UNITED24 - Make a charitable donation in support of Ukraine!

Homeland Security

 

 

Hearing on Internet Denial of Service Attacks & the Federal Response

Senate Judiciary Subcommittee on Criminal Justice Oversight

House Judiciary Subcommittee on Crime

Feb. 29, 2000

Testimony of Charles Giancarlo

Cisco Systems Inc.

Senior Vice President, Small and Medium Business

Chairman Thurmond, Chairman McCollum, distinguished members of the House and Senate, I appreciate the opportunity to speak with you today about security on the Internet. My name is Charlie Giancarlo and I am Senior Vice President of Small and Medium Business for Cisco Systems Inc. As you may know, Cisco is the world's largest manufacturer of equipment that connects people and businesses to the Internet. Cisco employs 26,000 people, is headquartered in San Jose, California, and also has significant operations in Massachusetts, North Carolina and Texas.

Few events in the short history of the Internet have captured more attention than the recent hacker attacks on several of the web's best-known business sites. These assaults prompted a great deal of breathless speculation about whether the public can depend on the Internet as a reliable means of doing business and sharing information.

I am pleased to tell you that, while no communications network is invulnerable or immune to interruptions, the Internet remains strong and will continue to prosper. With the attacks that began Feb. 7, hackers briefly disrupted access to some of the Internet's most popular destinations. But the technology community showed that it can respond swiftly and effectively, taking steps to quickly beat back the attacks and to make it harder for similar assaults to succeed in the future.

Within hours of the first attacks, the technology community had identified the basic methods that hackers were using to target specific web sites and had begun to deploy effective defenses. It's important to note that technology capable of defeating these attacks not only exists, it can be employed quickly and relatively cheaply. We at Cisco are aware of very recent instances in which these defenses have worked just as they are supposed to.

It's also important to note that while these attacks blocked access to some targeted computer systems, they do not appear to have penetrated the outer defenses of these systems. We know of no case in which hackers obtained access to confidential customer information, such as credit card numbers, or did lasting damage to any of the targeted sites.

And it's important to note that the technology community has already joined with the federal government to respond more effectively should attacks like these be repeated in the future. The community and the government are forming an organization that will disseminate critical information quickly and widely if the Internet is threatened. With speed that is characteristic of the Internet, our industry has learned from this episode and is taking concrete steps to implement what we have learned.

We at Cisco Systems keenly understand the importance of this task. We will conduct $12 billion worth of business over our own web site this year, and our employees are able to do about 95 percent of their work on the site. Our site is our employees' primary link to each other and our customers, and we know that defending it against threats is quite demanding.

One of our divisions, Cisco Secure Consulting Services, recently did a six-month survey of 33 business Internet sites and found that a third of their Internet-connected services were vulnerable to attack. The good news is that the survey also found that most of the problems could be solved with technology that is readily available.

That fact might sound jarring at first, but there is a simple and straightforward explanation: The Internet is evolving so rapidly that it's hard for all of us to keep up. Potential threats to the Internet constantly change, as do the proper responses. That's why we in the technology community are working to quickly share up-to-date information. To borrow a phrase, eternal vigilance is the price of Internet security.

We at Cisco also understand how important it is that the public, and you their representatives, understand exactly what happened -- and what did not happen -- as a result of these attacks. For many people, the Internet remains new and somewhat forbidding territory. The inner workings of this remarkable medium, and the subculture of hackers who delight in probing for its vulnerabilities, can blur into a jumble of acronyms and code names that would fit in well at the Pentagon.

To avoid getting lost in techno-speak, it's useful to recall one of the phrases most often used to describe the Internet, "the information superhighway." At the risk of using an analogy in this august audience, the attacks that began on Feb. 7 were a series of maliciously planned traffic jams at important on- and off-ramps to that highway.

The computers and equipment that make up the Internet are designed to convey massive amounts of data just as our interstate highways move unprecedented numbers of vehicles. In these attacks, hackers flooded these targeted Internet sites with enormous amounts of information and brought these off-ramps to a standstill. These so-called "denial of service" attacks created information gridlock at the targeted sites, denying legitimate customers access to the services that these sites provide.

