Dot-com attacks seen as wake-up call for feds

Following a series of cyberattacks that shut down several popular commercial sites this week, government officials Wednesday emphasized the need to protect critical private systems, and the future implications for federal agencies.

Attorney General Janet Reno and Commerce Department Secretary William Daley both addressed the government's role in responding to the denial-of-service attacks that shut down commercial Web sites this week, including Yahoo, eBay, ETrade and buy.com. Although the attacks have not been directed at federal sites so far, the government must help industry protect their systems and prevent such coordinated attacks, they said.

Last December, Commerce formed the Partnership for Critical Infrastructure Security, a group of more than 90 U.S. companies that will meet to discuss vulnerabilities and protection issues. Commerce also called for each market segment to form information sharing and analysis centers to spread word about attacks and coordinate any response.

These attacks, just two months later, highlight the need for such partnership, Daley said. "I think that this is a wake-up call," he said. "[Protecting their systems] is an obligation that the people that own the infrastructure have in their hands."

The Justice Department, through the National Infrastructure Protection Center, is investigating the attacks as disruption of commerce, Reno said.

"Preventing cybercrime is one of our top priorities," she said.

Federal agencies, with the help of the Federal Computer Incident Response Capability, are also investigating whether their Web sites have been used as the launching point for these attacks, according to Mark Montgomery, director of transnational threats at the National Security Council.

"We're really concerned," Montgomery said. "The vulnerabilities that e-commerce is suffering from are some of the same vulnerabilities that e-government will suffer from...we do think that this has federal implications, that it's the kind of thing that is indicative of what we'll be dealing with down the line."

MORE INFO

Denial-of-service attacks are when a system is rendered unusable for legitimate users because a resource is "hogged," damaged or destroyed. Denial-of-service attacks may be caused deliberately or accidentally.

Three common forms of network denial-of-service attacks are service overloading, message flooding and signal grounding. Although they are difficult to prevent, many denial-of-service attacks can be hindered by restricting access to critical accounts, resources and files.

(From the National Institute of Standards and Technology's Computer Security Resource Clearinghouse)

Related Stories

Dot-com attacks seen as wake-up call for feds

Proactive e-security

Related Sites

NIPC tool

Network Associates CyberCop Zombie scan

Carnegie Mellon University CERT advisories

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.