Sunday, January 25, 2009
DAYTON — It could come in the form of electronic attacks on computer systems in banks, credit-card agencies, electric or water utilities, military or civilian government offices.
Or, it could quietly take over even an individual's computer at home, making it a so-called "zombie" computer used in a surreptitious attack on a target selected by hackers motivated by a grudge, political fervor or sympathy for another country.
Whatever the motivation, cyber attacks are increasing in frequency, experts say. They can be costly to defend against and difficult to stop. Finding those responsible can be an extreme challenge, since attacks can be directed through computer servers in a country other than the nation of origin.
In 2007, a wave of electronic data bombardments by computer hackers shut down government and business Web sites in Estonia for a time, causing business losses and disrupting legitimate electronic commerce and communication. The United States needs to step up its efforts to defend against such attacks, said Susan Brenner, a University of Dayton law and technology professor who wrote a new book called "Cyberthreats: The Emerging Fault Lines of the Nation State."
"We don't want to make the country paranoid. But I think we have to think about this," Brenner said in a telephone interview. "My laptop, sitting on a desk, is a border. Somebody can get into the country through that border.
"There really is no border in cyberspace. Every computer is a portal."
In her book, she suggests that the nation should consider encouraging citizens and corporations to report apparent computer shenanigans to law enforcement, so that investigators can move quickly to detect the patterns and scope of cyber attacks. Cyber attacks may not be limited to any one region or nation, so political boundaries that separate civil response authorities may be meaningless, Brenner said.
Attacks on personal, government and business networks are increasing, according to Rusty Baldwin, associate director of the Center for Cyberspace Research, part of the Air Force Institute of Technology at Wright-Patterson Air Force Base. Many attacks are automated, rather than backed by a human operator.
"Basic computer security measures such as virus protection, firewalls, choosing passwords that are not easy to guess, and not opening e-mails from unknown senders goes a long way against certain kinds of attacks," Baldwin, an AFIT associate professor of computer engineering, wrote in an e-mail response to questions. "However, the only completely secure way to protect a computer from a network attack is to disconnect it from the network. Of course, if the attacker's intent was to get the system off the network, his purpose has been accomplished."
The U.S. Chamber of Commerce has been working with the U.S. Department of Homeland Security to offer regional meetings on computer security issues. A meeting in Boston in October 2008 is to be followed by others in Bellevue, Wash., in February and Ann Arbor, Mich., in March.
The Chamber of Commerce would be concerned about making it mandatory for businesses to report computer attacks to law enforcement, but would support tax incentives to encourage such reporting, said Matthew Eggers, a manager in the chamber's Washington office.