Cyberwarfare

Whole books have been written on the subject of software-based network sabotage, and they
will continue to be written simply because hacker tools and utilities are continuing to evolve.
In this section I can suggest only the rudiments of a policy for dealing with such attacks.
Operators of public networks have a greater obligation to secure their operations against
hacks and cybersabotage than do ordinary businesses because the public depends on the services
they provide. Above all, the network operator is selling reliability, and system downtime
attributable to hacks is intolerable.
The problem in meeting security requirements on the part of a network operator is that
network security is a full-time job. Network security officers in large enterprises must spend a
considerable portion of their waking hours lurking around hacker Web sites simply to keep
abreast of developments, and of course they must also familiarize themselves with the torrent of security bulletins pouring out of various monitoring organizations. Security administrators
cannot afford to fall behind in such matters because their systems are immediately at risk if
they do so. Obviously, an ordinary information technology (IT) manager entrusted with the
routine administration of the network who tries to do security in idle moments—which
scarcely exist in that position in any case—is not going to be successful.
A large, mature network will probably find it wise to hire a security administrator, but a
small startup generally cannot afford to do so. The only solution then becomes the retention of
a reputable security firm—in other words, the outsourcing of security.
This is not necessarily a bad idea. Specialists in the field such as Computer Security Associates
are thoroughly up on the latest hacker strategies and will undertake aggressive network
defense, including legal action against attackers. Such services are not inexpensive, but simply
hoping attacks will not occur and doing nothing may represent a false economy.
It is a good idea to have such a network security company perform a security audit on
the network infrastructure from time to time as well as provide routine updates on security
software and response to individual problems. The audit should encompass not only the
OSS and the vital databases but also the facilities themselves, including the central office and
base stations.
A word about overall security policy and securing the network against software attacks:
Network operations staff should as a matter of policy not be permitted to download files either
from the Internet or from privately recorded discs onto computers utilized in network management.
It is also a good idea to attach individual firewalls to such computers to prevent the
former practice. In any case, the policy should be explicitly stated and rigorously enforced.
Trojan horses are a favorite weapon of hackers for gaining access to well-secured networks.
Network operators should also be alert to the possibility of internal sabotage by disgruntled
employees. Many security organizations have suggested that the majority of computer crimes
are inside jobs. Finally, visitors should not be allowed free access to vital network elements
or left unsupervised in their presence, and this applies to authorized maintenance personnel.
Institutional paranoia is a good adaptive response for any organization running a vital services
network.