Forwarded by: Dan Verton <Dan_Vertonat_private> In the interest of self-preservation, I'll refrain from commenting on another journalist's work. However, I agree that there is a significant amount of garbage out there. The world according to Verton: (Taken from an opinion piece available on my Web site at http://www.geocities.com/intel0202/Cyber_Security_Journal.html ) Internet Age Analogies Gone Mad By Dan Verton Date: Feb. 2001 I like to think that I'm one of the more sophisticated and cautious vagabonds of the information superhighway. I don't open email attachments sent from strangers. I change my passwords often. I avoid the Web's seedy back alleys. I even use anti-virus software. Still, I cannot help but feel doomed. After all, none of this can save me from the thousands of cyberterrorists who are preparing to wage a cyber war against the U.S. Many of you probably find this fear I have funny. But just read the newspapers or go to a congressional hearing on Capitol Hill and soon you too will be scared. Cyberterrorists are hard at work preparing to strike at the heartland of America with digital bombs filled with deadly ones and zeros, the experts warn. The coming cyber Armageddon is not the work of a great fiction writer or a Star Wars-like screenplay, it is real and the evidence, say the experts, has been staring us in the face for years. The transference of all worldly things and concepts to cyberspace (whatever that is) is undoubtedly the chic thing to do today. Just look at the skyrocketing market for online sex and you can get a sense of how out of control this trend has become. But the recent move to transfer the traditional world of terrorism (i.e. the hooded villains, the crashed planes, the burning cars and buildings, and the bleeding children) to the virtual world is particularly troubling and, at times, has been quite amusing. Consider, for example, the language used by various government officials over the years to characterize the threat of a cyber attack on the nation's computer networks. In 1998, Air Force Lt. General Kenneth Minihan, then the director of the National Security Agency, told a Senate committee that there were so many cyber attacks taking place against Pentagon computers that "peace really does not exist in the Information Age." The Internet, it seemed, had turned the world into one big virtual war zone. By 1999 the Pentagon had established a special task force for computer network defense. I attended the ribbon cutting ceremony, during which former Deputy Secretary of Defense John Hamre referred to the potential for an 'electronic Pearl Harbor' and said that the military men and women of the task force had actually 'been at war for the last six months.' This was not the first time the electronic Pearl Harbor analogy had been used, but the notion of being 'at war' with computers was very much up to Minihan standards, I thought. Hamre had learned well. During his tenure at the Pentagon, Hamre, who now heads the Center for Strategic and International Studies, a Washington, D.C.-based think tank that recently called Microsoft Corp.'s operating system software a threat to national security, became the poster child for the government's fear-based campaign for more money to bolster computer security. The problem of computer security was real enough, but it was Hamre's tendency to digress from prepared remarks during speeches and take the issue to new levels of paranoia that made him a popular figure throughout Washington D.C.'s new digital press corps. One observer even started a "Hamre Watch" Web page to keep tabs on his public pronouncements of pending doom. However, the use of the Pearl Harbor analogy is astonishing in its boldness and callousness for the veterans who lost their lives on that December day in 1941. Consider, for example, what Pearl Harbor actually looked like when the Japanese attack had ended: More than 2,300 sailors, including more than 1,100 aboard the battleship U.S.S. Arizona alone, were dead from explosions, fires and drowning; 100 Navy ships were either severely damaged or sunk; and at least 18 Army Air Corps fighters and bombers were damaged or destroyed on the ground. With this picture in mind, I ask, is there really such a thing as a cyber war or cyber attack? If there is, then maybe the Pentagon should start issuing campaign ribbons for all of its 'cyber warriors' to wear on their uniforms. It could be designed in the shape of a computer keyboard and a little silver mouse can be added in place of the Silver Star currently issued for valor. If war is possible in cyberspace, then I assume that the current cadre of cyber warriors will be awarded accordingly for what are sure to be many instances of deadly mouse-to-mouse combat. To be fair, Hamre is not the only official who has dabbled in hyperbole. Rand Corp., for example, issued a study in 1999 that warned of new type of war called "netwar". In that study, Rand warned the world about ?new kinds of actors, such as anarchistic and nihilistic leagues of computer-hacking 'cyboteurs'." And how can I forget John Tritak, the director of the Commerce Department's Critical Infrastructure Assurance Office. On more than one occasion he has entertained me with warnings of an "electronic Exxon Valdez". I've interviewed Tritak many times and have a great amount of respect for what he does. Still, I'm looking forward to the time when he takes this analogy to the next level. Maybe it will be something like mass electronic hallucination or digital diarrhea. The more sophisticated view of national cyber security, however, accepts the possibility of a large-scale, surprise cyber hiccup, but rejects the notion of planes falling out of the sky, nationwide train derailments or environmental disasters at the click of a mouse. Sophisticated observers also accept the threat of massive Internet-based bank fraud and the impact such incidents could have on the stock market. But they reject the notion that terrorists have all of a sudden come to value virtual bombs as opposed to the fear generated by images of bleeding children on the nightly news. Last year, I asked Dick Clarke, the national coordinator for security, infrastructure protection and counterterrorism at the National Security Council, if the cyber-terrorist analogy had gone too far. With little or no evidence that the Osama bin Ladens of the world value the end result of cyber attacks (they do, however, value the command, control and secure communications that computer technology offers), isn't it a little far-fetched to use the term "cyber-terrorist"? I asked. "Maybe we shouldn't be saying 'cyberterrorism.' Maybe we should be saying 'information warfare,'" he said. Notwithstanding the information warfare remark, I took what I could get and chalked one up for the rational and reasonable among us. Some would say that it is only the younger generation that worries about such things as cyber terrorists and information warfare. Maybe they're right. My mother certainly doesn't worry about being caught in a hail of ones and zeros shooting out from a digital bomb as it explodes on the bus that takes her downtown to go shopping. Terrorism, as we in the U.S. have come to know it, is a form of violence that strikes fear in the hearts and minds of people because of its destructive power and its ability to wreak havoc and physical pain on unsuspecting, innocent people. Few people will ever forget the horrific scenes from Lockerbie, Scotland, where in 1988 a bomb ripped apart Pan Am Flight 103 in mid air, killing all 270 passengers. Likewise, the 1983 bombing of the U.S. Marine barracks in Beirut, Lebanon, that killed 241 Marines and Sailors, and more than 100 others, serves as a timeless reminder of what the destructive forces of terrorism are all about. The same can be said of the 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma, which killed 168 and wounded more than 500. However, the cyberterrorism image and its ugly cousins information warfare, electronic Pearl Harbor and electronic Exxon Valdez, are probably here to stay. We have the media to thank for that. You see, cyber wars and virtual terrorists make for great headlines. Consider, for example, Business Week's 1998 headline "A Digital D-Day," Wired Magazine's 1999 story "China Fought Bombs with Spam," and even my own (yes I admit I've been guilty too) story last year in Computerworld "U.S. may face net-based holy war." Although something more serious than last year's denial of service attacks against eBay, Yahoo, CNN and other e-commerce Web sites will probably occur, I'm not ready to begin storing water, canned food and extra batteries in my basement just yet. ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Mon Jun 25 2001 - 03:38:38 PDT