Home page logo
/

isn logo Information Security News mailing list archives

Re: USA Today as DoD cyber-war propaganda mouthpiece
From: InfoSec News <isn () c4i org>
Date: Mon, 25 Jun 2001 04:43:00 -0500 (CDT)

Forwarded by: Dan Verton <Dan_Verton () computerworld com>

In the interest of self-preservation, I'll refrain from commenting on
another journalist's work. However, I agree that there is a
significant amount of garbage out there.

The world according to Verton:  (Taken from an opinion piece available 
on my Web site at 
http://www.geocities.com/intel0202/Cyber_Security_Journal.html )


Internet Age Analogies Gone Mad
By Dan Verton
Date: Feb. 2001

I like to think that I'm one of the more sophisticated and cautious
vagabonds of the information superhighway. I don't open email
attachments sent from strangers. I change my passwords often. I avoid
the Web's seedy back alleys. I even use anti-virus software. Still, I
cannot help but feel doomed. After all, none of this can save me from
the thousands of cyberterrorists who are preparing to wage a cyber war
against the U.S.
 
Many of you probably find this fear I have funny. But just read the
newspapers or go to a congressional hearing on Capitol Hill and soon
you too will be scared. Cyberterrorists are hard at work preparing to
strike at the heartland of America with digital bombs filled with
deadly ones and zeros, the experts warn. The coming cyber Armageddon
is not the work of a great fiction writer or a Star Wars-like
screenplay, it is real and the evidence, say the experts, has been
staring us in the face for years.

The transference of all worldly things and concepts to cyberspace
(whatever that is) is undoubtedly the chic thing to do today. Just
look at the skyrocketing market for online sex and you can get a sense
of how out of control this trend has become. But the recent move to
transfer the traditional world of terrorism (i.e. the hooded villains,
the crashed planes, the burning cars and buildings, and the bleeding
children) to the virtual world is particularly troubling and, at
times, has been quite amusing.
 
Consider, for example, the language used by various government
officials over the years to characterize the threat of a cyber attack
on the nation's computer networks. In 1998, Air Force Lt. General
Kenneth Minihan, then the director of the National Security Agency,
told a Senate committee that there were so many cyber attacks taking
place against Pentagon computers that "peace really does not exist in
the Information Age." The Internet, it seemed, had turned the world
into one big virtual war zone.
 
By 1999 the Pentagon had established a special task force for computer
network defense. I attended the ribbon cutting ceremony, during which
former Deputy Secretary of Defense John Hamre referred to the
potential for an 'electronic Pearl Harbor' and said that the military
men and women of the task force had actually 'been at war for the last
six months.' This was not the first time the electronic Pearl Harbor
analogy had been used, but the notion of being 'at war' with computers
was very much up to Minihan standards, I thought. Hamre had learned
well.
 
During his tenure at the Pentagon, Hamre, who now heads the Center for
Strategic and International Studies, a Washington, D.C.-based think
tank that recently called Microsoft Corp.'s operating system software
a threat to national security, became the poster child for the
government's fear-based campaign for more money to bolster computer
security. The problem of computer security was real enough, but it was
Hamre's tendency to digress from prepared remarks during speeches and
take the issue to new levels of paranoia that made him a popular
figure throughout Washington D.C.'s new digital press corps. One
observer even started a "Hamre Watch" Web page to keep tabs on his
public pronouncements of pending doom.
 
However, the use of the Pearl Harbor analogy is astonishing in its
boldness and callousness for the veterans who lost their lives on that
December day in 1941. Consider, for example, what Pearl Harbor
actually looked like when the Japanese attack had ended: More than
2,300 sailors, including more than 1,100 aboard the battleship U.S.S.
Arizona alone, were dead from explosions, fires and drowning; 100 Navy
ships were either severely damaged or sunk; and at least 18 Army Air
Corps fighters and bombers were damaged or destroyed on the ground.

