• United States



by Sandy Kendall

Do You Want to Know When the Internet Is Attacked?

Oct 28, 20022 mins
CSO and CISOData and Information Security

On October 21, two powerful but ultimately ineffectual attacks were launched against the Internets infrastructure. The first assault targeted the Internets 13 root servers with a distributed denial of service attack that apparently shut down 7 of them

not enough to slow things down to a point that was noticeable by most Internet users. That attack lasted an hour and was followed about five hours later by another striking at the global name servers.

According to all reports, no great harm was done. Redundancy allowed Internet traffic to keep flowing, and the organizations running the servers were able to repel the attacks. In the end, the alarming size and ambition of the attack seems to have been diminished by its failure.

Perhaps thats why the biggest hacking attempt in the Internets history didnt make the news for 24 hours.

But, big deal, nothing happened, why bother people with a non-problem? Even if, as the Boston Globe reported, Richard Clarke, President Bushs top cybersecurity adviser and head of the federal Critical Infrastructure Protection Board, has warned for months that an attack against the Internets 13 so-called root server computers could be dramatically disruptive.

There are security incidents where, clearly, public safety or ongoing investigations require some information to go unshared. Was this one of them? The Presidents Critical Infrastructure Protection Board was called and briefed right away, according to Tiffany Olson, a spokesperson for that agency. The Internet operators wanted to work together for the next several hours on the problem itself before releasing it publicly, she says. If someone notices a vulnerability somewhere, they should contact the vendor first, or notify CERT and NIPC. Releasing vulnerability information without a solution isnt helping the situation. She also says she hasnt heard complaints about a lag in the information getting out, just praise for the speedy response in fixing the problem.

Does that strike you as strange? If your business relies on the Internetand whose doesntdont you want to know when its under attack? You just might want to be thinking about your contingency plans. You just might want to know.

Would it have helped you to know that the Internet was under attack? Did you find it disturbing to read about after the fact? Does it make you wonder what else you dont know about? Give us your thoughts.