IU cybersecurity expert: Recent cyberattacks a 'wake-up call'
FOR IMMEDIATE RELEASE
July 9, 2009
BLOOMINGTON, Ind. -- An Indiana University law professor and cybersecurity expert said the recent wave of cyber attacks that shut down Web sites in the United States and South Korea over the July 4th weekend offer important lessons for policymakers.
"These attacks demonstrate how vulnerable key computer systems remain," said Fred H. Cate, director of the Center for Applied Cybersecurity Research.
"Despite extensive efforts to protect U.S. government Web sites, this apparently fairly ordinary denial of service attack managed to shut down Web sites of the U.S. Department of Transportation, the Federal Trade Commission, and other agencies in the United States and South Korea."
Cate said the attacks did not appear to be new or use any sophisticated methods for shutting down the Web sites. "The fact that they proved so successful provides a powerful indictment of the state of cybersecurity in the United States," he said.
Cate noted that the attacks also show how broadly interconnected the risks we face are.
"We see evidence of that broad interconnection in the number of computers -- between 60 and 80,000 according to early reports -- that were infected with the virus that launched the denial of service attacks, and in the number and variety of Web sites attacked, including key government offices, but also important private-sector organizations such as the Washington Post and the Nasdaq stock market in the United States and Kookmin Bank and the Chosun Ilbo newspaper in South Korea," Cate said.
"This is a particularly important lesson for U.S. policymakers because we have tended to approach the protection of public- and private-sector computer systems very differently," Cate said, "leaving responsibility for the latter almost up to the voluntary cooperation of private parties."
Cate said the attacks could have been much worse.
"In a very real sense we were lucky, because it appears that the attacks were not designed to steal data or shut down operations, but rather merely to block access to Web sites. The attacks were more of a nuisance than a real threat, but they offer another powerful wake-up call about the need to act quickly and broadly to secure cyber infrastructure," he said..
Cate is a Distinguished Professor and the C. Ben Dutton Professor of Law at the IU Maurer School of Law. IU is considered a leader in information assurance. The National Security Agency has designated the university as both a National Center of Academic Excellence in Information Assurance Education and a National Center of Academic Excellence in Information Assurance Research.