By ROB SUTCLIFF
This spring's ferocious shouting match between North and South Korea may result in something far worse for us than the power outage we experienced last Christmas. Our country's control systems over power grids, banks, airlines, universities, hospitals and trucking and rail lines are all susceptible to harm from long-distance computer "hacking." A dozen countries, including North Korea, show an unnerving willingness to spread real damage at a second's notice. This is not to ignore the free agents who also roam cyberspace; some of whom are breathtakingly skillful at identity theft for fun and profit.
Former White House Counterterrorism Czar Richard Clarke's latest book, "Cyber War—The Next Threat to National Security and What To Do About It," has just been released. Here's a quick look at a few of Mr. Clarke's points: Cyber war happens at the speed of light, is global, skips the battlefield and has already begun. North Korea actually launched a successful cyber attack on South Korea last July 9. About 600 Korean People's Army "hacktivists," based in rented quarters in China, used netbots (stealthy little software robots) to round up a few hundred thousand computers (like ours and our neighbors') to execute a "denial of service attack" on the south. Infrastructure, financial records, power distribution and manufacturing were all hit hard for a few days, but the origin of the attack could not even be pinpointed.
Clarke says the U.S. takes cyber warfare seriously as an offensive weapon, has extraordinary skills, and has even established a Pentagon Cyber Command. Cyber warfare defense, however, has languished under the last five administrations and, at the moment, is devoted solely to the protection of military resources while non-defense assets are left to the oversight of Homeland Security.
According to Clarke, a triple-pronged defense needs to be adopted. He says it should consist of protecting the Internet "backbone" by deep-scanning every "packet" of data entering it, securing our three giant power grids by "unplugging" them from the internet and moving all national defense activity to the most hypersecure secret network and away from the Pentagon's two less secure networks, which were both infiltrated by the Russians in November 2008.
As a computer professional serving our valley for a decade and a half, I've become increasingly concerned about the gaps in computer security I see in homes and offices every day. Over the years we've all read those sensationalized, and often inaccurate, reports about the latest virus threats. But the real stuff—malware—has escaped the attention of most computer users. Oh, an attack like the one in Korea, makes the news once in a while, but the sneaky little netbots which cause the real trouble are unfamiliar to the great majority of folks who power up a computer every morning to read their e-mail. What I find, more often than not, are systems infected with numerous "rogues" designed to extort money from the unsuspecting.
We live in a "cloud" of computing activity driven by about a billion computers worldwide. We share bandwidth (capacity), service providers, servers, routers and backbones. We are all interconnected now and becoming more so every day. Because of that fact, we are no longer computing in a vacuum.
Measures taken to create a secure computing environment benefit the entire community. So what should we do to protect ourselves and our fellows? Here are five simple steps that can go a long way toward frustrating intruders:
· Activate firewall protection in our computers and routers.
· Install and use competent antivirus protection. Old, outdated antivirus software just creates avenues for intrusion and should be removed. Excellent protection is widely available free of charge. Here is an example: http://free.avg.com/ww-en/download.prd-afg.
· Free anti-malware protection is also available for download. An excellent example is found at www.malwarebytes.org
· Restrict guest access to our computers.
· Create and use meaningful passwords (8 digit combinations of uppercase letters, lowercase letters, and numerals like this: DCG6Zjk2).
Rob Sutcliff, of Ketchum, operates a business called the Computer Doctor.