The threat
In March 1999 at a Senate Armed Services Committee hearing on terrorism, then-deputy defense secretary John Hamre stated that an "electronic Pearl Harbor" was a credible threat to the country. It wasn't military defenses Hamre was worried about, but the infrastructure that keeps the country running. "This Pearl Harbor's going to be different," Hamre told the committee. "It's not going to be against Navy ships... it's going to be against commercial infrastructure, and we don't control that."
In other words, our country's biggest weakness is its ever- expanding globally linked business networks, which don't belong to the military. They belong mostly to publicly traded companies whose primary goal is profit, not national security. While executives preach the benefits of these networks in corporate boardrooms everywhere, the downside is that anybody with a computer and an Internet connection from Saskatoon to Ulan Bator is armed for battle. You don't need to train and arm an airborne division to cause havoc in the United States. You can spend a lot less money training 20 technologists.
"Increasingly, government agencies are relying on the public infrastructure," admits Scott Charney, who left his job as chief of the computer crime and intellectual property section of the Justice Department in 1999 and is now a partner at PricewaterhouseCoopers, consulting with companies on shoring up their defenses. "Companies like AOL, UUNetâ€"-companies that provide communications infrastructure and other public infrastructuresâ€"-are targets," he says. "ATM networks are at risk. An enemy might attack our power grid. As a practical matter this is not easy to do, but I can envision scenarios where it could work."
As a measure of how vulnerable the public networks are, according to the Center for Strategic and International Studies, most of the world's 250 largest companies have already been hit by some sort of cyberattack, usually multiple attacks. A 1999 study by PricewaterhouseCoopers and the American Society for Industrial Security reports that the 1,000 largest companies in the country have sustained losses of US$45 billion from theft of company secrets, in part due to holes in their networks.
It was in 1997 that the government first began to understand what kind of attack scenarios would be most damaging to the private sector. That June a team from the National Security Agency (NSA)participating in a war game called Eligible Receiver discovered they could shut down the nation's power grid and disrupt 911 calling centres nationwide with tools gleaned off the Internet.
Lieutenant-General Ken Minihan of the NSA told a Senate committee that Eligible Receiver was just the beginning. "A sophisticated adversary could develop and use more advanced tools and dedicate greater resources and time to support his campaign," he warned. "In short, our adversaries will have opportunities and advantages that were not available to Eligible Receiver."
Even less-skilled adversaries proved troublesome. In 1996 a teenage hacker broke into the air traffic control system at the Worcester, Massachusetts, airport, and a Swedish hacker tied up 911 lines in 11 Florida counties for two weeks.
By 1999 an investigation code-named Moonlight Maze (which continues today under a secret name) revealed wholesale mapping and looting of US government and private computer networks. The Pentagon's public computer network was thoroughly excavated, as was the Space and Naval Warfare Systems Command's network. NASA also came under intense attacks, spurring the space agency's inspector general to tell reporters that the breaches were "massive, really very massive."
Meanwhile, the Washington Times reported that the NSA traced an attack at Los Alamos National Laboratory to a research institute in Beijing. The hackers reportedly retrieved hundreds of documents related to nuclear weapons production.
And on it goes. Robert West, a Navy captain and special assistant to the commander of the Joint Task Forceâ€"Computer Network Operations, admits that the Pentagon's public sites are scanned and surveyed every day. "They're being sucked dry by people with Chinese IP addresses. Is it state sponsored? You can't tell," he says.
Starting last October and into January Microsoft fell under repeated and well-organised attacks thought to be based in Russia. Microsoft officials declined to comment, but it is believed that a large-scale mapping of the software giant's networks was under way. "They're having the guts sucked out of them either by Russian intelligence or Russian organised crime," says a former high-level military official. If enemies can disable the software that runs most of the computers in the United States, then they're halfway to shutting down most of the nation's computer networks. "In the military we call it preparing the battlefield," says Arquilla of the Naval Postgraduate School.
The Microsoft attacks also beg the question: If Microsoft can be infiltrated, who can't be?
