IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Revenge of the Nerds

Cyber-terrorism poses new threats to national security, and U.S. defense policy must anticipate the menace
By Richard J. Vivero
Copyright © 2001 Harvard Political Review

You wake up one morning and realize that your power is out. The phone that acts as your lifeline to the world is also inoperative. The entire infrastructure on which you depend has been attacked and reduced to shorted circuits. Does this situation sound somewhat far-fetched? It may very well be. Almost all discussion of the significance of cyber-terrorism includes such a scenario as a plausible reality, but the United States has yet to fall victim.

Does this mean we are safe? Why should we worry about the possibility of a rogue group attacking our computer systems? We need not look much further than the trappings of the United States' technological leadership, from the computers that run our electrical stations to those that track nearly every record in our national government. The National Information Infrastructure (NII) is defined as the "system of advanced computer systems, databases and telecommunications networks. that makes electronic information widely available and accessible. This includes the Internet, the public switched network, and cable, wireless and satellite communication." The NII has heralded a period of greater efficiency that has freed Americans to pursue other interests while the computer expedites tasks that would normally occupy the day.

Identifying Our Weaknesses
This freedom comes at a hidden price. Information warfare allows for a significant amount of anonymity and for multiple attacks on various targets that are currently undefended. The Central Intelligence Agency highlights the increased risk of attack in its categorization of information warfare as one of two major national security threats-the other being nuclear, biological, and chemical weapons. According to Philip Bobbitt, the former National Security Council senior director for infrastructure protection, "We're entering a period when a very small number of persons can do greater damage to our American infrastructure than all our previous wars combined."

Second, the growth of the Internet has spawned an environment in which consumers and businesses can interact, while establishing the perfect circumstances for industrial cyber-espionage and fraud. The dot-com craze of 1999 and 2000 illustrates websites' importance in doing business. Who can think of a large company that does not have a website? It is now common for companies to exist as web-based solutions with no real-world outlets for a consumer to approach. Hackers have capitalized on this transition to a virtual world by viewing and tampering with publicly accessible or confidential company information. Websites, such as those of Yahoo, CNN, and our national political parties, have been recent victims of hackers on a mission.

A Possible Target
Think Tank: Our dependence on computers extends to the front lines of the military.

The First Casualties
The recent increase in hacker and virus attacks spotlights our system's vulnerabilities. In 1997, an unknown assailant orchestrated an overload of NASA systems during a shuttle rendezvous with Mir, necessitating a switch to backup systems for voice and data communication. More recently, internal tests by the General Accounting Office report that 24 major departments and agencies contain serious flaws that could allow for unauthorized access. Seven of the 24 departments tested, including the departments of Justice and Health and Human Services-which holds the records of all Medicare recipients-received failing grades. In the GAO report, auditors noted success in "gaining unauthorized access that would allow intruders to read, modify, or delete data for whatever purpose they have in mind." Microsoft, too, has felt the effects of hackers within its own systems. Reports revealed that an attacker had access to internal Microsoft systems for a period estimated at anywhere from 12 days to as long as three months. Microsoft has not fully quantified the extent of the damage to its systems but reported that source code-the essential blueprints for a new software program-was viewed and possibly exported to an international site.

Responding to the increasing risk of attack requires directed, well-developed action. Both the government and businesses must take aggressive steps to prepare systems for possible breaches and establish procedures for quick recovery when such problems arise. Of the number of solutions available, there are two important areas to watch: computer operation and international cooperation.

What We Can Do
Consumers, employees, and government workers must commit to increased vigilance. Beyond the misuse of passwords, many cyber-intrusions occur due to worker negligence, including the installation of viruses and "backdoor" programs that allow hackers to take control of systems from a remote location. Computer operators must employ strong encryption protection, with a minimum of 128 bit keys, and biometrics (i.e. finger and voice print identification), and maintain an awareness of all programs installed on their systems. Such simple precautions can often avert infiltrations by amateur attackers who employ readily available hacking software.

To address the larger issue of professional hackers, the government must re-evaluate the paradigm by which it defines cyber-terrorism. Currently, digital threats are viewed as tactical rather than strategic problems, but this view severely undercuts governmental solutions and renders current attempts innefective. Nigel Churton, managing director of Control Risks Group, said "Globalization is here. The Internet has no respect for boundaries. Crime has no respect for boundaries, and the legal system and law enforcement are.a long way behind criminals."

In response to a strategic problem, the United States should conduct intelligence gathering to identify possible sources of attack, no different from the standard defense against strategic threats to our national security. Increased intelligence must be accompanied by a means to effect change, such as multilateral agreements which set finite guidelines for dealing with hackers across international lines. This is necessary to allow for productive investigations and prosecutions.

Looking to the Future
Cyber-terrorism is a logical means of attack in the not-too-distant future. To this day, we have only felt mild repercussions from such intrusions. The United States has arrived at a window of opportunity through which the future is visible and the tools to protect against possible disturbances are available. It is reckless not to take advantage of this chance for protection, before we experience the full realization of the scenarios that intelligence warfare analysts envision on a daily basis.