InfoGram

March 29, 2001

NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.

Computer Security Components

Carl Denowh of the System Administration, Networking, and Security (SANS) Institute discussed the components of computer security in a December 2000 article. With some modification to his work, there are four components of consequence to the fire and emergency community: electronic security, physical security, process security, and response mitigation. Circumventing one component will create a "broken link" and render the others useless. A brief description of each is provided here for consideration by the community leadership:

1. Electronic security can be divided into the three areas of networks, hosts, and applications. It is the defense against most computer-based attacks on firewalls, routers, operating system patches, passwords, permissions, protocol controls, etc.
2. Physical security pertains to the measures taken to stop an intruder from gaining actual physical access to information or the media on which it resides. It is all about access control and establishing a perimeter defense that prevents unauthorized personnel (including employees) from all computer software, hardware, and peripherals.
3. Process security consists of the policy and procedures that are in place to maintain the confidentiality, availability, and integrity of valuable information and everything worth protecting. It completely depends on having a strong policy enforced by senior leaders with explicit procedures supported by all personnel.
4. Response mitigation deals with the risks of and response to attack. It should include aggressive measures to protect information, prevent an attack recurrence, and neutralize the source of an attack. Electronic security, physical security, and process security are significantly enhanced by effective response mitigation.

National Security Advisor Warning

The National Security Advisor, Condoleezza Rice, issued a warning that cyberterrorist attacks threaten to disrupt the nation's economy and critical services. "Today, the cyber-economy is the economy," she said, referring to the nation's dependence on computers for virtually every vital service including electricity, water, banking and finance, transportation, and communications. "Corrupt those networks, and you disrupt this nation. It is a paradox of our times that the very technology that makes the U.S. economy so dynamic'also makes us more vulnerable," she said during a forum on computer and network security. She lamented that many government agencies are not conscientiously improving computer and network security unless they have been attacked. To discourage attacks in cyberspace, she stated this nation must take additional steps to increase security of its critical infrastructures and be prepared if deterrence fails.

Water Supply

The Association of California Water Agencies (ACWA) warned that if water agencies are not protected from rolling electricity blackouts, water might not be available for drinking and fighting fires. ACWA is challenging a proposed state Public Utilities Commission (PUC) ruling that would allow power to be cut off to water utilities. PUC issued a draft decision 16 March proposing that water districts not be included as "essential facilities" exempt from power outages. Subsequently, ACWA warned that if water treatment facilities were disrupted by a two-hour blackout, it could hurt fire-fighting efforts.

"Lion" Internet Worm

The National Infrastructure Protection Center (NIPC) reported that an Internet worm named "Lion" is infecting computers and installing distributed denial of service (DDOS) tools on various computer systems. Illegal activity of this nature typically is designed to create large networks of hosts capable of launching coordinated packet flooding denial of service attacks. Possible motives for this malicious activity include exploit demonstration, exploration and reconnaissance, or preparation for widespread denial of service attacks. NIPC recommends that all computer network owners and organizations examine their systems for evidence of this worm. Specific technical instructions for detection of the worm are available from the SANS Institute website: http://www.sans.org/y2k/lion.htm.

Downloaders Beware

After learning of the theft of two VeriSign Class 3 Software Publisher Digital Certificates, Microsoft Corporation and VeriSign Incorporated immediately issued advisories that someone out there in cyberspace could be masquerading as Microsoft. The certificates are dated 29 and 30 January, and should not be accepted. Do not run any programs signed with a Microsoft certificate issued on those dates of this year. Unauthorized users of these certificates could misrepresent malicious software as an authentic Microsoft product. That means computer users who think they are downloading an update of some Microsoft software might instead end up with a Trojan horse program that could trash their hard drive. Therefore, NIPC advises Internet users to manually approve all certificates of anticipated download products until a patch is available and installed. A patch is currently under development by Microsoft. The FBI is investigating the matter.

USFACIPC Weekly Lexicon: Application

A software package or program designed to perform a specific set of functions, such as word processing, graphics, spreadsheets, desktop publishing, etc.