Welcome to the cyberfront

By Ellen Messmer, NetworkWorld.com, 08/25/03

Talk of infowar and cyberterror has been the subject of dinner-table conversation for years among the digital cognoscenti who frequent security conferences in their jobs as IT managers for corporations and government. The recent explosion of Internet-borne computers worms - from Blaster to Welchia to SoBig.F - shows the worst fears are well-founded. When your trains don't run, your planes don't fly and your military is kept from routine work because a computer worm has eaten its way through the network, then what else can we call it but cyber-terror? That's exactly what happened last week, though this was the most harmless of little cyberwars we're likely to ever see again.

Last week's spate of worms caused North America's third-largest railroad, CSX, to immediately halt passenger and train traffic, including morning commuter service to Washington, D.C., because the network running its dispatch and signal systems was crippled by the scanning caused by the computer worms. The same effect caused Air Canada to shut down its phone-reservation system and some airport check-in operations. And the Navy and Marines had to do battle with the Welchia worm when it washed over the Navy Marine Corps Intranet, leaving it dead in the water for three days. It wasn't a movie, it was the real-life attack of the cyber-worms.

The NMCI network, managed on an outsourced basis by Electronic Data Systems, has about 100,000 users. Welchia infected about 70,000 machines last week and involved a massive clean-up to patch the vulnerable systems and wipe out Welchia infections. The Navy is now undertaking critical review of the actions of its own personnel and that of EDS to pinpoint the failure in process and procedures - particularly that of software patching - that allowed Welchia to infect NMCI.

"Welchia has been squelched for now," noted Navy Capt. Chris Christopher. "But we're having a working group look at the lessons learned." The lead on that self-critiquing effort will be the Navy Network Warfare and Space Command.

Capt. Christopher noted that the Welchia worm, whose odd mission was to try eliminate the Blaster worm and patch for the Microsoft vulnerability it exploits, was not a specific cyber-assault on military networks and was more of someone's idea of a prank than anything else. "But there's going to be a next time," he added.

There's no question all these organizations are struggling mightily to figure out how to keep the same disaster - which can probably be traced back to a lack of updated patching in Microsoft systems - to ever happen gain. The same struggle is undoubtedly going on inside many organizations that didn't make headlines. The sad fact is, these worms were not even designed to inflict the maximum damage, such as destroying files en masse, which they could have done after compromising millions of computers. The worst pain they inflicted, by and large, is that they simply scanned too darn much for most networks to handle, crippling them.

Last week was just the harbinger of a much-worse future - if we can't stop such worms from infecting our systems. The next wave may well be more cruelly and expertly crafted to deliver a far more lethal blow to transportation, military and other critical "infrastructure" components, as the White House likes to call them. Welcome to the cyberfront, it's where we all live now.

Related

Virus/Worm Research Center
The latest virus and worm news, analysis and resource links.

Back to Security Notes

Comments

It certainly is critical that we ensure our systems are protected against such pests. However, what is being done to track the source(s)of these attacks? It's obvious that we will never be able to totally eliminate the problem but we might deter some of the less experienced sources to cease and desist.

Posted by: Robert Barker on August 26, 2003 07:17 AM

Post a comment

Name:


E-mail address:


URL:


Comments:


Remember info?