[IP] Cyber Fears On Fed's Web Plan

To: Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] Cyber Fears On Fed's Web Plan
From: David Farber <dave@xxxxxxxxxx>
Date: Mon, 16 Aug 2004 06:44:16 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx

Begin forwarded message:

From: "R. A. Hettinga" <rah@xxxxxxxxxxxxxx>
Date: August 15, 2004 5:11:25 PM EDT
To: cryptography@xxxxxxxxxxxx, cypherpunks@xxxxxxxxxxxx
Subject: Cyber Fears On Fed's Web Plan

<http://www.nypost.com/business/18671.htm>

The New York Post

  CYBER FEARS ON FED'S WEB PLAN
  By HILARY KRAMER

 Email Archives
 Print Reprint

August 15, 2004 --  With little fanfare, the Federal Reserve will begin

transferring the nation's money supply over an Internet-based systemthis

month - a move critics say could open the U.S.'s banking system to cyber
threats.

The Fed moves about $1.8 trillion a day on a closed, stand-alonecomputer

network. But soon it will switch to a system called FedLine Advantage, a
Web-based technology.

 Proponents say the system is more efficient and flexible. The current
system is outdated, using DOS - Microsoft's predecessor to the Windows
operating system.

But security experts say the threat of outside access is too big arisk.


 "The Fed is now going to be vulnerable in two distinct ways. A hacker

could break in to the Fed's network and have full access to the system,or

a hacker might not have complete access but enough to cause a denial or

disruptions of service," said George Kurtz, co-author of "HackingExposed"

and CEO of Foundstone, an Internet security company.

 "If a security breach strikes the very heart of the financial world and

money stops moving around, then our financial system will literallystart

to collapse and chaos will ensue."

FedLine is expected to move massive amounts of money. Currently,Fedwire

transfers large-dollar payments averaging $3.5 million per transaction
among Federal Reserve offices, financial institutions and federal
government agencies.

Patti Lorenzen, a spokeswoman for the Federal Reserve, said the agencyis

taking every precaution.

"Of course, we will not discuss the specifics of our security measuresforobvious reasons," she said. "We feel confident that this system adherestothe highest standards of security. Without disclosing the specifics, itis

important to note that our security controls include authentication,

encryption, firewalls, intru sion detection and Federal Reserveconducted

reviews."

 Ron Gula, president of Tenable Network Security and a specialist in
government cyber security, said he's sure the Fed is taking every
precaution. But no system is 100 percent foolproof.

 "If the motive was to manipulate the money transferring, there are Tom

Clancy scenarios where there are ways to subvert underlyingtechnologies,"

Gula said. "For example, a malicious programmer can put something in the

Fed's network to cause the system to self-destruct or to wire themmoney."

The biggest concern isn't the 13-year-old who hacks into the Fedwireand

sends himself some money - it's terrorism.

 On July 22, the Department of Homeland Security released an internal
report saying a cyber attack could result in "widespread disruption of

essential services ... damag(ing) our economy and put(ting) publicsafety

at risk."

But the Fed's undertaking of this massive overhaul is considered anecessity.


 "Our strategy is to move to Web-based technology because there are

inherent limitations with DOS based technology and our goal is toprovide

better and robust product offerings to meet our customers' needs," said
Laura Hughes, vice president of national marketing at the Chicago Fed,
which has spearheaded this program.




--
-----------------
R. A. Hettinga <mailto: rah@xxxxxxxx>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List

Unsubscribe by sending "unsubscribe cryptography" tomajordomo@xxxxxxxxxxxx


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Article: Before you speak of information pirates
Next by Date: [IP] Watchdog's Big Brother UK warning
Previous by thread: [IP] Article: Before you speak of information pirates
Next by thread: [IP] Watchdog's Big Brother UK warning
Index(es):
- Date
- Thread