[ISN] Infowar, More Hype Than Reality?

From: mea culpa (jerichoat_private)
Date: Sun Jun 07 1998 - 15:16:45 PDT

  • Next message: mea culpa: "Re: [ISN] Infowar, More Hype Than Reality?"

    Forwarded From: William Knowles <erehwonat_private>
    LONDON (June 7, 1998 2:26 p.m. EDT http://www.nando.net) 
    You jolt awake, trembling, in the middle of the night with that 
    recurring nightmare. The bad guys have penetrated the Pentagon's 
    computers. They now control the instructions for the U.S. nuclear 
    arsenal and are holding the Western world to ransom.
    Unless their demands are met within 24 hours, destruction will 
    rain down on Washington, New York, Paris and London.
    Is this just the fevered imagination of juvenile Hollywood script
    writers? Or are defence planners justified in seeking to spend 
    huge sums to combat a compelling danger?
    According to experts interviewed by Reuters, you can relax.
    The threat is more Hollywood than hard fact.
    Some experts say that companies trying to sell the latest security
    software are exploiting these fears.
    Governments seek power over Internet commerce
    Others say that governments, worried by the prospect of falling 
    tax revenues as more business is transacted across the Internet, 
    are happy to play along with this too. If the terrorism fear can 
    be played up, governments would have an excuse to grab more power 
    to pry into and regulate Internet commerce.
    Movies like "Sneakers," where a hacker played by Robert Redford 
    steals a code-cracking device that can break into any computer in 
    the world, have softened up audiences to the notion that a serious 
    danger exists.
    Some defence planners and parts of the media have jumped on the
    bandwagon suggesting that the United States and the West needs to
    protect itself from the potentially devastating peril posed by 
    cyber warfare.
    This assumes that terrorists or rogue states can, in theory,
    relatively cheaply crank up a computer-based campaign against
    superpowers and win, using cyber warfare.
    Cyber terrorism a theoretical danger
    "Theoretical. That's the right word," said Peter Sommer, senior
    research fellow at the London School of Economics.
    Penetrating and manipulating networks poses awesome problems,
    according to Sommer.
    "To hit a major network you need to know how it works, what back-up
    there is, you need a great deal of information," Sommer said.
    "You would need to infiltrate someone into the organisation.
    They would need to know how to write code and introduce it onto 
    the system. I'm not saying it cannot be done, but for quick effect 
    it may be better just to place a bomb."
    Dr Andrew Rathmell, of the International Centre for Security 
    Analysis at King's College, London, said military sites present 
    a tough target for terrorists. But so-called information warfare 
    techniques could in theory inflict great damage on civilian 
    infrastructures such as power grids, rail and air transport, 
    as well as telecommunications.
    Rathmell said financial systems were well protected but because 
    of increasing interdependency, the knock-on effect of damage to
    infrastructure was difficult to predict.
    "Infrastructure attacks could have an effect like strategic 
    bombing. You no longer need to go through armed forces to attack 
    civilians. You can go in under the wire," Rathmell said.
    Terrorists face formidable technical barriers
    "But what can they really do? It's all pretty improbable. Key 
    systems to launch nuclear weapons, key communications in the 
    White House are pretty well hardened and protected. Only a 
    really switched on secret service could penetrate that," 
    Rathmell said.
    Dr Ross Anderson, of Cambridge University's computer laboratory, 
    also doubts the power of this threat, despite President Bill 
    Clinton's call to arms against cyber terrorism made on May 22.
    Clinton called for safeguards to shield U.S. infrastructure and
    computer systems.
    "We must protect our people from danger and keep America safe 
    and free. Our vulnerability, particularly to cyber attacks, is 
    real and growing," Clinton said.
    Anderson doesn't buy this argument.
    "Information warfare seems to be a marketing exercise rather 
    than anything else. It's the computer security community trying 
    to increase sales to the (U.S.) federal government," he said.
    Anderson pointed to a recent, foiled Irish Republican Army plot 
    in Britain to blow up power stations around London.
    "That would have caused devastating damage - with dynamite, rather
    than messing around with computers," Anderson added.
    He believes that government plans to seek "mandatory key escrow" 
    in the name of protection against computer crime was a sneaky way 
    of imposing control over citizens' privacy.
    "Mandatory key escrow" means that citizens protecting their 
    electronic business with encrypted computer code would have to 
    provide government regulators with keys to that code.
    "Governments are trying to get control over electronic commerce,"
    Anderson said.
    Teenage hackers persistent, lucky
    What of perennial stories in newspapers that another 16-year-old 
    has hacked into Pentagon computers?
    The LSE's Sommer dismisses this danger. The incidents happened 
    only to insecure networks on old computers.
    "You must remember that the U...S. military has over two million
    computers which are mostly insignificant. Most secure systems 
    are isolated," Sommer said.
    "These big hacker cases; sixteen year olds could get in, not 
    because they were clever but persistent and basic standards of 
    security were very poor indeed.
    "Lots of money will be spent on curing this problem and nearly 
    all of it will be wasted on sexy sounding projects. What you 
    really need is auditors to check systems," Sommer said.
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:28 PDT