Telcordia Warns of 'Digital Pearl Harbor'Telcordia Warns of 'Digital Pearl Harbor'

Be afraid. Be very afraid.

According to three cyber security experts at Telcordia Technologies Inc. , the networking industry is headed for a "digital Pearl Harbor" -- a security breach so serious that it creates major outages and serious economic damage.

US government officials, including the Obama White House, are well aware of the danger, which is one reason the President appointed cybersecurity czar Howard Schmidt. But the telecom and computing industries also need to be engaged in the process, which will require some changes in the way business is done today, says James Payne, senior VP/general manager of Telcordia's National Security and Cyber Infrastructure unit.

Payne says imposing security standards on today's converged-yet-diverse Internet service delivery community can be so complex that it even has some of those who are meeting to discuss the security challenge pining for the good old days, when monopoly AT&T Inc. (NYSE: T) ruled the roost and could have gold-plated security, albeit at its ratepayers' expense.

Convergence, the move to an all-IP infrastructure, and the best-effort nature of IP all play a role in the growing security challenge, as does the fact that organized crime, working on behalf of its own greed or rogue nations, now runs much of the cybercrime activities.

Payne quoted former national security adviser Richard Clark as saying recently that the cyber cartels are generating more money than drug cartels because of known exploitable vulnerabilities.

Multiple industry standards groups are attempting to address the issues, says John Kimmins, Telcordia fellow in security services and solutions. These include Alliance for Telecommunications Industry Solutions (ATIS) , the Internet Engineering Task Force (IETF) , the International Telecommunication Union (ITU) , 3rd Generation Partnership Project (3GPP) , and various government agencies such as the Department of Defense and Homeland Security, but no one agency is in charge of the effort.

"There is not one place to go and plug it [security] in -- each standards group has what it embraces, which is one of the problems," Kimmins says.

One thing that would help immediately, Payne says, is legislation similar to that passed in preparation for perceived Y2K dangers -- the kind that protects companies that admit vulnerabilities from being subsequently sued by their investors. Without such protection, it is hard for service providers, hardware companies, and software vendors to engage in "honest dialogue" about what the real dangers are, for fear of legal entanglements.

"At a policy level, let's get serious about having a dialogue to discuss moving away from the best-effort model," Payne says. "It's not about putting everything back together [like the old AT&T] but it's beginning of a dialogue that will enable us to avoid an event so serious" that repercussions might be unimaginable.

In advance of any standards or legal changes, however, there are things that the telecom and computing industries can be doing to mitigate some of the danger, Payne, Kimmins, and Petros Mouchtaris, executive director of information assurance and security, told press and analysts at Telcordia's New Jersey headquarters last Friday.

Those things include: