DENVER — Before Sept. 11, 2001, most companies probably didn’t spend a lot of time worrying about becoming victims of a terrorist attack.
And while physical violence probably isn’t a concern to most workplaces, a string of recent computer viruses — Red Worm, Melissa and the Love Bug — have shown just how much damage cyber-terrorism can do.
It’s estimated that a single cyber-attack costs victim U.S. companies billions of dollars, and such attacks are said to be growing at an annual rate of 64 percent.
One expert said the average company’s computer system is attacked 32 times a week, though security systems thwart most, if not all, of those incursions.
Computer security is as necessary to a company’s budget as copier supplies and toilet paper.
“Most (companies) don’t have to spend a lot of money,” said Bob Fitton, a homeland security consultant with the Initiative for State Infrastructure Protection, a program overseen by the Department of Defense. “It’s a never-ending affair, though. Don’t think because you’ve set that first firewall that you’re set for the next three years.”
Fitton took part in last week’s Cyber Security Super Bowl at the Colorado Convention Center in Denver. He said cyber-security is just as important to the government as preventing future terror attacks because “our cyber-borders are potentially infinite.”
In the future, cyber-terrorism “may become a viable option to physical destruction,” according to Ken Cassine, a supervisory special agent with the FBI.
“(Terrorists) have continued to show a preference on physical attacks,” Cassine said. “Bombs are more effective than bytes in achieving their goals.”
However, he said cyber-attacks “are increasing in volume, sophistication and coordination.”
Much of modern life in America is dependent upon computer security. Government services, clean water, banking and finance, electric power and transportation are all critical areas in which a successful cyber-attack could cause serious damage — and perhaps even prove life-threatening.
During the conference’s opening forum, representatives from various state and federal agencies described the steps the government is taking to prevent such attacks.
Most of the agencies formed in the wake of Sept. 11, 2001, are just now becoming fully functional.
“Our country’s ability to detect cyber-terrorism is evolving, but the United States still remains vulnerable,” Cassine said.
Part of the battle, the panelists said, is having to play a never-ending game of “catch up” with technology.
“The IT industry is in its infancy, and the security that protects that industry is also in its infancy,” said Harley Rinerson, an Army veteran who is chief information security officer for the state of Colorado. “Anytime you put a computer on a network, it’s probably only a few minutes’ time before it starts getting probed.”
Most of the country’s cyber-infrastructure is privately owned, which makes the government’s job of maintaining cyber-security that much tougher.
“It’s going to probably be a public and private partnership,” Rinerson said. “One of the first steps is awareness.
“My mother in South Dakota — until I threw a quick firewall up there — I’m sure somebody was all over her computer.”
For companies already strapped for cash because of the bad economy, having adequate cyber-security can prove particularly challenging, but it’s not something to ignore, according to Jeff Frasier, a cyber-expert with Cisco Systems.
“First, leverage your existing capital; Number 2 is have a plan,” Frasier said. “It’s important to have a plan and scale it out long-term.”
Tony Kindelspire can be reached at 303-776-2244, Ext. 291, or by e-mail at