Shoring Up Security Against Cyberterrorists

He didn't fit the terrorist profile: A teenager in Sweden with a modem and a lot of time on his hands.

But just this spring the computer hacker was convicted of a misdemeanor for penetrating the 911 phone systems in 11 Florida counties and harassing operators.

The incident could have been much worse. But it points to a serious security lapse that affects not only Florida's 911 service, but also computer systems from the Pentagon to the neighborhood bank.

To address this problem, a presidential commission has been studying America's vulnerability to terrorist attack for the past 15 months. It will deliver its final report to President Clinton Monday, suggesting how best to protect US computer systems and increase security on the networks that connect them.

"We are in a new age with new threats, and we have to develop new ways to look at them," says Carla Sims, a member of the panel. "Waiting for a disaster is a dangerous strategy. We haven't had a mass attack, but the potential is real."

The commission's recommendations are expected to include:

* Information sharing within the private sector and the government regarding protective measures against increasingly sophisticated attacks.

* Creation of a more secure, so-called "Next Generation Internet" for government use.

* The investment of more private-sector money in research and development of network security. The commission is expected to recommend that private businesses spend as much as $1.5 billion a year in R&D between now and 2004.

The commission's recommendations are founded on a basic idea: Technology connects almost every sector of the US economy. Take one down, and others are bound to follow.

"If there were a bomb threat and power outage and a bridge went down and a regional ISP [Internet Service Provider] went down ... and there was an oil-refinery fire, what do you do? Who do you call? How quick could you respond? Are the events a coincidence? These are the kinds of things we are looking at," Ms. Sims explains.

The commission asked about problems and solicited solutions from the private sector in public meetings in six cities across the country. They heard testimony from more than 6,000 people from a wide cross-section of business and industry.

ALTHOUGH the group examined both physical and cyberterrorism, the question of how to combat cyberterrorism has gained a sense of urgency. Recent high-level attacks against government computer systems have included hundreds of thousands of attempts, many successful, to breach Pentagon computers.

Despite the danger to government computers, most of the concern centers on private businesses. According to the American Society for Industrial Security, theft of proprietary data from private-sector computers has increased 323 percent since 1992. And while some private-sector systems, such as those belonging to banks, are fairly secure, many experts worry about the other, less-protected networks.

"The average company has paid relatively little attention to computer security," says Alan Brill, managing director of Kroll Associates, a New York-based international security consulting and investigation firm. "In many cases it's not clear within some corporations where the responsibility lies."