computer, or witness unescorted visitors in your work area, you should immediately contact your security manager or the local OSI detachment.
Familiarize yourself with the signs that an insider might be up to no good. Be wary of an insider who shows a keen interest in hacking techniques and system vulnerabilities. Take note if an insider has configured his or her computer to provide capabilities that it shouldn't have. Other traditional indicators may be observable too, such as unexplained affluence, abnormal requests for information, and a propensity for security violations.