Security News > 2003 > March > Q&A: Microsoft's Scott Charney on security in a time of war

http://www.computerworld.com/securitytopics/security/story/0,10801,79554,00.html By CAROL SLIWA MARCH 20, 2003 Computerworld Scott Charney, chief security strategist at Microsoft Corp., has extensive dealings with the government in the area of security on behalf of Microsoft, and his background also includes an eight-year stint as chief of the Computer Crime and Intellectual Property Section in the criminal division at the Department of Justice from 1991 to 1999. Under his direction, the agency investigated and prosecuted national and international hacker cases, economic espionage cases and violations of federal criminal copyright and trademark laws. He spoke this week spoke with Computerworld about areas of concern for IT professionals during a time of war. How will the war impact you in your role at Microsoft? When you think about actual conflict, there are probably three things that you can note historically. One is that conflicts between nations tend to lead to parallel conflicts between hackers. When the U.S. spy plane was down in China, you saw a large increase of defaced Web sites between Chinese and U.S. hackers. ... You might see some increase in that, if history is any guide. The second issue, of course, people worry about is some sort of terrorist strike against cyber. Most of us don't believe that a major cyberterrorist attack is imminent for a host of reasons. Historically, we haven't seen cyberterrorism attacks, and there's a lot of speculation on why that's so. One is it's not actually so easy to bring down the networks. There's a lot of redundancy and a lot of resiliency. Second, it doesn't create the kind of graphic pictures that terrorists often want. Third, it doesn't create the kind of fear that terrorists want. Most of us who worry about cyberterrorism worry less about a global attack on the infrastructure as opposed to a specific, coordinated attack on an infrastructure. Had they attacked Verizon 10 minutes before the planes hit the tower, the disruption of the communications networks through cyber would have made it much harder to restore when you started replacing the physical parts of the network. The third piece, which is of broad concern for the Defense Department, is whether there will be a corollary information warfare attack of some sort meant to disrupt communications and other things. There was a case called "solar sunrise" in the mid-'90s when we were gearing up for airstrikes against Iraq last time, where DOD [the Department of Defense] noticed a very broad-based attack on their networks. I got called around 2:00, 2:30 in the morning and I said, "Where's it coming from?" They said, "United Arab Emirates." And I said, "Well, I'm Justice, not State, but I think they're friendly, right?" And they said, "Yeah, but we don't know where it's actually coming from. We just know it's that region of the world. And with what's going on militarily, this is of concern, of course." And they were right. So we got court orders and launched an extensive investigation. It was two juveniles in Cloverdale, Calif., who were looping through the Middle East and coming back and attacking the Department of Defense with the help of an Israeli. What you don't know in an Internet attack is who's attacking or why. So there are some huge challenges here. But I think in terms of what's going on in Iraq now, the things you would watch out for are information warfare attacks.

News URL

http://www.computerworld.com/securitytopics/security/story/0,10801,79554,00.html