Y2K problem or hacker attack? Be prepared for both
|
|||
 | |||
|
No one really knows how much damage will be inflicted on our way of life when we enter the year 2000. Will food deliveries to supermarkets be halted because diesel trucks can't prime their two-digit-date oil pumps? Will the elderly and the poor freeze to death in the concrete tundra of the northern U.S. as power plants go quiet? Will divide-by-zero in COBOL-driven Ukranian missile silos trigger an erroneous nuclear launch?
Perhaps closer to home for Network World readers, will the two-digit date change cause corporatewide confusion, regional-office chaos, customer exodus, government intervention and trillion-dollar lawsuits?
Actually, none of that worries me all that much. What I find particularly intriguing is a simple conundrum: Come January 2000, how will we be able to tell the difference between a legitimate security event and primary or corollary Y2K damage?
Large organizations with high profiles and major economic responsibility have to prepare for the added complexity of determining whether a post-010100 security event is a real attack or a Y2K glitch that gives the appearance of a security violation.
Say on Monday, Jan. 3, 2000, you get an indication that a hacker is trying to break into your networks. How do you react? What if the detection system says a hundred hackers are trying to break in? Do you respond in the same way . . . or do you automatically dismiss it as a Y2K thing - nothing to worry about?
What about the next Monday, Jan. 10, 2000? Do you let your Y2K guard down or not? And the week and month after that? At what point can you predetermine if a security violation is real or just another Y2K glitch that is bound to recur for several months until all systems have been completely updated?
There is credible suspicion that ne'er-do-wells will use Y2K to mask other behavior. The Pentagon and intelligence services have stated that there is a low-to-medium probability of international terrorists attempting to launch significant attacks against U.S. (or other) critical infrastructures. Their motivation? To disrupt society. Many professionals believe strongly that malicious hacker-types will try to wage attacks against companies. Why? Because they think it's funny and can hide their actions behind Y2K.
This is not to say that your company is automatically a target, so don't jump to that conclusion. What this means is that companies must increase their security vigilance and become even more sensitive to security-relevant events. A few thoughts on preparing for this situation:
Make your employees acutely aware that the bad guys might try to use Y2K as camouflage for other nasty deeds, such as theft, maliciousness, infrastructure attacks and to promote their religious and political beliefs.
Set policy. Under the premise that increased attacks might occur, you may want to set a higher degree of sensitivity on your access-control mechanisms. You may also want to restrict certain behaviors, especially with regard to the Internet, until you feel your security posture is stable.
Be aware that viruses are getting nastier and nastier. Make sure you have the latest signature files on your computers. Expect a host of viruses to be unleashed at the end of 1999. Trojan Horses, such as Back Orifice, are being improved and can steal your confidential data without your knowledge. You may want to restrict or monitor e-mail attachments more closely than you do normally.
If your computers behave oddly (or more oddly than usual), have your staff view such behavior as a security-related event that should be reported to management immediately.
Security is critically important to all companies, but assumptions are anathema to security professionals' performing their mission. Instead of assuming that events are related to Y2K or hacker attacks, plan for both, work on means to identify the real culprit and have potential solutions in mind.
Better safe than sorry.
RELATED LINKS