With this picture in mind, I ask, is there really such a thing as a
cyber war or cyber attack? If there is, then maybe the Pentagon should
start issuing campaign ribbons for all of its 'cyber warriors' to wear
on their uniforms. It could be designed in the shape of a computer
keyboard and a little silver mouse can be added in place of the Silver
Star currently issued for valor. If war is possible in cyberspace,
then I assume that the current cadre of cyber warriors will be awarded
accordingly for what are sure to be many instances of deadly
mouse-to-mouse combat.
 
To be fair, Hamre is not the only official who has dabbled in
hyperbole. Rand Corp., for example, issued a study in 1999 that warned
of new type of war called "netwar". In that study, Rand warned the
world about ?new kinds of actors, such as anarchistic and nihilistic
leagues of computer-hacking 'cyboteurs'."

And how can I forget John Tritak, the director of the Commerce
Department's Critical Infrastructure Assurance Office. On more than
one occasion he has entertained me with warnings of an "electronic
Exxon Valdez". I've interviewed Tritak many times and have a great
amount of respect for what he does. Still, I'm looking forward to the
time when he takes this analogy to the next level. Maybe it will be
something like mass electronic hallucination or digital diarrhea.

The more sophisticated view of national cyber security, however,
accepts the possibility of a large-scale, surprise cyber hiccup, but
rejects the notion of planes falling out of the sky, nationwide train
derailments or environmental disasters at the click of a mouse.
Sophisticated observers also accept the threat of massive
Internet-based bank fraud and the impact such incidents could have on
the stock market. But they reject the notion that terrorists have all
of a sudden come to value virtual bombs as opposed to the fear
generated by images of bleeding children on the nightly news.

Last year, I asked Dick Clarke, the national coordinator for security,
infrastructure protection and counterterrorism at the National
Security Council, if the cyber-terrorist analogy had gone too far.
With little or no evidence that the Osama bin Ladens of the world
value the end result of cyber attacks (they do, however, value the
command, control and secure communications that computer technology
offers), isn't it a little far-fetched to use the term
"cyber-terrorist"? I asked.
 
"Maybe we shouldn't be saying 'cyberterrorism.' Maybe we should be
saying 'information warfare,'" he said. Notwithstanding the
information warfare remark, I took what I could get and chalked one up
for the rational and reasonable among us.

Some would say that it is only the younger generation that worries
about such things as cyber terrorists and information warfare. Maybe
they're right. My mother certainly doesn't worry about being caught in
a hail of ones and zeros shooting out from a digital bomb as it
explodes on the bus that takes her downtown to go shopping.  
Terrorism, as we in the U.S. have come to know it, is a form of
violence that strikes fear in the hearts and minds of people because
of its destructive power and its ability to wreak havoc and physical
pain on unsuspecting, innocent people. Few people will ever forget the
horrific scenes from Lockerbie, Scotland, where in 1988 a bomb ripped
apart Pan Am Flight 103 in mid air, killing all 270 passengers.
Likewise, the 1983 bombing of the U.S. Marine barracks in Beirut,
Lebanon, that killed 241 Marines and Sailors, and more than 100
others, serves as a timeless reminder of what the destructive forces
of terrorism are all about. The same can be said of the 1995 bombing
of the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma,
which killed 168 and wounded more than 500.
 
However, the cyberterrorism image and its ugly cousins information
warfare, electronic Pearl Harbor and electronic Exxon Valdez, are
probably here to stay. We have the media to thank for that. You see,
cyber wars and virtual terrorists make for great headlines. Consider,
for example, Business Week's 1998 headline "A Digital D-Day," Wired
Magazine's 1999 story "China Fought Bombs with Spam," and even my own
(yes I admit I've been guilty too) story last year in Computerworld
"U.S. may face net-based holy war."
 
Although something more serious than last year's denial of service
attacks against eBay, Yahoo, CNN and other e-commerce Web sites will
probably occur, I'm not ready to begin storing water, canned food and
extra batteries in my basement just yet.



ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault