In San Francisco on Thursday, William Hancock, VP of security practice and strategy and chief security officer of IT service provider Savvis Communications, told a group of IT professionals and reporters that the sky was falling.
Hancock said he expects the emergence of "blended-threat" attacks that combine war on critical infrastructure occurring simultaneously with attacks designed for large-scale fatalities such as biological terrorism. Hancock went as far as to predict that such attacks would exceed those on the World Trade Center in magnitude of disaster.
The cyberwarfare aspect of such an attack could happen in any number of ways. He described the migration of the power grid from protocols such as DECnet and OSI to TCP/IP as one area of increasing vulnerability. With more of these power-grid systems connecting directly to the Internet, he warned, they become susceptible to denial-of-service attacks that could cause blackouts across the United States.
As a more mundane example, a new PC connected to the Internet could become infected with a worm within 25 minutes--before it has completed downloading the patches necessary to protect it against the most current threats, Hancock said.
Layered defenses are necessary, he argued. "There's not a firewall made that you can't get through."