Frequent intrusions by hackers into critical computer networks have industry looking at stronger security measures. Primary concerns cited by industry officials include the emergence of new vulnerabilities, lack of money for computer security, and fear of theft of corporate secrets.
Industry and government "can not afford not to do something about security," said Maj. Gen. John P. Casciano, (Ret. ), vice president for information operations/ infrastructure protection business for Litton TASC Inc., Reading, Massachusetts. "It goes to intellectual property; it goes to issues of privacy for customers; it goes to electronic commerce," and it goes to providing security for information that is proprietary.
"Our whole economy is based on information and information technology," he said in an interview.
Computers are increasingly vulnerable to hackers attempting to infiltrate networks, experts said.
The typical hacker used to be 14 to 16 years of age, white male, somewhat of an introvert, said Mark Gembicki, chairman and chief technology officer for WarRoom Research LLC, Baltimore. "In most cases coming from a divorced family, good in the sciences, in the computer side obviously, not so hot in the math and the social sciences."
However, this is no longer the case, based on information from Corporate America's Competitive Edge, a searchable database. "Our hacker profile, based upon two years of data and talking with 320 companies-Fortune 500 companies [is that] the hackers are around 30-33, white male again, professional," Gembicki said.
They have a $50,000 to $60,000 a year median income, and they can afford to buy expensive computer equipment, he said. "When you look at vulnerabilities, and national security and corporate security realize that the wiley 14-year-old kid is now 30 to 33 years old, with the gold American Express, driving a Beemer," said Gembicki.
"The threat and the attacker have changed," said Gembicki. "Now you have to worry about somebody getting in because he or she knows that that new formula you have to fight cancer-- or everything from that to a new deodorant to a brake system from Chrysler-is worth a lot of money in the open market," said Gembicki.
Matthew G. Devost, director of intelligence analysis, at iDefense, a computer security company in the Washington, D.C. area, said that most computer incidents can be prevented if the company has adequate knowledge that the vulnerability exists.
Devost believes that companies put themselves at risk if they become aware that their systems are vulnerable but fail to take preventive action.
Patricia Irving, president of InnovaTek, Richland, Washington, a small business that creates chemical and biological defense technology, has seen indicators that hackers may be trying to access her firm's computer network. "Our technologies are being used for national security type purposes, and the U.S. government has a concern about what might be happening" in countries that might not be friendly toward the United States or with terrorist groups inside and outside this country, said Irving.
"These incidents are related more to industrial espionage concerns," she said. "We are in a very competitive arena right now in terms of intellectual property. We are creating new technologies and new products that are cutting edge, [and that] results in great competition in the early stages of product development.
"Any interest in chemical and biological weapons outside the legitimate business development areas is of concern for security recently," said Irving. "The Central Intelligence Agency is tracking it, and they have talked to us about such concerns [but] we can't really easily monitor what is going on on our website," said Irving. "And it is clear that there are people interested in our site that would be of concern for U.S. security."
An intern is working this summer at InnovaTek to train the staff on computer security, she said. …