http://washingtontimes.com/apps/pbcs.dll/article?AID=/20071113/COMMENTARY/111130013 By James A. Lyons Jr. November 13, 2007 One asymmetric threat to our military forces and the nation is "cyber terrorism." Our advanced technologically based military forces dependent on our satellites, critical infrastructure computers, the Internet, secure software programming, computer-driven telecommunications, air traffic control centers and other sophisticated sensor systems are tempting targets for cyber terrorism. Not only do we use our satellite and communication technology to support our military forces, but it has also become a key link in all aspects of our complex economic society. Banking, control of electrical grids, stock markets, telecommunications and a vast array of computer networks are part of our everyday life. Microprocessors and soon nanoprocessors have been built into our social fabric. The control mechanisms at our nuclear power plants rely on performance analysis not by operators but by micro-processors. The flow of oil through thousands of miles of pipelines is adjusted by computers at valve sites remotely managed with communication systems vulnerable to interference and disruption. Railroad switches often are controlled the same way. Experts have said 80 percent of successful intrusion into our government computer systems can be attributed to software errors or poor software quality. Many software products have poorly written or have poorly configured security features. Computers and networks without operating firewalls, up-to-date virus and password protection are invitations for disasters. DHS computers were subjected to penetration by Chinese hackers because we failed to install and monitor the necessary "intrusion-detection systems." Compounding the problem, offshore outsourcing provides a programmer overseas the chance to secretly insert a "Trojan Horse" or other trapdoor into a new software product. Oracle, a major database software vendor and a supplier to U.S. intelligence agencies, has contracted for software development in India and China. It is to be noted that U.S. agencies are not permitted to use unsupervised development of software from untrusted sources. Using untrusted software in critical commercial infrastructure is the major problem. Other countries that have received outsourced software work are Malaysia and Indonesia as well as possibly Pakistan, Russia, China and Israel. Software outsourcing is only part of the problem. The Chinese mega corporation Lenovo bought IBM PC's production unit. There was great concern that they would have access to IBM's sensitive technology. Nonetheless, the U.S. State Department has placed an order for 15,000 Lenovo PCs. How will State ensure the Chinese have not placed bugs and other devices in these PCs? This is too tempting a target for the Chinese to pass up. We have been conditioned mentally to accept the ubiquitous "civilian hacker." Internet security companies such as Akamai in Boston track thousands of attacks against the U.S. government and corporate computer systems every day. The single biggest source of those attacks is China. According to Richard Clarke, former National Security Council member, a Chinese general has said they would reach out through cyberspace and turn off our electric power grids before any conflict with the United States. I would thank that Chinese general for the "strategic warning." It has also been reported that Chinese "military hackers" have prepared a detailed plan to disable our aircraft carrier battle groups with what they hope would be a devastating cyber attack, according to one Pentagon report. That will not happen because of the redundancy built into our carrier battle groups. In a previous briefing before Congress, the former CIA director said at least a dozen countries including China, Libya, Russia and Iran are developing programs to attack other nations' information computer systems. Cyber attacks on our military forces, computer networks and critical infrastructure would be more than isolated acts of terrorism. The Carter administration considered nation-state-sponsored terrorism a "police problem." We cannot fall into that trap. The National Infrastructure Protection Center (NTPC) in the Department of Homeland Security defines cyber terrorism as "a criminal act perpetrated through computers, resulting in violence, death and/or destruction, and creating terror for the purpose of coercing a government to change its policies." But when a nation-state launches or sponsors such attacks either directly or through proxies, it is more than a criminal act, it is an "act of war." For those potential nation-state enemies, we need to fire a "shot across the bow" to make the consequences perfectly clear to them before they start down that path. As part of our national policy, we need to declare now that a cyber attack by a nation-state or its proxies against our military forces or our critical infrastructure will be considered "an act of war" against the United States. -=- James A. Lyons Jr., U.S. Navy retired admiral, was commander in chief of the U.S. Pacific Fleet, senior U.S. military representative to the United Nations, and deputy chief of naval operations, where he was principal adviser on all Joint Chiefs of Staff matters. __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Wed Nov 14 2007 - 23:23:03 PST