Security experts are divided over the best way to address cyber threats to critical national infrastructures — the computer systems that control essential services such as gas, water, and electricity.
At the RSA Conference in San Francisco on Tuesday, US homeland security secretary Michael Chertoff said it was a certainty that such infrastructures faced increased threats from hackers. Some security experts have responded by claiming cryptography is sufficient in securing the networks in question, but others have suggested the networks are not impenetrable.
"Cyber attacks are not a theoretical possibility or even a remote probability — it's a no-brainer that there is [increased threat]", said Chertoff. His words echoed those of the president of the Institute for Defense Analysis, retired general Larry D Welch, who told ZDNet.co.uk at the Cyber Warfare Conference 2008 in London last week that the threat to military and critical national infrastructure networks from terrorist or government incursions was "very serious".
"We've seen probing of aircraft control systems, probing of electrical grids," said Welch. "You can't say when or what will happen, but the potential consequences make it a very serious threat. Shutting down the infrastructure at the right time can be devastating — shutting down the natural gas infrastructure in the northern states in winter, or shutting down the traffic-light system in a city in rush hour, [for example]. Threats to banking and finance could cause substantial losses."
Also at the Cyber Warfare Conference last week, a senior figure in the US Air Force told ZDNet.co.uk that the US needed to create great cyberattack capabilities of its own, rather than relying on network defence. However, at this week's RSA Conference, Sun's chief security officer Whitfield Diffie questioned that idea, arguing that cryptographic network defence was working.
"We have had remarkable success in cryptography," said Diffie at a forum session at the conference in San Francisco. "The security of cryptographic systems seems, as a practical matter, to have been resolved. On the other hand, internet security is a complete mess.
Bruce Schneier, chief security technology officer for BT, agreed that securing the internet was a more major problem than...