Lawrence D. Dietz, Managing Director, Information Security & Legal
Support Services, Tal Global Corporation

This bulletin is part of our continuing effort to provide information
and analysis to our clients and colleagues. Recently, tiny Estonia
with an estimated population of slightly over 1 million has learned
that productivity and connectivity on the Internet comes with the
vulnerability borne of dependence. Estonia began removing a bronze
statue of a World War II-era Russian soldier from a park in Tallinn.
As a result they have been engaged in what some, like the New York
Times are calling the “first war in cyberspace”. For the past several
weeks the country has been defending itself from a barrage of
apparently sophisticated and coordinated cyber attacks. Linton Wells
II, the US DOD Principal Deputy Assistant Secretary of Defense for
Networks and information integration was quoted as saying “This may
well turn out to be a watershed in terms of widespread awareness of
the vulnerability of modern society.”

Some aspects of the attacks are worth noting. First of all there were
a number of ‘waves’ of attacks each with a specific objective in
mind. Early waves were designed to explore vulnerabilities and test
capacity and defenses. Secondly combinations of attack vectors were
employed. In particular a psychological attack was waged on the prime
minister by posting a fake letter of apology on this web site.
Thirdly resource augmentation, the probable renting of botnets
(networks of computers controlled by hostile parties and available
for temporary rental by the highest bidder) for selected periods of
time was employed to strengthen the distributed denial of service
(DDoS) attack at key points in time.

Defensively the government categorized its sites and determined
which, like the Estonian president’s sites would be designated low
priorities, they also closed off large parts of the network to
international traffic. The perpetrators were never identified nor
caught.

What does this mean to our clients? If you are a part of the national
infrastructure you may be an unwitting victim of an attack designed
as a general attack against the government or the economy. Your
systems may be victimized in several ways, taken over and used as
potential ‘zombies’ for attacks on others, defacing of your websites
for the purpose of advancing the messages of the attacker; denial of
service victim or perhaps even designated for more malicious activity
such as deletion of key files or information.

The point is that contingency planning must constantly think ‘out of
the box’. A key task is inventory of critical information and
functions. Personally identifiable information (PII), intellectual
property and other sensitive data must be segregated and protected
employing a defense in depth consisting of reinforcing defensive
techniques. Alternatives for compartmentalization of networks into
discrete, clearly defendable components should be considered and
plans for alternative communications resources should be formulated
and tested regularly to insure transparent implementation.

Information security is certainly a key aspect of today’s governance
challenges; another is the protection of critical information such as
intellectual property. To get the latest in legal developments and
best practices in this area, attend our upcoming June 13th Seminar,
Demystifying Trade Secrets Protection Strategies. For more
information see: http://www.acteva.com/booking.cfm?bevaID=133433.


- This communication is confidential to the parties it is intended to
serve -
Fred Cohen & Associates tel/fax: 925-454-0171
http://all.net/ 572 Leona Drive Livermore, CA 94550
Monthly announcements: http://tech.groups.yahoo.com/group/FCA-
announce/join