From: InfoSec News (isnC4I.ORG)
Date: Wed Apr 11 2001 - 10:43:37 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.infosecuritymag.com/articles/april01/columns_security_persp.shtml

April 2001

A cyber Pearl Harbor is not a question of if, but when.

BY NEWT GINGRICH

After three years of studying the United States' security needs in the
coming quarter century, the Commission on National Security/21st
Century reached some alarming conclusions--particularly in regard to
the Internet-borne weapons and attacks of mass disruption.

The 14-member bipartisan commission, chartered by former President
Clinton and myself, unanimously agreed that the United States faces
new and serious cyber-space-based threats. Our adversaries are
becoming more sophisticated in developing new methods for disrupting
our normal progression--socially and economically. From breaking down
communications systems to initiating electrical blackouts to
infiltrating and disrupting our financial systems, there are a number
of major disruptions that could unravel our economy, diminish our
quality of life and generally destabilize the nation.

In some cases, such as an attack on the national air traffic control
systems, these disruptions could result in widespread damage to
property and infrastructure, and serious loss of life. Imagine the
chaos if a terrorist group hijacked the communications channels
between O'Hare International Airport and the planes flying in the busy
Midwest corridor. Airline safety could be seriously compromised if air
traffic computers were hijacked by by cyberterrorists.

Our commission concluded that the threat of cyberattacks is compounded
by the relative ease of hacking. By comparison, developing nuclear
weapons is a massively complex and expensive undertaking that few
nations can afford. A similarly significant investment is required for
the development of chemical and biological weapons. Conversely, one
relatively smart hacker can cause a major economic disruption,
potentially bringing some nations and markets to their knees. Look at
the damage caused by the "Love Bug" virus creator--he caused billions
of dollars in lost productivity and recovery costs by unleashing a
single piece of malicious code.

The reality of small efforts leading to enormous consequences creates
a new and previously inconceivable national defense problem. The
threats now facing the United States are much broader in scope than we
have ever faced in our history.

A lone fanatic, a criminal organization, a small terrorist group, a
state-sponsored terrorist group or an aggressive foreign adversary
could manipulate world markets or engage in high-tech blackmail. The
diverse nature of these threats makes our traditional means of
deterrence and response unworkable.

Deterrence works if there's an identifiable person, group or country
that can be retaliated against for illegal and unacceptable behavior.
However, if the opponent is a terrorist, a state-sponsored group, a
criminal element or a lone individual, then conventional legal
prosecutions, diplomatic sanctions, economic embargoes and military
strikes are not entirely effective.

Additionally, there's a real danger that a powerful nation will
believe it can create the cyberspace equivalent of a Pearl Harbor
sneak attack. It's conceivable in the next 25 years that a
sophisticated adversary (such as a small country with cyberwarfare
resources) will decide that it can blackmail the United States into
accepting its demands by paralyzing our communications and financial
systems.

This is not science fiction. This is the natural consequence of the
emerging technologies that have been, to date, making our lives and
nation better. Our slowness in recognizing and responding to these
security threats comes from three basic realities.

1. Preoccupation with conventional military threats. Our national
defense systems are more focused on weapons of mass destruction than
on intangible means of mass disruption. Our military officer corps
isn't as sensitive to the threats emerging in cyberspace as it is to
geopolitical tensions between nation states. The amount of energy and
manpower being directed toward this problem is far less than that
devoted to artillery, airpower, tanks or a dozen other traditional
military priorities.

2. High-tech myopia. Those who know the most about the opportunities
and challenges of cyberspace are unlikely to spend a lot of time
worrying about national security. These people are so busy thinking
about new technologies, business opportunities and jobs that they
simply don't think about the potential perils they're creating.
Silicon Valley and its comparable centers of intellectual capital
around the country are areas in which national defense has had a
relatively small role.

Part of the problem might be that the high-tech generation has no
frame of reference for any serious threat to national security or
sovereignty. The World War II generation, now twice removed from the
present baby faces of corporate America, was confronted by Nazi
Germany and Imperial Japan. Their children fought in Korea and
Vietnam, in surrogate Cold War conflicts with the former Soviet Union
and its satellite communist states. Both of these generations knew the
world was a far more dangerous place than the idyllic world painted by
Norman Rockwell.

Yet, for those who came of age in the late 1980s, the world seems safe
and benign. The Soviet Union is gone. The United States stands alone
as the world's only superpower. In this climate, it's very difficult
to convince the best technology experts to divert their time and
effort away from making money and advancing technologically to focus
on what seem to them to be obscure and theoretical national security
issues.

3. Lack of public-private cooperation. The government cannot solve
this problem in the way it met the challenge of World War II and the
Cold War.

In those crises, the federal government was the center of science and
innovation (partially a byproduct of the military-industrial complex).
The ability of bureaucracies to amass and organize resources created
opportunities to counter the challenges presented by our adversaries.
The potential crises of cyberspace-based attacks require
entrepreneurial energy and creativity that overwhelmingly reside in
the private sector. We, as a nation, need an entirely new
public-private partnership to meet the challenges of cybersecurity.

We have never seen a cyberattack of national proportions resulting in
mass disruption of our society and our lives, but such a scenario is
not unprecedented. As early as 1904, British physicists theorized that
nuclear weapons were scientifically plausible. In 1938 Germany, Otto
Hahn and Fritz Strassman proved experimentally that nuclear fission
was possible. By 1941, Albert Einstein, the most famous scientist of
his day, wrote President Roosevelt to warn him that Germany might
build an atomic bomb--and it would be wise if the United States tried
to build one first.

Imagine a world in which Nazi Germany or Stalin's Soviet Union was
first to harness the destructive power of the atom. Imagine a world in
which freely elected leaders had less imagination and a greater
reluctance to gamble on untested technology than their tyrannical
adversaries. The result would have been horrible, and possibly fatal,
to our freedom and way of life.

We owe it to our children and grandchildren, as well as our
forefathers, to take information security seriously. We need to
undertake the effort to make cyberspace more secure for our people,
economy and our national interests. That is our duty, for our
generation and our posterity, as we continue to evolve in the digital
age.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]