[ISN] LANL computers weather daily cyber assaults

InfoSec News isn at c4i.org
Mon Aug 29 14:04:21 EDT 2005


roger at lamonitor.com
Monitor Assistant Editor
August 26, 2005

On a $15 million a year budget, Los Alamos National Laboratory is
waging a daily battle against a barrage of threats to its computer

Alexander D. Kent, deputy group leader for the lab's network
engineering group, said 25,000 computers processing about 850
gigabytes of data in 20 million legitimate sessions a day are facing a
growing risk.

A graph of Internet sessions between May and mid-August this year
shows at least five million "malicious" sessions on slow days and
10-15 million during peaks.

On weekends, when LANL activity slows, 90 percent or more of the
computer activity appears to be malicious.

Malicious activity could mean anything from a sophisticated hacker or
terrorist or a foreign intelligence operative to unsophisticated
pranksters and adolescent mischief.

The lab protects itself with network firewalls for its public network
and "air gaps" - compartmentalization - for its classified net.

Passwords are cryptographically generated for one-time use.

Cyber-defenders employ a "defense in depth" bulwark that includes
educating each individual user, detecting and preventing intrusion,
patching software quickly and setting unexpected traps and alarms,
among many other techniques.

An around-the-clock response team and close coordination with law
enforcement and counter-intelligence organizations are also important
parts of the job.

Kent briefed members of the legislature Wednesday in a joint hearing
of the Information Technology Oversight and LANL Oversight committees
at Fuller Lodge.

Rep. William Payne, R-Bernalillo, said he thought there was too much
defense and not enough offense.

"It would seem to me that some simple changes in federal laws could be
made that would allow you to have an offense," he said.

He suggested return messages that would place a small American flag on
the offender's monitor with the message, 'You've been placed on the
FBI website,' or a reverse worm that would destroy the hacker's

Rep. Janice E. Arnold-Jones, R-Bernalillo, compared the problem to the
identity-theft epidemic and called for leveling the playing field.

"They have to be right once; we have to be right all the time." she
said. "If we catch a hacker, our laws have no teeth."

The character of ordinary perpetrators is also changing, Kent told the
state legislators.

Five years ago, hackers were out to make a name for themselves. Now
people are in it for the money

"It's probably going to get worse before it gets better," Kent said.

He compared the stunning advances in computer networking to the
invention of the printing press. But, he added, the printing press not
only powered a communication revolution, it also enabled forgeries.

The problem is widespread and growing.

The President's Information Technology Advisory Committee said in a
report last year that information technology in the U.S. is "highly
vulnerable" to attacks.

"The data show that the total number of attacks - including viruses,
worms, cyber fraud and insider attacks in corporations - is rising by
over 20 percent annually, with many types of attacks doubling," the
committee wrote.

The study said more than 10 percent of PCs were infected by viruses
monthly in 2003 and 92 percent of organizations reported virus
disasters that year.

A Government Accounting Office report released in May said government
officials are increasingly concerned about computer attacks, which may
rise to level of "acts of war."

In a speech in Washington, D.C., on Aug. 9, FBI Director Robert
Mueller put the issue in an international context:

* In Australia, a two-way radio hacked into a sewage system computer
  system that released more than 250 million tons of raw sewage onto
  the grounds of a luxury resort hotel.

* Hackers seized a gas pipeline in Russia for an entire day by
  infiltrating electronic control systems.

* A Slammer worm computer virus blocked a nuclear power plant's
  computer network in Ohio, disrupting safety systems for more
  than five hours.

Mueller said cybersecurity is hampered by organizations' refusal to
acknowledge problems and work together.

"Maintaining a code of silence will not benefit you or your company in
the long run," he said.

More information about the ISN mailing list