Cyberthreat To Wall Street Not High, According To ExpertsCyberthreat To Wall Street Not High, According To Experts

As word spread about a cybersecurity warning for the financial sector, several groups charged with monitoring and coordinating preparedness and response maintained that such a threat remained at its lowest level.

In fact, several groups had reduced the warning level from guarded to low just before the government went public with its warning.

The Financial Services Information Sharing and Analysis Center listed the lowest possible level of threat for cyberattacks on financial institutions, while stating that the risk of physical attacks was elevated. An elevated, or yellow rating, is in the middle of five-tiered systems used by several groups that assess the risk of attacks.

Members of the financial services industry established the center in 1999 in response to 1998's Presidential Directive 63 to prepare for Y2K. The directive mandates public and private sector groups to share information about security threats and vulnerabilities. Like other such centers, the financial services center receives federal funding, gleans information from all levels of government and law enforcement and private companies, and distributes information and recommendations regarding security.

Attempts to contact the financial services center for information were unsuccessful. The center explained on its Web site that it had lowered its cybersecurity alert level because there had not been any reports of significant malicious activity in the past week. The Information Technology ISAC also maintained a low warning level. Regardless of the alert level, the ISACs advise organizations to update antivirus signatures daily and to apply the latest security patches from their software vendors.

Richard Moore, manager of the Technology Assurance and Advisory Services department for consulting firm UHY Advisors, says that information sharing groups would not elevate warning levels if they cannot make a solid determination about an uncorroborated threat. He says the current threat level does not appear to be high.

"The thing that we have to keep in mind is that terrorists are criminals," he says. "What it really comes down to is that they're criminals and they're trying to put fear into American psyches."

The SITE Institute posted a notice earlier this week saying that a member of a password-protected jihadist Web site forum sent a message Monday calling for attacks on American stock exchange and bank Web sites. The institute, which monitors terrorist activities and extremists' Web sites, said the person posting the call to action labeled it "The Electronic Battle of Guantanamo." Experts say that probably signals an attempt at denial-of-service attacks in retaliation for prisoners held at Guantanamo Bay. The posting called for attacks during the entire month of December.

Moore, a certified information systems security professional who has worked in cyberintelligence for the U.S. Marine Corps and addressed cybersecurity issues for U.S. embassies, says that a denial-of-service attack isn't likely to cause major disruptions. He says that financial institutions and security experts would likely be able to recover in 24 to 48 hours.

He says that terrorists or other criminals would have to exert a substantial amount of energy for very little gain, and that the risks of discovery are likely to outweigh the advantages of interrupting financial services for one day or even throughout the month, since most systems have built-in capabilities to fend off denial-of-service attacks. Moore, who also holds a master's of science in information assurance from Norwich University in Vermont, says that the dynamic ranges of IP addresses, large-scale intrusion detection systems, mirrored sites, and electronic and digital backups would all contribute to a quick recovery. An attack distributed through zombies could last a bit longer, but Moore says damage would likely be minimal. The main benefit for terrorists would be to fuel their propaganda machine, he says.

Moore says that an attack on basic infrastructure would be more crippling, and security experts should out more focus on that. "A threat to our finances would obviously be a major issue, but I think an attack to our social structure would be more paramount, creating chaos and fear," he says. "Whether in the cyberworld or the physical world, a break down of social services, like a week without electricity, would seriously disrupt your day as well as mine. The infrastructure is probably one of the most important pieces that we should be more concerned with."