Revenge of the Nerds
new threats to national security, and U.S. defense policy must
anticipate the menace
By Richard J. Vivero
Copyright © 2001 Harvard Political Review
You wake up one morning and realize that your power is out. The
phone that acts as your lifeline to the world is also inoperative.
The entire infrastructure on which you depend has been attacked
and reduced to shorted circuits. Does this situation sound somewhat
far-fetched? It may very well be. Almost all discussion of the
significance of cyber-terrorism includes such a scenario as a
plausible reality, but the United States has yet to fall victim.
Does this mean we are safe? Why should we worry about the possibility
of a rogue group attacking our computer systems? We need not look
much further than the trappings of the United States' technological
leadership, from the computers that run our electrical stations
to those that track nearly every record in our national government.
The National Information Infrastructure (NII) is defined as the
"system of advanced computer systems, databases and telecommunications
networks. that makes electronic information widely available and
accessible. This includes the Internet, the public switched network,
and cable, wireless and satellite communication." The NII has
heralded a period of greater efficiency that has freed Americans
to pursue other interests while the computer expedites tasks that
would normally occupy the day.
Identifying Our Weaknesses
This freedom comes at a hidden price. Information warfare allows
for a significant amount of anonymity and for multiple attacks
on various targets that are currently undefended. The Central
Intelligence Agency highlights the increased risk of attack in
its categorization of information warfare as one of two major
national security threats-the other being nuclear, biological,
and chemical weapons. According to Philip Bobbitt, the former
National Security Council senior director for infrastructure protection,
"We're entering a period when a very small number of persons can
do greater damage to our American infrastructure than all our
previous wars combined."
Second, the growth of the Internet has spawned an environment
in which consumers and businesses can interact, while establishing
the perfect circumstances for industrial cyber-espionage and fraud.
The dot-com craze of 1999 and 2000 illustrates websites' importance
in doing business. Who can think of a large company that does
not have a website? It is now common for companies to exist as
web-based solutions with no real-world outlets for a consumer
to approach. Hackers have capitalized on this transition to a
virtual world by viewing and tampering with publicly accessible
or confidential company information. Websites, such as those of
Yahoo, CNN, and our national political parties, have been recent
victims of hackers on a mission.
The First Casualties
||Think Tank: Our dependence on computers extends to the
front lines of the military.
The recent increase in hacker and virus attacks spotlights our system's
vulnerabilities. In 1997, an unknown assailant orchestrated an overload
of NASA systems during a shuttle rendezvous with Mir, necessitating
a switch to backup systems for voice and data communication. More
recently, internal tests by the General Accounting Office report
that 24 major departments and agencies contain serious flaws that
could allow for unauthorized access. Seven of the 24 departments
tested, including the departments of Justice and Health and Human
Services-which holds the records of all Medicare recipients-received
failing grades. In the GAO report, auditors noted success in "gaining
unauthorized access that would allow intruders to read, modify,
or delete data for whatever purpose they have in mind." Microsoft,
too, has felt the effects of hackers within its own systems. Reports
revealed that an attacker had access to internal Microsoft systems
for a period estimated at anywhere from 12 days to as long as three
months. Microsoft has not fully quantified the extent of the damage
to its systems but reported that source code-the essential blueprints
for a new software program-was viewed and possibly exported to an
Responding to the increasing risk of attack requires directed, well-developed
action. Both the government and businesses must take aggressive
steps to prepare systems for possible breaches and establish procedures
for quick recovery when such problems arise. Of the number of solutions
available, there are two important areas to watch: computer operation
and international cooperation.
What We Can Do
Consumers, employees, and government workers must commit to increased
vigilance. Beyond the misuse of passwords, many cyber-intrusions
occur due to worker negligence, including the installation of viruses
and "backdoor" programs that allow hackers to take control of systems
from a remote location. Computer operators must employ strong encryption
protection, with a minimum of 128 bit keys, and biometrics (i.e.
finger and voice print identification), and maintain an awareness
of all programs installed on their systems. Such simple precautions
can often avert infiltrations by amateur attackers who employ readily
available hacking software.
To address the larger issue of professional hackers, the government
must re-evaluate the paradigm by which it defines cyber-terrorism.
Currently, digital threats are viewed as tactical rather than strategic
problems, but this view severely undercuts governmental solutions
and renders current attempts innefective. Nigel Churton, managing
director of Control Risks Group, said "Globalization is here. The
Internet has no respect for boundaries. Crime has no respect for
boundaries, and the legal system and law enforcement are.a long
way behind criminals."
In response to a strategic problem, the United States should conduct
intelligence gathering to identify possible sources of attack, no
different from the standard defense against strategic threats to
our national security. Increased intelligence must be accompanied
by a means to effect change, such as multilateral agreements which
set finite guidelines for dealing with hackers across international
lines. This is necessary to allow for productive investigations
Looking to the Future
Cyber-terrorism is a logical means of attack in the not-too-distant
future. To this day, we have only felt mild repercussions from such
intrusions. The United States has arrived at a window of opportunity
through which the future is visible and the tools to protect against
possible disturbances are available. It is reckless not to take
advantage of this chance for protection, before we experience the
full realization of the scenarios that intelligence warfare analysts
envision on a daily basis.