Designing Digital Defenses

By Linda D. Kozaryn American Forces Press Service 09 July 1998 BRUSSELS, Belgium -- Defense experts are gearing up to face a new danger threatening America and its allies -- cyberattacks. The advent of the computer-based Information Age has opened the door to unconventional attacks since almost every aspect of modern life has become increasingly dependent on computers. Telecommunications, government operations, banking and finance, transportation, air traffic control, water supply systems, medical, police, fire and rescue -- all are vulnerable to attack. By the year 2000, experts predict 1 million networks will be connected to the Internet. About 350 million computers will have e-mail access. Nearly 20 trillion bits of data are now transmitted monthly, and this figure is doubling annually. All it might take to disrupt the nation's power grids and other critical infrastructure are a home computer, a telephone line, digital dexterity and a double dose of moxie. Right now, computer hackers are poking and prodding, trying to gain unauthorized access to national and private systems. Recently, for example, two computer-wise California teen-agers succeeded in breaching an unclassified Pentagon defense network. Security experts believe critical systems could well become the targets of more than inquisitive children. Terrorists, criminals, disgruntled employees and even rogue states could launch much more serious cyberattacks. Rather than confront the United States or its allies on the battlefield, future foes may attack nations' infrastructures. DoD alone has about 2.1 million computers, 10,000 local area networks and more than 100 long-distance networks. "There are no borders in cyberspace," Deputy Defense Secretary John Hamre declared at a NATO conference in Vienna in June. "It is absolutely imperative that we prepare now to protect these systems." Last year, DoD conducted Eligible Receiver, an exercise to determine U.S. vulnerability to computer attacks, Hamre told about 250 NATO and Partnership for Peace members attending the 15th NATO Workshop. "We selected a small group of employees -- 35 individuals," Hamre explained. "We gave them funds to buy computers from local stores. They were only allowed to use off-the-shelf software or software they could download from the Internet. They were given three months to find out if they could disrupt the infrastructure of the United States." The results were startling, Hamre said. "We didn't let them take down the power system of the United States, but they could have done it." Defense officials learned it only requires modest know-how to seriously disrupt vital services like power distribution and telecommunications, he said. "A small handful of capable computer specialists -- a capability well within the reach of even moderately developed countries -- using off-the-shelf technology and equipment can now wage war against the largest country in the world," he said. Hence, the United States is taking steps to protect its infrastructure. A presidential mandate calls for a plan to implement information assurance measures. It includes creating lead agencies to coordinate with private companies, and setting up a new national infrastructure protection center. The plan designates a coordinator for infrastructure protection on the National Security Council. Government officials are also setting up a national warning and analysis center and increasing funding for information assurance fivefold, Hamre said. "This is a pressing problem because you can't solve it by yourself," Hamre said. "The Defense Department cannot solve this problem because we don't own the systems that are likely to be attacked. We have to develop partnerships with the private sector to get them to fix this problem." Cooperation among NATO allies and partners is also vitally important, he said. "With this increasingly 'Interneted' world, we cannot accept vulnerabilities in our allies," he said. "The weakest link in the chain becomes the broken chain for us all." ##END##