Y2K Site Map | Terms of Use | Problem | Steps | Certification | Briefings | Compliance | Solutions | BIOS | Test & Evaluation | Cost
The following Y2K material has been kept available by MITRE for historical purposes only and has not been updated unless noted.
| IDEAS FOR THE LAST SIXTY DAYS OF 1999 |
Unless you have managed to avoid reading newspapers, magazines, and e-mail and you have stopped watching television and no longer talk to your family, neighbors, or co-workers, you probably have heard about the Year 2000 (Y2K) problem facing our computerized systems. What you may not have heard or realized is that over the last three years organizations across the globe have upgraded, revised, patched, or replaced approximately 80% of their automated systems.
This massive volume of change has stretched, and in many instances torn, the information protection policies and procedures of organizations that had been geared to handle the normal rate of changes, which ranged from 5-15% per year. This article discusses information assurance efforts that could make great strides in recovering from this onslaught of changes and prepare for the next period of atypical events, which will surround the coming of Y2K.
As organizations grew to realize the size and potential impact of Y2K problems in their automated systems, more and more resources were poured into assessing, fixing, testing, and re-fielding solutions to those problems. New contracts were awarded to consultants and suppliers, large numbers of workers were drafted into the Y2K efforts, new tools were bought or leased, and replacement products or upgrades to existing packages were brought on-line in record numbers. In many cases, an organization's standard practices for background checks, referrals, and close reviews of proposed changes were revised and streamlined to allow the time-sensitive Y2K changes to occur. As the pace of change subsides and the workforce reverts to normal levels, this would be a good time to review or re-establish some of those streamlined practices. A prioritized resumption of review that places focus on consultants, temporary employees, and those working on sensitive areas could pay off by revealing unsanctioned additions to your systems before they have a chance to do harm during the coming century's change.
The Y2K problem and the efforts to fix it have spawned a wide variety of tools for finding and fixing the problem in its various forms. Many of these tools have been created and distributed for free by individuals and corporations to help others address this common and urgent problem. Many organizations, especially those selling hardware and software products, have provided free analysis and patching tools to help their customers repair the Y2K problems in the original products. However, the large number of free downloadable tools also leaves open the opportunity for other people to provide similar tools that do more than fix the Y2K problem. By working with your organization's Y2K team, you can identify approaches for examining these types of tools. Also, you can arrange for "trusted" ways of getting the latest fixes and updates so that your organization does not use any more modified tools and fixes. In addition, it is a good time to go back over the tools and fixes that were used by your Y2K team up to now and make sure that they are doing just the changes these tools and fixes are supposed to do. There is still time to find and fix any features that may have been introduced without your Y2K team's knowledge.
The general feeling is that many more intrusion attempts and other attacks will be focused on the time around 1 January 2000. This may or may not turn out to be the case; however, it would make a lot of sense to prepare as if it were a certainty. As a precaution, you should review your current defenses for handling all potential updates and revisions for addressing new vulnerabilities. It is important to verify that your staff has installed the latest versions and patches to support your firewalls, routers, and gateways for e-mail and Web traffic. Also, it is possible that now is the time to add that new scanner for malicious mobile code that you were considering. But whatever you do, make sure that you have a trusted and secure way of getting updates and new patches for the newest changes to your access control and security systems. Review your procedures for applying updates for security issues and Y2K fixes to make sure that only trusted individuals are involved in acquiring the fixes and updates that will be applied.
One of the common concerns for most organizations is that there will be some types of power problems during the New Year's weekend. Make sure you are prepared. It is possible that you will incur one or more types of power problems. The types of power problems could range from outages to brownouts to surges and transient spikes or some combination thereof. For those systems that make up your key information protection assets, ensure that they are adequately protected by power filters, uninterruptible power supplies, and, if possible, backup power generators. It is paramount to verify that the people working on power restoration have clear and accurate procedures in place to restore your organization's systems in a way that rebuilds your security capabilities. Work with your facilities and power personnel to ensure that the correct type of power protection is supplied to your servers, firewalls, switches, and gateways and that they will be recovered in the right sequence if the power is totally lost.
