How did they do it? Within three hours of the attack, technology employees made it to a seven-month-old backup facility across the Hudson River in Roselle Park, N.J., and contacted the London office. Reassigning tasks on the fly between London and Roselle Park, they brought processing and storage systems online, installed truckloads of new equipment with help from Microsoft and Cisco Systems, and in isolated cases even reconstituted passwords of fallen colleagues, who like me and probably you made them personal and easily remembered.
Behind the superlative heroism of this tale lie the two key mandates of the new century: prevent physical attacks and make computers safe from intruders. As the nation girds against mortal threats, many experts fear we will overlook the danger to our information, wealth and identities, all now reduced to 0s and 1s spinning through silicon. The more we rely on computers, the more vulnerable we are to attack or failure.
How ready are businesses and governments for what onlookers more than 10 years ago began calling a "digital Pearl Harbor"? Physical attacks are targeted to specific geographic areas; if you're not there, you're probably safe. But if you have computers or are affected by them and that's everybody you're at risk of inconvenience, intrusion or, technologists fear, much worse. Building better defenses to protect home computers, business networks and civic infrastructure must therefore be however cliched it is to say the Next Big Thing. In 1999 security incidents reported to the CERT Command Center, a federally funded research group, totaled 9,859; from January to September of this year, there were 114,855. Security spending has grown 28% a year since 2001, the Gartner research firm reports, while overall tech budgets have expanded just 6%. And a three-day war game in July 2002 run by Gartner and the U.S. Naval War College tentatively answered the Pearl Harbor question. It is possible, they concluded, that without proper cybersecurity both tools and behavior highly skilled hackers could disrupt the nation's electrical, financial and telecommunications systems.
In a year in which viruses and worms made the front page and identity theft reached an all-time high, TIME's Board of Technologists keyed us into current cyberthreats and offered us its best solutions. On hand for our round table were David Aucsmith, architect and chief technology officer of Microsoft's Security Business Unit; Dan Geer, a consultant, entrepreneur and lead author of a recent report on the potential risk that widespread use of Microsoft products places on security; Charles Palmer, director of IBM Security & Privacy Research; Sal Stolfo, a Columbia University computer-science professor and member of Professionals for Cyber Defense; and Michael Vatis, an attorney with Fried, Frank, Harris, Shriver & Jacobson and director of the FBI's National Infrastructure Protection Center from 1998 to 2001.
"I always say, 'As far as we know,' no one has written a virus or worm that can bring down all the communications. But that opening disclaimer is very important." --Charles Palmer
Sept. 11 taught us that the spectrum of potential threats is as wide as the imagination. The same could be said for vulnerabilities to the computers we depend on. Families must guard their computers against novice vandals planting viruses or against more advanced intruders leeching your computing power to launch a cyberattack on someone else. Despite the spate of devastating viruses this year Slammer in January, Blaster and Sobig in August the threat has evolved past the 17-year-old hacker, past the lone thief who steals and reveals credit-card data. Businesses must now watch for organized-crime groups adept at lifting valuable, private information and extorting money with it. The Federal Government and key industries must keep aspiring cyberterrorists from busting open dams or shorting out our electric grid from a keyboard in Pakistan. Reason: al-Qaeda and other terrorist groups have started scoping infrastructure and learning about cyberattack techniques.
The main reason for our vulnerability is that scientists created the Internet as an open network to share information; they never anticipated its dark side. Now, having unleashed it, they must retroactively make it closed and safe from these threats. "Value has moved into cyberspace," Aucsmith said, "and there are real criminals moving there as well." He noted that Willie Sutton, the legendary bank robber, said he cracked safes "because that's where the money is."