Re: [ISN] USA Today as DoD cyber-war propaganda mouthpiece

From: InfoSec News (isnat_private)
Date: Mon Jun 25 2001 - 02:43:00 PDT

  • Next message: InfoSec News: "[ISN] Bank confirms crackers break into website"

    Forwarded by: Dan Verton <Dan_Vertonat_private>
    
    In the interest of self-preservation, I'll refrain from commenting on
    another journalist's work. However, I agree that there is a
    significant amount of garbage out there.
    
    The world according to Verton:  (Taken from an opinion piece available 
    on my Web site at 
    http://www.geocities.com/intel0202/Cyber_Security_Journal.html )
    
    
    Internet Age Analogies Gone Mad
    By Dan Verton
    Date: Feb. 2001
    
    I like to think that I'm one of the more sophisticated and cautious
    vagabonds of the information superhighway. I don't open email
    attachments sent from strangers. I change my passwords often. I avoid
    the Web's seedy back alleys. I even use anti-virus software. Still, I
    cannot help but feel doomed. After all, none of this can save me from
    the thousands of cyberterrorists who are preparing to wage a cyber war
    against the U.S.
     
    Many of you probably find this fear I have funny. But just read the
    newspapers or go to a congressional hearing on Capitol Hill and soon
    you too will be scared. Cyberterrorists are hard at work preparing to
    strike at the heartland of America with digital bombs filled with
    deadly ones and zeros, the experts warn. The coming cyber Armageddon
    is not the work of a great fiction writer or a Star Wars-like
    screenplay, it is real and the evidence, say the experts, has been
    staring us in the face for years.
    
    The transference of all worldly things and concepts to cyberspace
    (whatever that is) is undoubtedly the chic thing to do today. Just
    look at the skyrocketing market for online sex and you can get a sense
    of how out of control this trend has become. But the recent move to
    transfer the traditional world of terrorism (i.e. the hooded villains,
    the crashed planes, the burning cars and buildings, and the bleeding
    children) to the virtual world is particularly troubling and, at
    times, has been quite amusing.
     
    Consider, for example, the language used by various government
    officials over the years to characterize the threat of a cyber attack
    on the nation's computer networks. In 1998, Air Force Lt. General
    Kenneth Minihan, then the director of the National Security Agency,
    told a Senate committee that there were so many cyber attacks taking
    place against Pentagon computers that "peace really does not exist in
    the Information Age." The Internet, it seemed, had turned the world
    into one big virtual war zone.
     
    By 1999 the Pentagon had established a special task force for computer
    network defense. I attended the ribbon cutting ceremony, during which
    former Deputy Secretary of Defense John Hamre referred to the
    potential for an 'electronic Pearl Harbor' and said that the military
    men and women of the task force had actually 'been at war for the last
    six months.' This was not the first time the electronic Pearl Harbor
    analogy had been used, but the notion of being 'at war' with computers
    was very much up to Minihan standards, I thought. Hamre had learned
    well.
     
    During his tenure at the Pentagon, Hamre, who now heads the Center for
    Strategic and International Studies, a Washington, D.C.-based think
    tank that recently called Microsoft Corp.'s operating system software
    a threat to national security, became the poster child for the
    government's fear-based campaign for more money to bolster computer
    security. The problem of computer security was real enough, but it was
    Hamre's tendency to digress from prepared remarks during speeches and
    take the issue to new levels of paranoia that made him a popular
    figure throughout Washington D.C.'s new digital press corps. One
    observer even started a "Hamre Watch" Web page to keep tabs on his
    public pronouncements of pending doom.
     
    However, the use of the Pearl Harbor analogy is astonishing in its
    boldness and callousness for the veterans who lost their lives on that
    December day in 1941. Consider, for example, what Pearl Harbor
    actually looked like when the Japanese attack had ended: More than
    2,300 sailors, including more than 1,100 aboard the battleship U.S.S.
    Arizona alone, were dead from explosions, fires and drowning; 100 Navy
    ships were either severely damaged or sunk; and at least 18 Army Air
    Corps fighters and bombers were damaged or destroyed on the ground.
    
