 |
At our April 6 meeting, Rob Kolstad presented a reality check
on cyberterrorism. His presentation took us on four field trips:
-
To Oroville dam in the Central Valley of California, where the
designers in the 1960's decided that in order to prevent terrorist
acts they would make all of the dam's functions controlled
remotely in Sacramento. In 1992 it was discovered that a hacker
had penetrated the BLM network in Portland and gained root
access on computers in Sacramento that control every dam in
northern California. Obviously, if that hacker had opened
the dam's flood gates, many lives could have been put in danger.
-
To an airport in Worcester, Mass., where a hacker in 1998 a
hacker disabled communications such that the runway lights
could not be turned on.
-
And to a hacker's lab, where Rob demonstrated how pre-packaged
exploits can be used to quickly break into computers... and
where the question has to be asked: if teenagers can
do so much, what are the professionals able to do?
-
To a briefing on a future cyber attack in the year 2002.
With the premise established that critical systems can
easily be penetrated by hackers, Rob led us through a
plausible scenario of an all-out cyber war including
sabotage of the power grid, air traffic control systems,
and oil pipelines.
Finally, Rob presented lessons from the field-trips, most
notably the fact the constant probes on the Internet are
often too small to be considered consequential-- but might
have significant consequences if left un-checked. He
discussed the importance of security audits, and the fact
that a consultant's typical analysis reveals 5 to 30 vulnerabilities
per system that is audited.
Rob is the former president of Berkeley Software Design, Inc. (BSDI),
former SANS program manager, and now finds himself in the throes of a one
year sabbatical. Rob is an
entertaining and well-known speaker in the UNIX community with interests
including optimization, promoting computing as a profession, and
racquetball.
|
 |
