Forwarded From: William Knowles <erehwonat_private> LONDON (June 7, 1998 2:26 p.m. EDT http://www.nando.net) You jolt awake, trembling, in the middle of the night with that recurring nightmare. The bad guys have penetrated the Pentagon's computers. They now control the instructions for the U.S. nuclear arsenal and are holding the Western world to ransom. Unless their demands are met within 24 hours, destruction will rain down on Washington, New York, Paris and London. Is this just the fevered imagination of juvenile Hollywood script writers? Or are defence planners justified in seeking to spend huge sums to combat a compelling danger? According to experts interviewed by Reuters, you can relax. The threat is more Hollywood than hard fact. Some experts say that companies trying to sell the latest security software are exploiting these fears. Governments seek power over Internet commerce Others say that governments, worried by the prospect of falling tax revenues as more business is transacted across the Internet, are happy to play along with this too. If the terrorism fear can be played up, governments would have an excuse to grab more power to pry into and regulate Internet commerce. Movies like "Sneakers," where a hacker played by Robert Redford steals a code-cracking device that can break into any computer in the world, have softened up audiences to the notion that a serious danger exists. Some defence planners and parts of the media have jumped on the bandwagon suggesting that the United States and the West needs to protect itself from the potentially devastating peril posed by cyber warfare. This assumes that terrorists or rogue states can, in theory, relatively cheaply crank up a computer-based campaign against superpowers and win, using cyber warfare. Cyber terrorism a theoretical danger "Theoretical. That's the right word," said Peter Sommer, senior research fellow at the London School of Economics. Penetrating and manipulating networks poses awesome problems, according to Sommer. "To hit a major network you need to know how it works, what back-up there is, you need a great deal of information," Sommer said. "You would need to infiltrate someone into the organisation. They would need to know how to write code and introduce it onto the system. I'm not saying it cannot be done, but for quick effect it may be better just to place a bomb." Dr Andrew Rathmell, of the International Centre for Security Analysis at King's College, London, said military sites present a tough target for terrorists. But so-called information warfare techniques could in theory inflict great damage on civilian infrastructures such as power grids, rail and air transport, as well as telecommunications. Rathmell said financial systems were well protected but because of increasing interdependency, the knock-on effect of damage to infrastructure was difficult to predict. "Infrastructure attacks could have an effect like strategic bombing. You no longer need to go through armed forces to attack civilians. You can go in under the wire," Rathmell said. Terrorists face formidable technical barriers "But what can they really do? It's all pretty improbable. Key systems to launch nuclear weapons, key communications in the White House are pretty well hardened and protected. Only a really switched on secret service could penetrate that," Rathmell said. Dr Ross Anderson, of Cambridge University's computer laboratory, also doubts the power of this threat, despite President Bill Clinton's call to arms against cyber terrorism made on May 22. Clinton called for safeguards to shield U.S. infrastructure and computer systems. "We must protect our people from danger and keep America safe and free. Our vulnerability, particularly to cyber attacks, is real and growing," Clinton said. Anderson doesn't buy this argument. "Information warfare seems to be a marketing exercise rather than anything else. It's the computer security community trying to increase sales to the (U.S.) federal government," he said. Anderson pointed to a recent, foiled Irish Republican Army plot in Britain to blow up power stations around London. "That would have caused devastating damage - with dynamite, rather than messing around with computers," Anderson added. He believes that government plans to seek "mandatory key escrow" in the name of protection against computer crime was a sneaky way of imposing control over citizens' privacy. "Mandatory key escrow" means that citizens protecting their electronic business with encrypted computer code would have to provide government regulators with keys to that code. "Governments are trying to get control over electronic commerce," Anderson said. Teenage hackers persistent, lucky What of perennial stories in newspapers that another 16-year-old has hacked into Pentagon computers? The LSE's Sommer dismisses this danger. The incidents happened only to insecure networks on old computers. "You must remember that the U...S. military has over two million computers which are mostly insignificant. Most secure systems are isolated," Sommer said. "These big hacker cases; sixteen year olds could get in, not because they were clever but persistent and basic standards of security were very poor indeed. "Lots of money will be spent on curing this problem and nearly all of it will be wasted on sexy sounding projects. What you really need is auditors to check systems," Sommer said. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:28 PDT