- The Washington Times - Friday, October 26, 2001

The administration intends to devote millions of dollars constructing bulwarks against computer terrorism a threat some say is vastly overrated.
Based on assessments by the General Accounting Office and independent cyber-security specialists, the administration has concluded that the federal computer system is vulnerable to devastating attacks by terrorists, criminals and increasingly malicious hackers. Consequently, it has created an Office of Cyberspace Security and announced earlier this month that it will spend $10 million to counter cyber-terrorism.
Richard Clarke, the retired Army general whom President Bush has named to head the new office, has called for creation of an Internet-like computer network solely for government use that unlike the Internet would be secure. He said he will ask for additional funds.
Computer specialists say they don't know how much building such a system would cost. But they say the price tag would be huge if the network could, in fact, be built.
Few question the need for the United States to build sturdier defenses against computer attacks. The GAO, for instance, reported last month that "Independent audits continue to identify persistent, significant information-security weaknesses at virtually all major federal agencies that place their operations at high risk of tampering and disruption."
Moreover, the number of reported "incidents" or attacks on computer networks and systems has been rising steadily.
It went from 252 in 1990 to 21,756 in 2000. In the first six months of 2001, 34,754 incursions were reported.
The incidents were reported to CERT, a federally funded enterprise established 13 years ago to thwart or limit network attacks and to ensure the continuation or resumption of critical computer services. Formerly called the Computer Emergency Response Team, CERT is housed at Pittsburgh's Carnegie Mellon University. It is considered the nation's foremost "neutral" authority on cyber-security.
Rich Pethia, CERT's director, testified at a House Government Reform subcommittee hearing in late September that the nation was threatened by "rapidly evolving, technologically advanced forms of cyber-attacks."
Mr. Pethia said the Nimda Worm attack of Sept. 18 illustrates the nation's vulnerability. Nimda modified Web documents and invaded files. Within hours, it had "paralyzed" 100,000 computers.
Given such facts, security specialists agree the nation's enemies can create monumental mischief by hacking into crucial computer systems.
Networks can be shut down, files can be erased or altered, security data can be stolen, and Internet sites can be flooded with misinformation and false alarms.
However, the controversy over the seriousness of the nation's susceptibility to what's being called "cyber-terrorism" and "information warfare" has developed because of the way the threat is being described.
Excited news accounts have claimed master computer hackers and the talented technicians employed by the military and intelligence agencies of various nations can disable U.S. power grids, robbing whole regions of electricity. News accounts have warned that computer raiders can hobble airport operations, shut down air-traffic controllers' computers and wreck hospital and emergency-response team communications.
On the day Mr. Clarke was appointed to his new position, he cautioned that the United States is open to a "digital Pearl Harbor" attack.
But, says "infowar" specialist George Smith, "Computer security is important. But fundamentally it's a disservice to suggest that catastrophe can be laid upon the nation through the electronic keyboard. The worry still is about dynamite and nuclear arms, and other terrorists threats."
Mr. Smith, author of "The Virus Creation Labs," a book about malicious software incursions, argues that disrupting Internet communications can produce major inconveniences, but hardly rises to the level of "terror."
"Cyber-war is surrounded by mythology," he said. "It has grown up since the 1990s. It has developed because security people have needed to gain attention in a really tough market. They imply disaster, using tortured rationalizations to warn of some kind of unspecified but serious, surprise attack on the U.S. infrastructure.
"We have a large amount of information about the worldwide spread of computer viruses, and they have never resulted in death. Bomb explosions, infectious diseases these are more pressing worries."
Tim Shimeall, a senior technician at CERT, agrees.
"There is an awful lot of concern about casual computer hackers using prepackaged tools to hit sites. There is concern that better-prepared hackers can damage institutions or infrastructure. But there has been exaggeration," he said.
"I get nervous about referring to a 'digital Pearl Harbor.' The reality is that government agencies, companies and even news organizations have been attacked by sophisticated hackers in the past and they have rapidly recovered. The attacks have caused inconvenience, not smoking ruins."
Mr. Shimeall demurs when asked specifically how much damage cyber-warriors could cause, but he says that where there are many interlocking systems as there are in the air-transport system, there could be problems when communication is disrupted.
"You have travel agents, various suppliers, manufacturers, pilots and crews, airport-security systems, baggage handlers and others all relying on computer networks. A breakdown in that infrastructure, for instance, is achievable because of the number of individual software programs that can be attacked."
Then Mr. Shimeall tries to put the talk of cyber-war into perspective. "I interpret remarks from Dick Clarke and others as a call for caution and awareness. And that's responsible."

LOAD COMMENTS ()

 

Click to Read More

Click to Hide