Blindsided is the authoritative guide to crisis management. This "how to" handbook gives essential advice that every manager needs to know when a crisis hits. Written by CMI Founder/CEO Bruce Blythe, it's a fascinating, easy-to-read guide that draws on Blythe's 20+ years of experience as a pioneer in crisis management.

  Assessing the Risks of Digital Terror
      Summer 2003 CMI Newsletter
      By John Cloonan

Digital terror conjures up images of hackers unleashing vicious attacks against unsuspecting opponents' computers and networks, wreaking havoc and paralyzing nations. While this is a frightening scenario, how likely is it to occur? What would the effects be on a potential opponent?

Recent experience has shown that during times of increased international tension, computer hacking activity often escalates. Attacks may have several motivations, but in times of international tension, they can be boiled down to political activism by either side, or criminal activity using the current crisis as a masquerade.

While computer network vulnerabilities are a serious business problem, their threat to national security tends to be overstated. Modern industrial societies are more robust than they appear at first glance, and in all cases, digital attacks are far less effective in disrupting infrastructure than physical attacks.

Studies have shown that in order for an infrastructure disruption to continue for an appreciable period of time, it must be attacked repeatedly – a single attack is rarely enough to disrupt critical infrastructure for an effective time period. By contrast, digital terror is likely to be in the form of a single attack. Once a hacker has gained access and performed the damaging deeds, the target of the damage quickly responds to close off the vulnerability allowing the line of attack, and frequently enhances other IT security. Hackers would continually need to find and exploit new vulnerabilities in an environment of increasingly heightened security.

Further, most infrastructure systems consist of multiple redundant systems in diverse areas, prepared for routine system failure and disruption. The US electrical power grid, as an example, is a highly interconnected system of over 3,000 public and private utilities and cooperatives. These power providers each use a variety of different technologies to control power generation and transmission. A hacker, or even a large group of hackers, would have to find vulnerabilities in multiple systems, and then coordinate their disruption to significantly affect the power supply even in one area of the country. Even then, an attack might only disrupt service for a few hours. During times of potentially increased digital terror, companies should review their IT security policies and procedures, and instruct end-users and system administrators of the importance of IT security. Some of the most basic and effective measures include:

• Use of firewalls
• Update anti-virus software
• Blocking access to potentially disruptive web sites
• Filter suspicious e-mail attachments at the server level.
• Establish policies and procedures for response and recovery

Users should be aware that malicious code can be induced to spread rapidly by using patriotic or otherwise catchy titles, encouraging users to click on a document, picture or word which automatically spreads the damaging code. With these protections in place, it is far more difficult for a hacker to access a company's systems, either directly or indirectly, decreasing the likelihood of damage. For while it's unlikely a digital attack could disrupt critical public infrastructure, the infrastructure of a single company could be far more easily affected.

Site Index -------------------- Home -------------------- About us   Our people & network   Joining our network   Scenarios -------------------- Services   Planning    Crisis management planning    Foreseeable risk analysis   Training    Crisis mgt for leadership    Crisis mgt for human resources    Family representative training    Hostility management    Threat response team training    Workplace violence prevention   Validation    Simulations   Response    Crisis response intervention    Threat of violence response -------------------- News   Articles from 2009   Articles from 2008   Articles from 2007   Articles from 2006   Articles from 2005   Articles from 2004   Articles from 2003   Articles from 2002   Articles from 2001   Articles from 2000 and earlier   For the press   Book excerpt & ordering -------------------- Contact us   Feedback