These attacks garnered enormous attention primarily because the targeted sites are highly utilized and because the attacks occurred in quick succession. And they were different than previous assaults in one respect: They were launched from many different computers at once. The hackers hijacked third-party computers and included them in their hostile networks without the knowledge of the computers' owners. As law enforcement has found, this technique makes it harder to trace the attacks' real perpetrators.

But the hackers' basic technology was neither new nor especially advanced. Other, less-visible web sites have been similarly targeted on numerous occasions. Indeed, the goal of these denial-of-service attacks - creating a roadblock that excludes people from specific sites - is less technologically ambitious than other types of attacks that penetrate a targeted site's security perimeter. In these cases, hackers attempt to exploit trusted relationships between computers, steal or alter data, or cause malicious damage.

Cisco is the world's largest producer of routers and switches, the equipment that directs traffic on the information superhighway. These products can be equipped with a variety of filters and security devices that detect suspicious patterns in the information traffic at a site. Our equipment can be configured to limit or entirely block out data that appears suspicious.

For instance, some of the recent attacks bombarded targeted computers with phony computer addresses and created a huge backup when the targets tried to respond this deluge. Cisco equipment can be configured to sniff out these phony addresses and break off contact before a traffic jam results. Cisco is also one of a number of companies that offers consulting services that pinpoint vulnerabilities in computer systems and eliminate them before they can be exploited by hackers.

We at Cisco know that in the wake of these recent attacks, equipment configuration changes were effective in spotting and defeating subsequent hacking attempts. So you might ask, if these defenses work so well and are so readily available, why doesn't everybody have them?

The answer is, not everybody knows about them or understands how to use them. In a vital area such as security, one thing we can do better is share information about up-to-the-minute developments. And the technology community has joined with the federal government to do this.

Even before this month's attacks, industry leaders had joined to form the Partnership for Critical Infrastructure Security. The PCIS is a voluntary organization that is working to share information about threats to the Internet and other crucial networks, and determine how best to respond to those threats. About 120 companies are cooperating in this effort. We are happy that Ken Watson, a Cisco Systems security expert, is playing a leading role in PCIS.

And two weeks ago at the White House information technology summit, Cisco was one of about 40 Internet companies that agreed to develop a more robust and structured mechanism that would speed reaction to events like the recent hacker attacks. As with the PCIS, the federal government would play a coordinating role in this organization.

We believe that this public-private partnership is the most effective response to these recent attacks. In the private sector, incentives must be put into place to encourage all web sites to deploy security technologies to protect themselves and their customers from hacker attacks. In the "bricks and mortar" world, retail businesses take advantage of lower insurance rates if their stores are adequately protected with locks and alarm systems.

In the public sector, we are grateful that the Federal Bureau of Investigation has devoted significant resources to investigating these attacks and we hope the perpetrators will be prosecuted to the fullest extent of the law. We also encourage the federal government to serve as a model for private industry by equipping its own computer systems with the best security measures possible.

At this time, however, we do not ask Congress for new laws in the area of Internet security. Cooperation, not regulation or legislation, will insure that the Internet remains secure and at the same time open to the broadest possible public access.

The Internet is, and should always remain, an open medium. No one can insulate the Internet and everything connected to it from all threats or guarantee that no attack on any particular Internet site will succeed. Even our oldest, most established public infrastructures pause on occasion -- power and water lines come down, water mains break, highways become clogged - and, like them, the Internet will occasionally have localized difficulties. These are but potholes on the information superhighway, which we will fill in as fast as they appear - learning how to prevent similar potholes in the future.

These recent attacks actually demonstrated that the technology community can quickly identify threats to the Internet, quickly act to eliminate them and quickly take measures that will reduce the impact of similar threats in the future. This spirit of innovation and rapid development propels the Internet's exponential growth and ensures that the Internet will remain secure as it continues to grow.

Thank you. I look forward to your questions.



NEWSLETTER
Join the GlobalSecurity.org mailing list