Thursday, May 29, 2003 | 10:55 a.m.
Las Vegas casinos are considered among the most physically secure environments around -- but are far behind in terms of creating computerized security systems that can withstand cyber-attacks from disgruntled customers, corporate spies, ideological opponents and even terrorists, a security expert says.
"The potential for a cyber 9-1-1 is high," said Michael Leach, a director of Computer Sciences Corp., an El Segundo, Calif.-based supplier of information security systems. Leach addressed a group of information technology managers and other technology specialists at the Gaming Technology Summit in Henderson on Wednesday.
Casinos have retained older back-office technology systems that are increasingly vulnerable to security gaps as newer front-end software systems are added to their floors, Leach said.
Companies also are behind in offering online security for gamblers, he added.
Properties are increasingly offering slot club loyalty cards and taking other measures to better monitor their customers for marketing purposes. But companies generally don't allow customers to "opt out" of requests to sell or exchange personal information with other companies, he said.
Security and privacy standards for customers also are generally absent from gaming regulations nationwide. With the pervasiveness of the Internet in business transactions and the explosion of computerized technology for even the smallest tasks, the casino industry should expect regulators to take a closer look at cyber-security measures, he told attendees.
Government agencies and some businesses are migrating toward the use of "smart cards" and in some cases, biometrics to identify and track employees and customers, he said.
New technology carries new risk unless companies devise security measures to monitor those systems. That's because hackers can now destroy what once required manual manipulation, such as locking all of the secure doors in a casino, he said.
Strict casino regulations have created highly specialized departments that function somewhat independently from one another. Departments must find a way to work more closely together to develop a companywide risk management system that appeases regulators and creates a more seamless security barrier, he said.
Meanwhile, executives across many industries have falsely concluded that their security is "good enough" and that terrorism "is not their problem," said Leach, who worked for the DuPont chemical company for more than 34 years.
Others that have implemented some kind of companywide risk management system are relying on incorrect assumptions of security, he said.
Computer firewalls that keep out viruses can't protect systems from disruptions that could occur from within, such as those initiated by unidentified employees or individuals that are outsourced by a company to perform a certain task.
Information that is scrambled, or encrypted for security purposes also can be cracked using high-performance computers, he said.
Also at the gaming summit, Pete Fox, general manager of Microsoft Corp.'s Southwest region, said the tech giant aims to work more closely with the gaming industry to create specific products to run their casinos as well as to better service those products.
Microsoft doesn't intend to develop gambling software such as that used on remote gambling devices in Europe, however, said Fox, who oversees Microsoft operations across Clark County, Arizona and New Mexico.
The company has talked with software development partners about creating technology that could make gambling more convenient, he said. But such systems would eventually come from developers rather than management companies such as Microsoft, he said.
Fox declined to comment on regulations governing Internet gambling and other remote betting systems.
Some European countries have devised rules on Internet gambling and allow gamblers to bet remotely from casinos using personal computing devices such as cell phones. The U.S. government, which has taken a more stringent approach to Internet gambling, has determined that online wagering is illegal with some exceptions like simulcast wagering on horse races. Meanwhile, a bill that would outlaw financial transactions used to place Internet wagers is pending in Congress.