Digital Pearl Harbor

---

We have a possible interview for our radio newsletter planned with a person involved in computer security issues. I thought I had better study up on the subject some to be able to ask a decent questions or two.

As I read a great number of web pages devoted to security issues I discovered two things.

1. I knew nearly nothing about it, as it is really technical, as involved with the protocols and design of the net and operating systems and hardware as can be.

2. There was something I could understand as it was not so much technical, it was the psychology of security. (The bad feeling one gets when ones computer goes cookoo.)

In the big time security world the fear that creates the "big bad feeling" is Digital Pearl Harbor. What does that mean? It means something going so bad that it really makes a difference. It could originate from hackers or terrorists or just an accident .

If a search engine goes wacky or the department of motor vehicles in Iowa goes down, it is not that bad. If the local bank goes out for a few hours, it is not the end of the world. If all the banks go down for a few days, we are moving over towards that Pearl Harbor "feeling".

I repeat "feeling", because I have noticed in my brief study, that the real security experts can fix major problems. Our security and networks are quite robust and recovery is not like rebuilding after the U.S. Navy was attacked in Hawaii back in the 1940s.

The big time security field is complicated by the general expectation that nothing should go wrong, that lasts three days or three minutes. If Wall Street was closed down by a digital problem for three days, it would be seen as a disaster of biblical proportions, which it would not be.

Traders could remain calm and go home and have some iced tea and read a magazine or do some yard work and come back three days later. But the idea of a unplanned 3 day time-out for stock trading is now utterly "unaccecptable". The keyword here is "unacceptable", it is a psychological term, not a technical one.

For the home computer operator having a system down for three days is not that unusual but is neverless a cause for unhappiness. The technical steps necessary to restore a computer to operation on a big-network or a single home computer are not that different. It takes a little planning. One needs the original disks or a recent backup and the knowledge of how to recover to the good condition. Without that ability a sense of panic can get going easily.

On big networks there are lots of people monitoring everything everyday and if they cannot catch it or figure out a failure they can just wipe a system totally clean and restore.

The danger now rests with the fact that vast fortunes can be lost in a few moments. This is not a technical issue either, it is an expectation , that expectation is dangerous in and of itself.

The fate and value of real companies does not really vanish in an instant nor does much true value get added in a single days trading. For good or ill real value rests in more long term issues of what is really happening.

Our trading system has a bit of an obsessive mania aspect to it today, that mania is not healthy. Marry that mania to our computer networks speed and add the Internet 24 hours a day, then God help us all.

Split second computer security is necessary in military matters. The air traffic control system is another area where a few moments of down time is really not acceptable. Aside from these critical sorts of things we could develop a better attitude and procedures and all breath easier.

Here in Florida lots of us went without electricity for a few days during last summers hurricane season, it was not impossible. Electricity out for days due to cyber attack should not be a bigger deal, but it would be. Again it is the intentions of hackers or terrorists that provokes our emotional reaction. It is what they want from us a "Pearl Harbor feeling". Calm could defeat hackers and terrorists as a security tool of the best sort.

Our media and our politicians and the general public (us) are ready to panic over any dramatic disruption. I personally wish that there was a rehearsed level of a calm reaction to anything except a real Pearl Harbor event, not a virtual one, not a media frenzy.

The home computer operator and small business network can benefit from following the standard practices of the big security networks.

Some of this is technical, most of it is simple enough.

1. Have original disks or a backup and know how to restore. (practice)2. Do not put important data on a computer exposed to the Internet. (removable media, separate systems...)

3. Keep operating system, firewall's, anti-virus and anti spy ware up to date.(this is a growing problem, as it is taking more and more time as attacks become more common)

4. Have a second computer that connects to the Internet and keep your main system offline. (military level security)

5. Keep up with things by reading the computer news online with your Internet system.

These five steps are a pain to maintain. It requires a junior level of professional practices. For the most casual computer operator at home it is none the less a lot to ask.

The home user is a source of danger to the entire net, as their lack of knowledge has allowed hackers and crackers to infect their machines and spread the contamination. We home operators and small businesses have a slight duty to keep our gear safe and not pass on problems.

The greatest source of danger for home operators is bad software design from major software companies that build insecure, buggy software that is easily compromised. Should not most common software be idiot proof?

Software Reform

Software reform could help our security professionals and stop hackers and terrorists. Taking millions of computers out of the equation by building more bullet proof software will leave security professionals to concentrate on the remaining weak points.

Software reform is an important issue that is seldom discussed. Having the security professionals monitor every http and ftp file exchange is discussed. Having the courts be our protection is talked about by proposing new laws. But solid technical software reform is seldom discussed.

A theory for this non-discussion is that the big software companies are ignoring the problem while they pursue their own plans, upgrades, additional software, updates and new versions. The goverment rightly does not want to interfere with private enterprise, so we are left with amateurs bearing the burden of keeping the Internet secure.