. "Protecting Bank Networks from Acts of Computer Terrorism." Terrorism: Reducing Vulnerabilities and Improving Responses: U.S - Russian Workshop Proceedings. Washington, DC: The National Academies Press, 2004.
The following HTML text is provided to enhance online
readability. Many aspects of typography translate only awkwardly to HTML.
Please use the page image
as the authoritative form to ensure accuracy.
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings
perts from the Council of Europe, credit card cases alone result in annual losses of about $400 million. Losses from viruses total about $12 billion, while violation of property rights causes $250 billion in damages.
The number of crimes in the information technology (IT) sphere committed against governmental information systems is constantly on the increase. According to data from the Central Intelligence Agency, Internet sites of central U.S. government agencies were attacked 750,000 times in the past three years. Other sources indicate that the number of such attacks could be 1 million. In 2001 the networks of the U.S. Space Command alone were attacked 30,000 times. From 1998 through 2001, the number of such attacks increased fivefold.
According to data for 2002 published in the quarterly report of the U.S. Computer Security Institute (CSI), 223 of 503 organizations surveyed suffered financial losses totaling $455,848,000 as a result of various types of information threats being carried out against them. For example, while in 1997, 21 organizations suffered losses of $20,048,000 from theft of proprietary information, in 2002 these losses amounted to $170,827,000. The annual CSI/FBI Computer Crime and Security Survey is conducted as a public service by the CSI with the participation of the Computer Intrusion Squad of the FBI’s San Francisco office. Its purpose is to increase the level of security awareness and help in determining the scope of computer crime in the United States (www.gocsi.com).
According to data on high-tech crimes from the Moscow Main Administration for Internal Affairs, its personnel discovered about 3,000 pornographic websites in the period from March through December 2002 alone, with the profits from each site averaging $30,000. Some of this money was going to support the activities of extremist and terrorist groups. The number of cyberattacks against enterprises, organizations, and citizens is growing at a stable pace. According to information from the Main Administration for Special Technical Measures of the Russian Ministry of Internal Affairs, in 2001 the number of computer-related crimes committed in Russia increased by almost 150 percent compared with 2000 (www.mvdinform.ru).
It should be noted that in our country today the overwhelming majority of banks are commercial or nonstate owned, and their automated systems contain almost no information involving state secrecy. In addition, the limited-access information that circulates in such automated bank systems in most cases includes no state secrets whatsoever. Russia currently has no general official information security recommendations or requirements for such systems, for example, in the form of any set standards. Only old requirements for security organizations remain in effect. Bank security is primarily provided with the help of technical means of protection. If such means prove inadequate to ensure the absolute security of cash, valuables, and important papers, armed guards are posted at main offices and major branches.
Technical means of protection include reinforced buildings, vaults, and safes; fire and security alarm systems; sprinkler systems; and the use of firearms and