Ops Warned to Guard Computer Systems2/27/2000 7:00 PM Eastern
San Antonio -- Cable operators, along with the rest of
American businesses, should pay more attention to securing vital computer systems, experts
said at a cable-security conference here last week.
Recent hacker attacks, such as the one that crashed Cable
News Network's Web site, have raised awareness of the need for Web-domain safety, but
local cable systems need to armor themselves, too, said Alan Carroll, supervising special
agent with the National Infrastructure Protection Center of the Federal Bureau of
"The Internet is your friend, but also your biggest
enemy," he added.
Speakers said cable is rapidly deploying high-tech products
without analyzing the possible risks of service failure. What happens, they posited, when
a hacker knocks a cable-telephony system offline just as a subscriber tries to reach 911
for medical aid, or when an outage costs a day-trading subscriber millions of dollars?
"We have to be a lot smarter about our business. We
may not be civilly or criminally liable, but it could still be costly to defend,"
said Stan Durey, director of security programs at Motorola Broadband Communications
Lots of companies are behind the curve, not just cable
operators. A poll of U.S. businesses showed that only 38 percent of respondents had a
written policy on dealing with computer-system intrusions. Only 22 percent attempt to
preserve evidence, and just 16 percent have analyzed the potential liability for
intrusions, according to information Carroll presented.
Sloppy business practices -- such as poor password
security, unprotected physical entry points and unlocked server locations -- heighten the
risk of unlawful intrusion, especially from disgruntled employees or ex-employees,
Carroll suggested that every operator design an opening
banner, presented each and every time an employee logs on to a computer. It should warn
employees that all communications, including e-mail, are subject to monitoring. The
warning should also state that improper use would be reported to law enforcement, where
Further, employees should expect no right to privacy, and
the banner should state that use of the computer system constitutes consent by the
employee to the terms stated. This will not prevent hacking, Carroll said, but it will aid
prosecution if an employer has to go to court against an internal hacker.
Nearly three-quarters of businesses that were hacked said
they didn't report the intrusion for fear of bad publicity or that a competitor would
capitalize, Carroll said. But that information helps the government to track vandals and
terrorists, he added.
He urged businesses to join "InfraGuard," an
FBI-sponsored program to share computer-vulnerability information. The program helped some
businesses to successfully fend off the "Melissa" virus, he added.
Information on InfraGuard chapters is available by calling
Carroll at 202-324-0361, he said.