http://www.smh.com.au/articles/2007/04/09/1175971018555.html
By Patrick Gray
April 10, 2007
Next
IF MICROSOFT'S Windows operating system crashes and gives you the "blue
screen of death", it's a pain in the proverbial, but it's hardly
life-threatening. In 1998, however, a United States Navy destroyer, the
USS Yorktown, was left stranded and vulnerable when its Windows NT-based
control system failed.
The tale of the stranding of the Yorktown is a true story former White
House staffer Richard A. Clarke cites as a warning. "(It) was out on an
initial shakedown cruise. The Microsoft software that it was running in
its control system went kafluey, and the entire ship stopped dead in the
water and they had to send tugs out to pull it back ... (it was running)
Windows," Mr Clarke told The Age.
Mr Clarke, the former United States National Co-ordinator for Security
and Counterterrorism, who also served as President George Bush's adviser
on cyber security until 2003, says the US is becoming too reliant on
network technology in war-fighting.
The lesson also applies to Australia. The Australian Defence Force's
"Force 2020" plan spells out a transition to "network-enabled
operations" which "treat platforms as nodes of a network (which)
collect, share and access information".
But Mr Clarke's tone is sarcastic. "The Pentagon says 'Oh, good news,
we're having a revolution in military affairs and we are going to
net-centric warfare where everything will be netted together', and they
tout this as progress," he says.
In fact, such networking could be a security risk. Western nations are
becoming increasingly vulnerable to cyber-attack from hostile nations,
terrorist groups and criminal syndicates, and an increasing reliance in
civilian technologies by intelligence and military agencies is having an
adverse effect on national security.
"It used to be that government, intelligence and defence agencies relied
on what they called GOTS, Government Off the Shelf products," Mr Clarke
says. "There are very few, if any, of those left. Almost everything the
Government relies on, even in the military and the intelligence
community is, COTS - Commercial Off the Shelf. Which is a way of saying
that what the Pentagon is running and the CIA is running is the same as
what you're running on your home computer."
In addition to normal reliability and security concerns, the commercial
technology sector is also vulnerable to infiltration by agents working
for hostile nations and terrorist organisations, Mr Clarke says. Agents
could steal or sabotage proprietary systems, or use insider knowledge to
gather information on potential security weaknesses in software, or
perhaps even to plant them.
The security of commercial products, and therefore the companies that
develop them, is steadily becoming a national security issue in the US.
"It is of concern when foreign nationals are employed in American
companies. It's also a concern if Americans are employed in American
companies and convinced to spy," Mr Clarke says. "(And) there's some
reason to believe it's going on."
His warning has a local sting: it comes at a time when Australia's
defence bureaucracy is ramping up its own outsourcing plans.
Several worst-case cyber attack scenarios are described in Mr Clarke's
most recent book, Breakpoint, which was launched in January. The
fictional novel, set in 2012, begins with attacks on the fibre-optic
cables linking the US to the internet. The attacks escalate to include
assaults on satellites and the United States' ability to wage war is
severely impaired.
Carrying out such an attack on Australia would be relatively easy, Mr
Clarke says. "A physical attack on cyberspace, one that tries to cut off
a country from the rest of cyberspace by hitting physical connections;
that's probably something that Australia is more vulnerable to than say
Europe or the United States," he says.
"The United States has a lot of internet entry points into it, probably
in the order of 20 major entry points, and that's a lot to take down. I
think Australia's number is probably more in the order of six."
To better prepare, Australia should "try to improve physical security
around internet nodes, you try to create redundancy," Mr Clarke says.
"You want to make sure that there are back-up systems, that certain
functions that don't need to be connected to the internet even
indirectly, like electrical power, are disconnected."
Mr Clarke says attacks on technology infrastructure, physical or
virtual, could come from terrorists, criminals or nation states.
At several points throughout Breakpoint, Mr Clarke suggests
Chinese-manufactured technology in the fictional future he describes
could contain "back doors" designed to allow the country's agents to
clandestinely access computer and communications networking equipment
installed throughout the US and Western world.
