Is America Losing the Cold War in Cyber-Space?

Less than a decade after the Berlin Wall came tumbling down, we are in the midst of a new Cold War. Unlike its predecessor, this Cold War doesn't revolve around bombs and missiles, it revolves around information. Its weapons of choice are electrons and its battlefield is the cyber-world.

Call it a "virtual Cold War" if you like, but its threats are tangible. Everyone, and I mean everyone, has a digital identity. Computers and databases are everywhere. The information superhighway is lined with warehouses that store our personal histories. Medical, financial and employment records hold the intimate details of our lives digitally.

While this information makes our lives more convenient, it makes us more vulnerable.

These ubiquitous information warehouses are vulnerable to theft, manipulation and destruction. Imagine the impact on your life if someone broke into your personal digital record and changed your pay account, altered your credit rating, tampered with your drug prescription history at the local pharmacy or publicized the last movie you watched at a hotel.

This sensitive data must be secured from digital highway bandits or, worse yet, computer terrorists. Yet, too few pay attention to computer security. Recent estimates suggest that security breeches are costing our nation billions of dollars in lost information, research and other intellectual properties. A survey by the Computer Security Institute and the FBI found that 520 of Fortune 1000 businesses reported digital theft losses of nearly $140 million in 1997-up 37 percent from 1996.

In this digital age, warfare is no longer limited to military versus military engagements. In the cyber-world, a digital enemy can bypass our military and take down what is near and dear to the United States. Destroying our critical national infrastructure such as automated power plants, stock markets and transportation systems could disable this nation without firing a shot.

As the point man for computer security at U.S. Strategic Command, which directs all United States strategic nuclear forces, I'm keenly aware of the stakes of warfare in the cyber-world. Each day, I see evidence that the United States is in a digital war with cyber bandits and terrorists who are intent on destroying our nation's computer systems. Not only are we faced with individuals who may attack our computer systems, but more than 30 nations have sponsored programs to disrupt information systems worldwide. Experience has taught me that there is no peace in the cyber-world.

The Department of Defense recently received a wake-up call when a few well-networked teenage hackers broke into several of our unclassified systems. The Deputy Secretary of Defense called these intrusions 'the most organized and systematic attack the Pentagon has seen to date." Obviously, DOD is very concerned about protecting its data from the new faceless warriors.

The tools we use to protect our systems against these bandits are expensive and complicated, while hackers often use tools that are free and simple to operate. For example, there is a tool on the Internet that can reveal any dictionary password in less than a minute. On the other hand, a protection device such as a digital firewall can cost nearly $100,000. Cyber-bandits also use the Internet as a global intelligence network to share hacking techniques and information about computer operating systems.

Keeping ahead of our cyber enemies must become a national priority. Our commitment to protect information-the lifeblood of our society-is a vital national interest. To help achieve this goal, I suggest the United States commit to a "Year of Cyber-Space Security." Such an initiative would range from teaching school children the consequences of giving out their Internet addresses to developing better means of safeguarding sensitive government and corporate information.

Thanks to ongoing efforts of industry and academia, we are armed with a quiver of defensive weapons to protect our systems. However, one critical arrow is still missing: This arrow represents the national awareness that were are, in fact, in the midst of a digital arms race that is unlikely to have a peaceful conclusion. Are we losing this war in cyber- space? Maybe, at this time I'm not certain. But I am certain that if we maintain the current level of complacency about computer security, 21^st Century cyber-warlords will "eat our lunch."

The Year of Cyber-Space Awareness is an idea whose time has arrived. We must step up to this challenge now or face an electronic Pearl Harbor that could sink a lot more than a few ships.


[Editor's Note: Gen Behler's article originally appeared in Federal Computer Week's MAY 25, 1998 issue.]