Numerous attacks, few solutions
Worms and viruses delivered a wake-up call in 2003 that corporate America couldn't ignore.
Slammer, the first "flash worm"--a self-spreading program that blitzes the Internet--infected more than 200,000 computers, when it took advantage of a flaw in Microsoft's SQL program. The worm, which spread to most of the Internet in minutes, downed automated teller machines; interfered with airlines' computer systems, delaying flights; and disrupted telecommunications networks, leading to outages. Eight months later, another widespread vulnerability in Microsoft's Windows operating system also prompted a worm. The MSBlast program spread to as many as a million PCs and servers and hit railways, airlines and universities hard.
Nearly 20 years after a researcher coined the term "virus," the infectious programs began taking a criminal role. Several variants of a virus known as Sobig apparently compromised computers to allow them to be used by spammers to send anonymous e-mail. Other viruses, such as Mimail, targeted antispam activists.
The second year of Microsoft's Trustworthy Computing Initiative was fraught with problems. CEO Steve Ballmer blamed some of them on "thieves (and) con artists" who wanted to attack Microsoft, and by the end of the year, the software giant had posted a $250,000 award for information leading to the prosecution of the person or groups responsible for releasing the MSBlast worm and the Sobig virus. The company also revamped its release schedule for security patches and kicked off a new initiative to help companies better "secure their perimeters." To combat the threat of viruses and worms, the company plans to integrate some level of antivirus functionality into Windows. It laid the foundation for that effort by purchasing a Romanian antivirus company.
The highlight on security, along with regulations, pushed more companies to adopt security technologies. Laws such as the California Security Breach Information Act and the Health Insurance Portability and Accountability Act convinced companies that better security is a must. Identity management systems--which enable companies to easily set up, administer and regulate user information and access rights--have become more popular. And easy-to-use virtual private network technology, based on browser encryption, also caught on.
The United States' handling of cybersecurity as a national security issue also came under scrutiny. In February, the Bush administration released its National Strategy to Secure Cyberspace. The plan was much criticized, but the tech industry strove to live up to the two central themes of the plan the technology sector had supported: Everyone should secure their own area of cyberspace; and private industry--which owns 85 percent of the infrastructure--should work with government to self-regulate security.
In the latter half of the year, several Internet attacks targeted Linux and open-source projects. The Linux kernel, the Debian Project and Gentoo Linux all came under attack. Two attacks also targeted the GNU Project, which publishes much of the free software that makes Linux and other Unix-like systems tick.