Security News > 2003 > March > Companies review their IT security as war breaks out
http://www.computerworld.com/securitytopics/security/story/0,10801,79622,00.html By JAIKUMAR VIJAYAN MARCH 24, 2003 Computerworld Tom King, chief information security officer at investment banking firm Lehman Bros., last week was taking a hard second look at his company's IT security and business continuity plans. As the countdown to war neared its end, King said he remained fairly optimistic that the conflict wouldn't provoke major cyberattacks against U.S. corporate targets. The review, he said, was a precautionary move to ensure that the company's "high-value production systems," network entry points and remote access processes are adequately shielded against random attacks. Last week, IT executives at companies contacted by Computerworld said they were reviewing their security and disaster preparedness plans even as they held out hope that disruptions would be minimal. "If history is any guide, I don't expect any tremendous amount of cyberterrorism being focused on us now," King said. "We just want to make sure that we are not in any way vulnerable to casual or simple attacks." The biggest threat will come from "politically motivated, low-level cyberattacks" aimed at "targets of opportunity," according to a report released by Stamford, Conn.-based Gartner Inc. in February. Such attacks will be designed to disrupt operations and vandalize Web sites with political messages, the report stated. Contingency Plans Still, most U.S corporations aren't expecting a major business disruption from the war in Iraq, though a majority of companies have global IT contingency plans in place, according to the results of a survey of 60 companies released last week by Boston-based AMR Research Inc. One such company is Betts USA Inc., a Florence, Ky.-based manufacturer of tubes and injection-molded components with operations in several countries, including Indonesia, India and China. Like Lehman, Betts is going over its defenses with a fine-toothed comb, making sure that its firewalls are properly configured, that virus definitions and software patches are fully updated and that proper tape backup processes are in place. The company also has plans to get in touch with its hardware distributor to make sure spare equipment is available if it's needed, said Dennis Roell, IT manager at Betts. Physical security, facilities access and disaster recovery processes are being reviewed at all plants, and Betts is getting in touch with its Internet service provider to review its security and contingency plans as well, Roell said. "It's all of the same stuff that went into the Y2k preparation," he said. "We are just reaffirming everything we have done to make sure we have indeed thought this through." "In terms of IT security, we continue to focus on business continuity for key systems and heightened vigilance for political hactivism," said Bill Smathers, director of enterprise security services at Avnet Inc., a $9 billion technology distributor in Tempe, Ariz., that has customers in 63 countries. "Physical security is the most immediate focus. Avnet has a limited presence in the Middle East, and our highest priority would be the safety of our employees within the military theater of operations," Smathers said. The company has formed an emergency response team that includes key functions such as IT, corporate communications, quality assurance, transportation and travel, he said. "All have plans in place to keep business interruptions to a minimum in the event of a crisis," Smathers said, declining to elaborate. In some cases, previous preparations are paying off. All of Royal Caribbean Cruises Ltd.'s ships have been operating at the "highest level of security alert" since the attacks of Sept. 11, 2001, said Tom Murphy, CIO at the Miami-based company. According to Murphy, Royal Caribbean is the first cruise company to be ready with the Advanced Passenger Information System, an electronic passenger-tracking system mandated by the U.S. Department of Homeland Security. As a result of such measures, "we don't have any specific concerns relative to IT security" stemming from the Iraq crisis, Murphy said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
News URL
http://www.computerworld.com/securitytopics/security/story/0,10801,79622,00.html