Not since the Japanese bombing of Pearl Harbor has an event burned itself into the collective consciousness of Americans as did the September 11 attack on New York's World Trade Center. But unlike Pearl Harbor, the Trade Center disaster demonstrated the apparent ease with which a small group of international terrorists can strike America.

Computer technology plays an important role in this new world crisis. In a 1999 study entitled "The New Terrorism," the prestigious Rand Corp. warned that terrorist groups were relying increasingly on computers to revolutionize the way they organize and carry out attacks. The report pointed out that terrorists based in Afghanistan had adopted information technology as a means to communicate without being detected by counterterrorist officials. The study noted that such information could be passed securely over the Internet because it is all but impossible to monitor.

The Rand Corp.'s chilling conclusion was that terrorists will increasingly organize into globally dispersed groups connected by the Internet to carry out cyberattacks.

In a paper entitled "Cyberterrorism and Private Corporations", Australian government official Toby Blyth notes that, "The growth of the Internet and the increasing dependence on it in the developed nations leaves them vulnerable to many forms of attacks directed at computer networks and the information stored on them."

Blyth says these attacks can range from physical destruction to electronic thievery to the crashing of vital information systems "on a grand scale."

One of the most timely and comprehensive studies on the subject is "Cyber Attacks During The War on Terrorism," prepared by the Dartmouth College Institute For Security Technology Studies. It was published just 11 days after the Trade Center disaster.

The study warns that "Attackers in response to U.S. and allied military strikes during the war on terrorism could employ any number of sophisticated attack tools and techniques to disrupt or compromise critical infrastructure systems." Among the arsenal of weapons they say cyberterrorists might employ are Worms, Distributed Denial of Service (DDoS) attacks, and Unauthorized Intrusions.

According to the report, "System administrators should be on high alert for the warning signs of impending hostile cyber activity, particularly during periods immediately following military strikes."

The study says that the routine risk assessment of a company's information infrastructure is a good starting point for effective risk management and thus should be a priority. It advises that an "incident management" plan be developed and implemented and that law enforcement contact numbers be available in case of an attack.

Among its recommendations:

• Operating systems and software should be updated regularly.
• Strong password policies should be enforced.
• Systems should be "locked down" whenever possible.
• Anti-virus software should be kept up to date.
• High fidelity intrusion detection systems (IDS) and firewalls should be employed.
• All vital data should be backed up regularly and stored off-site to prevent loss in the case of a physical or cyber attack.
• All the measures to secure critical infrastructure assets should be clearly explained in an enforceable security policy.

The Dartmouth study emphasizes that security measures previously considered excessive should now be considered a minimum effort.

You can send your suggestions and/or comments to: harper.d@att.net.