:: Deepquest ::

The headaches caused by two significant computer virus outbreaks this summer, the SoBig and Blaster worms, have forced technology gurus in the public and private sectors to re-examine the issue of cyber security.

Based on the experience of these two relatively mild viruses, “cyber terrorists” could wreak mayhem easily by exploiting any one of hundreds of known vulnerabilities in Microsift Corp.’s Windows, which reigns as the standard for most businesses and governmental agencies.

Several incidents this year alone offer chilling evidence of just how vulnerable the nation’s digital infrastructure is to Windows “malware.”

Last month’s outbreak of the SoBig virus shut down part of CSX Corp.’s signaling system in the Eastern United States, causing numerous delays. The same virus caused problems in computer systems from automobile manufacturer BMW in Germany to The San Francisco Chronicle newspaper on the West Coast.

In Maryland, Blaster crashed computers at the Motor Vehicle Administration on Aug. 11, forcing its offices to close statewide for a day. The next week, Blaster temporarily knocked out Air Canada’s check-in systems.

Yet another worm, dubbed “Slammer,” disabled computers at FirstEnergy Corp. in Ohio in January — including one responsible for monitoring the company’s nuclear power plant.

And on top of the inconvenience such attacks cause, every incident also inflicts economic damage, mostly in lost productivity and goods.

According to mi2g Ltd., a London-based computer security firm, August was the worst month ever for malware-related economic harm. Attacks caused $32.8 billion in worldwide damage. The company estimates the SoBig worm alone caused $29.7 billion in damage across the globe.

Still more sobering are mi2g’s yearly estimates of malware damage — rising from $800 million to $970 million in 1997, to between $88.3 billion and $107 billion so far this year.

If the terrorists are paying attention, and experience tells us they most likely are, a disastrous terrorist attack on our digital infrastructure could be just a matter of time.

Some already have begun sounding the alarm, inlcuding former White House cyber security czar Richard Clarke.

Since retiring from the post this past spring, Clarke — who now heads a computer security firm in Arlington, Va., called Good Harbor Consulting LLC — has strongly criticized the federal government’s preparedness against cyber terrorism.

“[Information technology] has always been a major interest of al-Qaeda,” Clarke said in a July speech. “We know that from the laptops… we’ve recovered that have hacking tools on them.

“It is a huge mistake to think that al-Qaeda isn’t technologically sophisticated, a fatal one,” Clarke continued. “They are well-trained, they are smart. They proved it on 9/11 with one style of attack — and they can prove it again.”

So where does Macintosh fit into this equation?

For one thing, as has been noted in two recent columns, Apple Computer Inc.’s Mac OS X is immune to the tens of thousands of viruses and worms that target the Windows operating system, and — thanks to a Unix-based core — it’s also more resistant to attack.

However, the use of Mac OS X in the fight against cyber terrorism never arose in those columns because it seemed a remote possibility.

After all, the U.S. Department of Homeland Security in July signed a five-year, $90 million contract with Microsoft to supply Windows software to its 140,000 employees. Although a department spokeswoman said the federal government doesn’t endorse any particular platform, such a large-scale purchase comes off as a strong vote of confidence for Windows.

But on Aug. 26, the U.S. Office of Management and Budget added Mac OS X and Linux to a revision of its Technical Reference Model, a sort of stamp of approval for various technologies used by the federal government.

Unofficial but just as intriguing was a revelation found last week on the MacTeens Web site that recent builds (test versions seeded to software developers) of the forthcoming update to Mac OS X — known as “Panther” — apparently contain an assortment of government seals, including the departments of each of the nation’s armed forces, as well as the U.S. Public Health Service and the National Oceanic and Atmospheric Administration, as part of the login window component.

more from [url=http://www.sunspot.net/technology/custom/pluggedin/bal-mac091803,0,1419014.column?coll=bal-business-indepth]Sun Spot[/url]