Such back doors would not be easy to detect, Mr Clarke says. "It's very,
very difficult to detect things that are embedded in chips, embedded in
motherboards - I think it would be extraordinarily difficult, especially
if they're not used until a certain point in time ... (and are) remotely
activated.
"When IBM stopped making laptops and sold the company to a Chinese
manufacturer the US Defence Department and State Department immediately
cancelled all orders for the IBM laptops. That reflects perhaps some
paranoia, but it may also reflect something else."
Mr Clarke denies that software companies allow US Government agencies,
such as the CIA and National Security Agency, to plant back-door
software of their own into their products. "I think American
manufacturers depend so much now on the world market that they would be
reluctant to do that because if they ever get caught they'd lose huge
portions of their market," he says.
While Mr Clarke admits it's possible the CIA and NSA may seek to
infiltrate US software companies and plant back doors of their own into
products - without the permission or knowledge of the companies
themselves - he doubts the Government is engaged in those types of
activities. "That's possible, (but) it probably gives the United States
Government more credit for competence than it deserves," he says.
However, Mr Clarke says both the US and Chinese governments have
admitted they have a cyber-attack capability that could allow them to
attack network infrastructure and penetrate foreign governments' systems
to gather intelligence.
Breakpoint has turned out to be somewhat prophetic. Last month Scotland
Yard detectives claimed to have foiled an al-Qaeda plot to destroy a
major "internet hub" through which most of Britain's internet traffic is
reportedly routed.
"There was also an arrest in the United States not long after 9/11 of an
al-Qaeda operative who was apparently supposed to do a second-wave
series of attacks, including on internet hubs, so we know al-Qaeda does
think about that," Mr Clarke says. "To some extent the book is prophetic
in that it talked a lot about things like Chinese anti-satellite
attacks, and I think the day the book was published in the United States
the Chinese did a satellite attack."
The Chinese Government confirmed it shot down one of its satellites in
January, while insisting it was committed to the "peaceful development
of outer space".
Mr Clarke's resume is impressive. He served as a special assistant to
President Bill Clinton for eight years and was the National Co-ordinator
for Security and Counterterrorism for both Clinton and George W. Bush.
From 2001 until his retirement in 2003, Mr Clarke was special adviser
to President Bush on cyber security and chairman of the President's
Critical Infrastructure Protection Board. Mr Clarke became well known
around the world when he accused President Bush of mismanaging the "War
on Terror" in his scathing account of his tenure under the President,
Against All Enemies, published in 2004.
Today he serves as the chairman of Good Harbor Consulting, a security
and counterterrorism consultancy. He says he wrote Breakpoint [1] as a
fictional novel because a more sober warning would have fallen on deaf
ears. "I write fiction because I think it's a way of telling people
interesting facts ... that they would never read because most people
don't read nonfiction," he says. "Because it's a thriller people will
read it. They'll learn, subliminally perhaps, about ... the issues."
Breakpoint ventures beyond issues involving cyber security and computing
technology. The book raises concerns around genetic engineering
technology and the reverse engineering of the human brain.
According to Mr Clarke, developments in genetic technology, artificial
intelligence, robotics and the fusing of humans and machines will have
significant consequences for society and national security.
"(Breakpoint is) meant to be a warning. Not only on the computer side
but on the genetics side, and robotics and artificial intelligence," he
says.
"What I'm saying is there's not just one technology that's emerging in
the next 10 years, there are five or six major technologies that are
going to be mutually supportive and burst on the scene in a big way in
the next 10 years, and they will drastically change the nature of
society. That will have political, economic, social and national
security implications and we haven't thought them through."
To hear Patrick Gray's interview with Richard A. Clarke, download his
podcast from ITRadio.com.au/security
[1] http://www.amazon.com/exec/obidos/ASIN/0399153780/c4iorg
http://www.shopinfosecnews.org/
__________________________
Subscribe to InfoSec News
http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Apr 11 2007 - 01:16:54 PDT