Two often over looked ways of improving your protection capabilities are to monitor and measure the typical activities for disk activity, CPU usage, and network traffic during the weeks and months of your organization's normal business operations. People are creatures of habit. They will follow very similar patterns of activity if they can. Get to know and understand what is happening, who is involved, and what are the levels and routes of their activity on weekends. Build a profile of normal activities and chains of events that you can use to compare against Y2K operations. In this way, you will be better able to detect discrepancies pointing to surreptitious or invasive activities that need to be addressed. However, the discrepancies may also be pointing out normal activities that you did not include in your profile.
Be aware of what your organization is planning to do differently for the New Year's 2000 weekend. Many organizations are planning to shut down systems, or at least computer applications, for the weekend to limit the number of items that could become corrupted by missed Y2K problems. This could dramatically change the normal weekend profile of activities. It could make your job harder by removing your measuring stick for identifying abnormal activities. In addition, many organizations are planning to bring people in on Saturday and Sunday to "kick the tires" after the century rollover to verify that everything is working correctly. Work with your Y2K project teams to understand and support their plans for the weekend. In addition, ensure that their shutdown and change plans leave your organization's security provisions intact.
For most of us, Monday is the first normal business day of the week, when the majority of our employees will come back to their desks to find whatever the Y2K problem has left for them. Call desks and help lines will most likely receive a large number of calls from those who did not take the Y2K problems as seriously as they should have. Make sure that the help desk personnel are directing customers to use trusted and tested copies of fixes and updates. All you need is for a well-intentioned employee to bring in a tainted copy of something and then share it with a few hundred of his or her co-workers. The only products that should be allowed to be installed on any system should be those that are officially sanctioned.
A lot of effort is going into contingency planning for possible problems from Y2K even though our organizations have tried to find and fix the various systems and infrastructures at risk from Y2K. Ensure that your information security staff is involved in and knowledgeable about the contingency plans that your organization is devising. Review the security implications of the various courses of action and provide your inputs to the planning process, identifying any severe risks these plans might create. For instance, if, as a last resort, your organization is planning to reset the clocks of systems to a distant past date in order to get them functioning, identify the security and access control/monitoring issues with respect to systems logs, user permissions, and security access rules for passwords and accounts. Work through these issues with the contingency planning teams so that unrealistic plans and situations are avoided.
Many of the network components of our organizations and of the Internet run on Greenwich Mean Time (GMT), which is 6 hours earlier than Eastern Standard Time (EST) here in the United States. Make sure your staff is aware of the real time that events could happen. For example, during the recent rollover of the Global Positioning Satellites (GPSs), which happened at midnight (minus 13 seconds) on August 21, 1999, GMT, the news reporters were announcing that they would be covering the impending transition live in two hours on their 10 p.m. EST broadcast. Unfortunately for them, the transition had taken place 4 hours earlier.
In preparation for the first weekend of the next century it may be useful to review your user accounts and their privileges, placing special emphasis on remote accounts. If feasible, you might look into whether you can disable the scheduling features of critical platforms during the rollover to prevent the automatic launching of hidden programs. If you choose this option, it is vital to test the capability prior to implementation. Also, it could be of paramount importance to synchronize your time clocks for as much of the organization as possible. The action will minimize problems in incident reporting and facilitate diagnosing the sequence of any events that do occur. This should make it easier to trace the information flow across platforms and to understand what happened. One option to consider is to set all clocks associated with the organization to the time used by the national atomic clock or a GPS-driven time source.
Last, make sure to save your hats and noisemakers for the your Millennium's New Year's party next year..
 |
This page is provided and maintained by our Website Administrators Last modified: Thursday, 14-Feb-2008 09:21:04 EST |