LONDON (06/22/2000) - Networks face three vulnerabilities: physical security problems, logical security problems such as computers within a network and security problems involving people, all of which should be equally important to businesses, according to a British Telecommunications PLC (BT) executive speaking here Thursday.
"We are potentially vulnerable in just about anything we do anywhere," said William Morris, manager of policy and system integrity for BT's group security.
But people often forget about some aspects of network security vulnerabilities completely, Morris said.
"We buy standard products, such as switches and routers, and those standard products have standard weaknesses," he said. "And the telecommunications industry is unique because of its dependance on networks."
Since the industry has evolved from what was mainly a voice-only industry with large global players, the threats to security have become more drastic.
"Now, with the Internet, there are multiple vendors and no protection standards," Morris said.
Internal and external security compromises have been around for as long as networks, but can do much more damage now.
"A very simple, low level, nontechnical form of attack can have very widespread consequences," he said. "Therefore, good physical security is bedrock. If that isn't there, I believe you're wasting your time, because the front door is open."
BT has been faced with all kinds of strange threats, Morris said, ranging from someone who tried to extort money from the company by setting fire to the local loop to a temporary employee who hacked into the system, resulting in a 30 million pound (US$45 million) investment by BT to ensure that the security breach couldn't be repeated.
For logical security breaches, there is a four-step process companies should use, Morris said: "Protect, detect, react and deter. For example, firewalls are only of any real use if you master them and take action when you notice something wrong."
Both industry and law enforcement must move ahead to fight security breaches, Morris said, noting that "the attitude of the judiciary to (young hackers) must change; it must be 'that guy can cause havoc to international commerce and wreck a perfectly legitimate business'."
Currently, there is a lack of technology knowledge in legal and law enforcement circles and that is creating difficulties in pursuing hackers and bringing cases to court.
"Investigators need to understand the technology and know what to ask for," Morris said. "There is also still a problem trying to give technical evidence in court" in hacking related cases.
BT, in London, can be reached at +44-20-7356-5000 or at http://www.bt.com/.
InfowarCon, in London, continues through tomorrow.