    With this picture in mind, I ask, is there really such a thing as a
    cyber war or cyber attack? If there is, then maybe the Pentagon should
    start issuing campaign ribbons for all of its 'cyber warriors' to wear
    on their uniforms. It could be designed in the shape of a computer
    keyboard and a little silver mouse can be added in place of the Silver
    Star currently issued for valor. If war is possible in cyberspace,
    then I assume that the current cadre of cyber warriors will be awarded
    accordingly for what are sure to be many instances of deadly
    mouse-to-mouse combat.
     
    To be fair, Hamre is not the only official who has dabbled in
    hyperbole. Rand Corp., for example, issued a study in 1999 that warned
    of new type of war called "netwar". In that study, Rand warned the
    world about ?new kinds of actors, such as anarchistic and nihilistic
    leagues of computer-hacking 'cyboteurs'."
    
    And how can I forget John Tritak, the director of the Commerce
    Department's Critical Infrastructure Assurance Office. On more than
    one occasion he has entertained me with warnings of an "electronic
    Exxon Valdez". I've interviewed Tritak many times and have a great
    amount of respect for what he does. Still, I'm looking forward to the
    time when he takes this analogy to the next level. Maybe it will be
    something like mass electronic hallucination or digital diarrhea.
    
    The more sophisticated view of national cyber security, however,
    accepts the possibility of a large-scale, surprise cyber hiccup, but
    rejects the notion of planes falling out of the sky, nationwide train
    derailments or environmental disasters at the click of a mouse.
    Sophisticated observers also accept the threat of massive
    Internet-based bank fraud and the impact such incidents could have on
    the stock market. But they reject the notion that terrorists have all
    of a sudden come to value virtual bombs as opposed to the fear
    generated by images of bleeding children on the nightly news.
    
    Last year, I asked Dick Clarke, the national coordinator for security,
    infrastructure protection and counterterrorism at the National
    Security Council, if the cyber-terrorist analogy had gone too far.
    With little or no evidence that the Osama bin Ladens of the world
    value the end result of cyber attacks (they do, however, value the
    command, control and secure communications that computer technology
    offers), isn't it a little far-fetched to use the term
    "cyber-terrorist"? I asked.
     
    "Maybe we shouldn't be saying 'cyberterrorism.' Maybe we should be
    saying 'information warfare,'" he said. Notwithstanding the
    information warfare remark, I took what I could get and chalked one up
    for the rational and reasonable among us.
    
    Some would say that it is only the younger generation that worries
    about such things as cyber terrorists and information warfare. Maybe
    they're right. My mother certainly doesn't worry about being caught in
    a hail of ones and zeros shooting out from a digital bomb as it
    explodes on the bus that takes her downtown to go shopping.  
    Terrorism, as we in the U.S. have come to know it, is a form of
    violence that strikes fear in the hearts and minds of people because
    of its destructive power and its ability to wreak havoc and physical
    pain on unsuspecting, innocent people. Few people will ever forget the
    horrific scenes from Lockerbie, Scotland, where in 1988 a bomb ripped
    apart Pan Am Flight 103 in mid air, killing all 270 passengers.
    Likewise, the 1983 bombing of the U.S. Marine barracks in Beirut,
    Lebanon, that killed 241 Marines and Sailors, and more than 100
    others, serves as a timeless reminder of what the destructive forces
    of terrorism are all about. The same can be said of the 1995 bombing
    of the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma,
    which killed 168 and wounded more than 500.
     
    However, the cyberterrorism image and its ugly cousins information
    warfare, electronic Pearl Harbor and electronic Exxon Valdez, are
    probably here to stay. We have the media to thank for that. You see,
    cyber wars and virtual terrorists make for great headlines. Consider,
    for example, Business Week's 1998 headline "A Digital D-Day," Wired
    Magazine's 1999 story "China Fought Bombs with Spam," and even my own
    (yes I admit I've been guilty too) story last year in Computerworld
    "U.S. may face net-based holy war."
     
    Although something more serious than last year's denial of service
    attacks against eBay, Yahoo, CNN and other e-commerce Web sites will
    probably occur, I'm not ready to begin storing water, canned food and
    extra batteries in my basement just yet.
    
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Mon Jun 25 2001 - 03:38:38 PDT