Cyberspace: a terrorist frontier?

0 Comments | Insight on the News, August 19, 1996 | by Susan Crabtree

A century ago it was common knowledge that an enemy only had to locate the water hole of its adversary's horses to incapacitate an entire army with a single vial of poison. Now, the multidimensional infrastructure of the United States is similarly vulnerable to attacks that can travel through wires and cables and into the most vital U.S. computer networks.

The information revolution has fathered a dangerous child. Known as cyberterrorism or informational warfare, this new type of strategic attack might come from any whiz kid or foreign national with access to the Internet, someone who is knowledgeable about the operation of intricate computer systems and has a little ingenuity "This is a cheap communications-intelligence tool that can by employed by small groups, but that used to be in the hands only of the superpowers -- the KGB and the U.S. intelligence operations," says Frank Cillufo, a senior analyst at the Center for Strategic and International Studies in Washington.

The threat has been a concern since before Ronald Reagan's first term in the White House but only recently has prompted serious action. On July 15, amid the fury over the Filegate and "Big Brother" computer scandals, President Clinton issued an executive order calling for creation of a Commission on Critical Infrastructure Protection to prepare to defeat this new type of aggression. The FBI will lead a rapid-response task force to prevent and respond to "terrorist" attacks on US. computers and communications.

Virtually every element of the infrastructure is susceptible. Clinton identified threats to the defense and the economic security of the United States including telecommunications, electrical-power systems, gas and oil storage and transportation, banking and finance, all elements of common-carrier transportation, water-supply systems and emergency services including medical, police, fire and rescue. Cyber experts include more specific targets such as Wall Street trading floors, air-traffic-control computers, power grids and defense systems.

The creation of the commission follows increased tensions about terrorist aggressions and the number of hackers both foreign and domestic who are tapping into sensitive military and civil systems. A recent GAO report found that more than 250,000 intrusions were made into the Pentagon's systems of "highly sensitive unclassified information" via the global computer network, but only one in 150 was actually detected.

Although the United States has not experienced a coordinated assault, cyber threats have occurred in isolated cases. In January, a Russian national pleaded guilty to his role in a scheme to penetrate computers at Citibank's London branch and divert more than $2.8 million to bank accounts in three other countries. And wide suspicion exists that computer tampering is afflicting a number of companies that are remaining mum to save their reputations. Experts on computer security predict that corporations worldwide -- especially banks and hospitals -- lost more than $800 million last year due to computer trespasses.

Ironically, the Internet, created in part to guarantee the security of the U.S. infrastructure in the face of nuclear threat from the Soviet Union, has opened a new front for information warfare. One of the most unsettling problems is that an attack can originate from anywhere in the world with very little chance for detection. Even if the government is capable of monitoring, identifying and responding to a hacking incident, it cannot determine who is on the other side of the computer screen -- whether the perpetrator is a teenager or a foreign intelligence service.

A bipartisan group of members of Congress believes that encryption, an elaborate high-tech scrambling system used to keep files confidential, is part of the solution. Sen. Patrick Leahy, a Democrat from Vermont, sponsored a bill to eliminate the export restrictions on encryption software.

The Clinton administration and law-enforcement agencies led by the FBI oppose the unlimited export of encryption software. Instead, they advocate a system that will give the federal government the key to any encrypted computer system after the government secures a court order, a process similar to obtaining a wiretap. The Internet "was never intended to be a place without police officers," FBI Director Louis Freeh testified before a Senate Commerce subcommittee, which was the first congressional hearing broadcast live over the Internet. "We need cops there, as we do elsewhere, to protect people and guard their rights -- both privacy and public-safety rights "

Although encryption can provide confidentiality for information such as credit cards and industrial secrets, Cillulo warns that it is not a panacea. Encryption, he says, does absolutely nothing in terms of attacks intended to disable an entire system, such as computer viruses and logic bombs.

As with conventional terrorism, there is no foolproof guard against the on-line variety. Cilluto is encouraged by the creation of the commission and believes the federal government must employ all possible safeguards. "The cat is out of the bag, regardless," Cillufo says. "But we need to be very careful about wittingly supplying adversaries with encryption we cannot crack."