Team 1 Sect1.4

It is important to point out those actions that would make the IT systems more resistant to cyber-attacks. This is important to prevent future attacks, since one of the techniques used by the terrorists is so-called “incremental terrorism” where relatively local attacks (like the ones described in this exercise) on banks, small businesses, hospitals, local government offices, etc., are repeated often so that the public confidence is undermined and significant economical and psychological disruption results. Using a similar analysis as that provided by the National Academies [1], a series of short-term actions appropriate for this relatively small-scale attack would be related to improving information and network security in public and private organizations, in particular: •For users (home, small businesses): Have good updated information-security tools •For larger corporations: Have good information-security tools and have unannounced red-team attack simulations of the IT systems, promptly fix problems and vulnerabilities, mandate use of strong authentication mechanisms, defense-in-depth in addition to perimeter defense

As for long-term recommendations: Increase overall robustness of the computer systems. This would be useful not only for relatively small-scale attacks like the one we are dealing with in this red-team exercise, but also for larger-scale attacks were cyber-attacks are combined with other physical operations. Invest in better: •Authentication: Better ways of preventing unauthorized parties to access a computer and cause harm •Detection of intruders •Containment, so that the attack is of limited scope •Recovery, which involves backup and decontamination •Install fixes to take care of buggy codes. Better administration needed.

[1]“Information technology for counterterrorism: Immediate actions and future possibilities” National Research Council of the National Academies, 2003, J. L. Hennessy, D. A. Patterson, H. S. Lin (Eds.)