SECURITY REPORTS

information systems security. He felt that NSA must

NSA’s future lnfosec plans assume a wider role in providing “defensive information
operations” for a vast range of
Wayne Madsen
systems environments, both in
the government and the
0 n(NSA)
23 April 1997, the National Security Agency
hosted the first Information Systems
private sector. The Deputy “protect
Security Education Colloquium at the Maritime
Director saw NSA’s role as
being similar to
the national
Institute of Technology, Linthicum, Maryland, USA.
government providing for Security and
The conclave, which attracted representatives of
civil defence in the nuclear
government, industry and academia, was designed to
age. “We [NSA]“, sensitive
create a national approach to information security
education and training. Although the subject matter was
McDermott said, “must information”
provide civil defence in the
relatively innocuous, the opening remarks by Thomas
information age”. While
McDermott, NSA’s Deputy Director for Information
conceding that an ‘electronic Pearl Harbor’ is still some
System Security, revealed some of NSA’s expansionist
time off, McDermott believes that “the means and
plans for the future.
motives exist today for smaller electronic World Trade
McDermott pointed out that the Information System Center and Oklahoma City events”.
Security Organization of NSA was providing
“leadership, products. and services necessary to enable To combat such occurrences, McDermott promoted
customers to protect national security and sensitive the notion of “zones of cooperation” between the
information in information systems pursuant to federal government sector, US law enforcement and national
law and national policies”. security, international law enforcement and national
security, and the private sector. Future zones of
Although NSA does, in fact, have a mandate to cooperation initiatives described by McDermott include
provide security for national security information, the “releasable cryptographic solutions” and “aggressive
Computer Security Act of 1987 specifically assigns the protection of Defence Information Infrastructure and
National Institute for Standards and Technology (NIST) crucial parts of the National Information
responsibility for the protection of sensitive unclassified Infrastructure”.
Government information.The 1987 Act does not assign
any government agency responsibility for securing Lastly, McDermott pleaded with industry to accept
private sector ‘sensitive’ information. NSA’s technical expertise to “satisfy national needs”.

McDermott, not surprisingly, stated that NSA

“strongly” supports the information warfare initiatives
of the President’s Commission for Critical
Infrastructure Protection (PCCIP) and the Department
of Defense Science Board. Both groups have called for Computer viruses - the
significant amendments to or complete abrogation of the
current state in Italy
Computer Security Act. In any case, the NSA would
achieve greater authority over civilian government and
Silvano Ongetta
private sector information systems security.

McDermott conceded as much when he said “if During 1996 an average

computer viruses was
increase of 6.7% of new
registered in Italy. This
someone messes with a banking system - that is a
resulted in an increase of 285% over 1995 in the total
national security issue”. Underscoring his belief that number of businesses infected with computer viruses.
NSA’s role was expanding, McDermott saw an The total number of cases increased by 1 195 over the
evolution away from the organization’s past and present total for 1995. Off-setting this, the number of computers
roles in providing communications security and

Computer Fraud & Security June 1997 5

0 1997 Elsevier Science Ltd
 SECURITY REPORTS

damaged and the number of hours lost have declined on detected throughout the year, though the most infections
the previous year. occurred in December (14%), November (I 3%),
October (10%) and January (9%). This confirms that the
The increase in computer viruses represents 89
winter season is the most dangerous.
different viruses including 13 more than the previous
year. This is equivalent to 0.89% of the total number of
The businesses with the highest risk of exposure to
viruses currently known worldwide.
computer viruses are those in the public administration
sector where each incident represents an average lost
The most relevant data is revealed upon
time of 1.3 days. The most severe incidents have been
examination of a homogeneous sample composed of
found in the service sector, particularly banks. This has
approximately 1000 PC distributors in Italy. This study
resulted in the development of preventive measures’in
indicated that 3% of PCs and support mechanisms were
this sector.
infected or detected viral contamination. In Italy it is
estimated that 150 000 viruses exist on PCs or disks out
Researchers at Istinform interviewed 100 personnel
of a total of five million.
in charge of security to confirm the method of infection
of viruses into businesses (it is acknowledged that such
This information was obtained from the sixth
information is fundamental to a better understanding
annual report of the anti-virus service and criminal
and prevention of the phenomena). The causes of the
prevention prepared by Security Net and collated by
spread of viruses are classified as programs brought in
Fulvio Berghella. The sample obeserved consists of 100
by employees (22.8%), by suppliers (22.5%), from
banking services, industrial services and public
client floppy disks (22.5%), on floppy disks from other
administration affairs representative in Italy. The cases
businesses (lO.l%), from intercompany exhanges
reviewed in the sample were 2991 which infected 6642
(7.9%), by video games (7.1%), over the Internet
magnetic systems resulting in the loss of 1139 working
(3.4%), by floppy disks installed for maintenance
days or 9000 work hours. The most prevalent viruses
(2.6%) and via new software (1.1%).
were:

Some of the incidents which occurred in 1996 raised

Form 33.9%
legal issues. Two significant cases are as follows: one
Bye 7.5% business in the service industry which was oblivious to
170X (Cascade) 5.9% computer security, accidentally transmitted to 250
Junkie 5.8% clients a dangerous and complex virus with some
RRPS2 5.6% updated software. One large firm requested the
Yankee D 4% intervention of a magistrate and police specialists after
discovering the presence of the new virus on computer
November 17 (V855) 3.6%
files containing strategic data.
NYB 2.8%
PG3 2.7% 1996 was characterized by the appearance and the
Peter II 2.6% immediate expansion of new methods of infection
AntiExe 2.3% including macro viruses for Winword as well as hoax
Parity B 2.2% viruses. The first exploits a macro on a well known word
processing program. The latter has the objective of
Concept 2%
alarming users with hoax messages via E-mail whereby
HLLC 1.4%
the users are instructed to not read certain files and asked
Craven 1.4% to distributed the warnings to fellow users. The hoaxes
GenB 1.4% take advantage of the sense of responsibility of the users
by producing a chain letter type reaction of messages
These 16 viruses infected 84% of the sample and over the Net, which results in lost time and increased
are present throughout the entire country. Viruses are traffic and, in certain cases, site paralysis.

Computer Fraud & Security June 1997

0 1997 Elsevier Science Ltd