It's Time to Take Steps to Foil a Cyber Pearl Harbor

James P. Pinkerton. James P. Pinkerton's e-mail address is pinkerto@ix.netcom.com.

GLOUCESTER CITY, N.J.-"We are here to talk about preventing an electronic Pearl Harbor." Those ringing words may seem out of place, coming as they do from a politician in a suit and tie as he stands inside a windowless electric power switching station some 8,000 miles east of Hawaii. But that's the point that Rep. Rob Andrews (D- N.J.) is trying to make: The next big attack on the United States could hit anywhere, even the South Jersey suburbs of Philadelphia.

Indeed, it's quite possible that the attackers could be Americans, and that their weapon of choice could be a computer. In March, 1997, for example, a Massachusetts teenager hacked into a telephone company computer system and knocked out telecommunications for the western part of the state. For six hours, air traffic controllers at the Worcester airport relied on cell phones and battery-powered radios to direct planes to safety.

In February, 1998, two California teens, working with a third hacker in Israel, broke into a Pentagon computer that was managing U.S. troop deployments to the Persian Gulf. The attack was so effective that the Defense Department initially told President Bill Clinton that Iraq was the likely culprit.

Fortunately, the truth was revealed before the episode escalated into an international incident.

The U.S. government has long known it has a cyber-security problem. Three years ago, the National Security Agency hired 35 hackers to simulate attacks on the domestic information infrastructure.

The hackers gained "root access"-the highest degree of penetration-to 36 of the government's 40,000 networks. If the attacks had been real, the hacks would have caused power outages in New York, Los Angeles, Chicago and Washington. In addition, they would have wrecked communications with all U.S. Navy ships in the Pacific.

Since then, Uncle Sam has quietly spent billions to upgrade computer security, which is a good thing, since the military alone detects some 60 to 80 hack attacks a day.

Andrews, a member of the House Armed Serv- ices Committee, applauds these efforts, but points to a looming paradox: As the government "hardens" its national security networks, hackers and terrorists might aim their mayhem toward "soft" civilian targets.

And so Andrews plans to introduce a bill, the Cyberterrorism Prevention Act of 2000, in Congress today. His legislation, which expands upon earlier Clinton administration proposals, has two main components.

First, he would provide modest financial incentives, such as loan guarantees, to help critical infrastructure businesses to improve their security. He suggests a public-private partnership similar to the successful effort that forestalled any "Y2K" catastrophes.

"You can't ask the private sector to bear the full cost of providing public goods," Andrews explains in an interview. "You don't make United Airlines pay for the whole U.S. Air Force." But doesn't such a program risk becoming a boondoggle? "I'd rather risk the creation of a bureaucracy in return for creating a mechanism to keep the country safe," he answers.

Second, Andrews would allow the Defense Department to immediately investigate cyber attacks against itself; current law requires the Justice Department to determine that an attack has come from outside the United States before the Pentagon's security services can get involved.

But, as Andrews observes, "Computer crime is instantaneous ... it ignores both distance and borders." Indeed, a Hacker Internationale of sorts already exists; that 1998 attack on Persian Gulf troop deployments began in California, but it was simultaneously assisted by a citizen of another country.

What's the best way to deal with such transnational crime? As soon as possible, with every resource possible, says Andrews.

Of course, any suggestion of bringing America's national security apparatus to bear on the home front is guaranteed to provoke hostility, from both the antigovernment right and the civil-libertarian left. "I want to keep the Fourth Amendment inviolable," Andrews insists. Even so, opposing groups are unlikely simply to take him at his word.

But the greatest threat to the Andrews bill is apathy. History suggests that countries do little to prepare themselves for theoretical dangers; only actual threats wake people up.

In 1941, it took a full-fledged disaster at Pearl Harbor to mobilize Americans.

Six decades later, the country is even more at ease. Andrews has volunteered for guard duty atop the cyber security watchtower of the nation; he will soon learn if people back home are listening

http://www.newsday.com/mainnews/pinkerto.htm

-- Martin Thompson (mthom1927@aol.com), May 03, 2000

Answers

This is the way the next big war figures to unfold, especially with the resourceful Chinese pulling the trigger. They hate us with a purple passion, have already taken all the proper steps to take over the Panama Canal, and probably have an agent at the very top of our government, in the White House, the president himself.

-- Wellesley (wellesley@freeport.com), May 04, 2000.

The U. S. government (and industry) are developing strategic systems using bodyshops that employ foreign programmers who are very low-paid and kept in a state of indentured servitude (H1B visas). This is a dangerous situation.

20 years ago you could not work on these projects unless you were a U. S. citizen with security clearance.

-- K (infosurf@yahoo.com), May 04, 2000.