15 December 1998
(Group calls for public-private cooperation in effort) (780) By Ralph Dannheisser USIA Congressional Correspondent Washington -- The advent of cyberterrorism and information warfare threaten to revolutionize the nature of conflict as much as anything in history, including the development of gunpowder and nuclear weapons, says the project director of a new study on the subject. And the resulting threat of potentially paralyzing damage to U.S. infrastructure is so grave that government and private industry must start working together swiftly and in earnest to develop defenses, Arnaud de Borchgrave said at a Capitol Hill news conference December 15. De Borchgrave, former editor of The Washington Times, directed the study for the Center for Strategic and International Studies (CSIS), a public policy research institution dedicated to analysis and policy impact. Appearing with him to unveil the resulting report -- "Cybercrime, Cyberterrorism, Cyberwarfare: Averting an Electronic Waterloo" -- were William Webster, former director of both the Federal Bureau of Investigation and the Central Intelligence Agency, who chaired the project, and Senator Charles Robb, a leading congressional proponent of steps to counter the cyberwarfare threat. De Borchgrave contended that some 30 foreign countries already have "attacked the United States electronically" in the form of conducting economic or military espionage. He declined to name any or to identify his sources, but said that "some (of the countries) are very close friends of ours." An assault by an outright enemy nation or terrorist group could be devastating, he said, making it urgent to "break down the barriers of distrust between the private sector and the public sector" that now interfere with addressing the problem. Robb agreed that a cooperative approach is vital, declaring that "the private sector cannot simply sit back and wait for the government to lead." The senator said he did not wish to be an alarmist, but hypothesized that enemies of this nation could find the start of the year 2000 to be an ideal time to wreak havoc on computer-controlled power, water and banking systems along with other key elements of U.S. infrastructure. That is because their actions could then be masked by the effects of the so-called Y2K problem -- the anomaly in information coding which, many fear, will cause extensive problems when computers geared to identify years by the last two digits are unable to recognize the double zero of the figure 2000. Many government agencies and private industry groups are working feverishly to preempt major problems from arising when 2000 arrives. Should a deliberate attack on the information structure be launched at that time, Robb said, "we would not know when it started, we would not know who was behind it, we would not know where it was coming from." He projected scenarios as grave as false information being intruded into U.S. munitions systems, causing them to "go into a launch mode." The study's authors find that "in today's electronic environment, many haters can become a Saddam Hussein and take on the world's most technologically vulnerable nation. "America's adversaries know that the country's real assets are in electronic storage," they write. "Virtual corporations, electronic transactions, and economies without inventories -- based on just-in-time deliveries -- will make attacks on data just as destructive as attacks on physical inventories. Bytes, not bullets, are the new ammo. Or, more dramatically, a combination of bytes, bullets and bombs." The CSIS report urges that, to combat cyberterrorism and cyberwarfare, the president must overhaul national security organizations and policies and end a situation in which policymakers are "responding to this 21st century threat with 20th century thinking." Such an overhaul should be based on a top-down review of the existing organizations assigned responsibilities for information warfare, information security, security policy, and cybercrime, the report recommends. The review would set national policy and guidance for the use of offensive information warfare, draft guidelines for acceptable and prohibited targets, and determine oversight procedures. The authors find that the traditional intelligence organization and process, developed during the Cold War, is poorly suited to information warfare threats. They recommend that the director of central intelligence designate a national intelligence officer who would deal specifically with offensive and defensive information warfare, providing a focal point in the intelligence community. In addition, the report calls for recruiting the specialized talent needed to analyze the arcane new threats, including "young computer virtuosos." Specific measures must also be devised to ensure the continuance of vital government services, primarily national defense and the rule of law, even under the stressful conditions of information warfare attack, the authors say.