by Stephen Pizzo Otigiaas- cb Rev Maye r-< ae ensions in the Middle East have heated up once again. A dictator is insisting that he — not his neighbor states and certainly not the US -- will decide the future of oil traffic in the Persian Gulf. ‘The US warns him to respect the national boundaries in the region and to allow free shipping access to the Gulf. Prema aes ae A ‘The dictator, normally belligerent when dictated to by the US, is strangely silent. Three days later a high-speed passenger train racing from Washington, DC to New York inexplicably switches tracks and piles head on into an oncoming commuter train, killing more than a hundred people, two of them members of Congress. The same afternoon the air-traffic control system at Chicago's O'Hare displays bogus flight data that causes controllers to misdirect a passenger jet, which collides with a private plane. All 235 on board the commercial jet die as tower personnel watch in disbelief. As the wreckage smolders on the runway, the radar screen still shows the jet two miles from the airport. ‘That night in San Francisco a computer-controlled switch at a regional Pacific Gas and Electric power station suddenly flips, plunging the entire city into darkness. At the same moment, a mechanized, dial-in attack overloads and shuts down the entire local phone Re Nag ASX e hehe 998) rie next big threat? “How do you know — really know ~ that you're under attack? Before you react you must know whether or not it's just some teenager. Ifan attack comes from Germany, how do you know that a teenager didn't hack into a German site and Jaunched his attack from there?" — Ira Winkler, SAIC As the wreckage smolders on the runway, the radar sereen still shows the jet two miles from the airport. 06/27/96 08:00:45a 20f3 sri. The next day it gets worse. Electronic sniffers, originating from an unknown source, locate and attack key computer servers controlling the New York and. London stock exchanges, plunging the world financial . markets into chaos. That afternoon bank teller ‘machines suddenly begin randomly debiting customer accounts, crediting the money to untraceable bank accounts overseas. Billions of dollars disappear before the banks can pull all their teller machines off-line. By the moming of the third day US intelligence has figured out that the US was under attack, but they could only guess at the source of the trouble. As the Pentagon begins to react, US military bases around the world are struck by a wave of random problems, from crashing computers to printers that lock up and catch fire. ‘The US has fallen victim to an electronic Pearl Harbor. Addicted to computerized information systems, the US is thrown off balance, forfeiting the ‘game, if not the match, to the Middle Eastern dictator, ‘Who sends a simple message: "Had enough? There's more trouble where that came from." ‘Now that the world has pulled itself back from the brink of thermonuclear destruction, military strategists have identified a new threat: Information Warfare. How vulnerable is the US to a cyber attack? And if attacked, a few other questions arise: ‘© Do we know how to respond to a cyber attack? © Should we respond? Or would a massive ‘counterattack only further damage the global ‘Net we need more than our enemies need? © What's the morality of cyber warfare? Would there be civilian casualties? Ira Winkler of Science Applications Intemational (the parent company of InterNIC registrar ‘Network Solutions, Inc.) says that even determining if an Information Warfare attack is underway may prove a daunting task for US strategists. ee Do you fear a cyber attack? Let us know. (06/27/96 08:00:46 EEitary strategists divide Information Warfare into three levels of warfare intensity: HackerWar, CyberWar, and all-out NetWar. Hacker warfare would be used to harass an enemy into submission or into making desired concessions. The attacks would range from causing paralysis of selected information infrastructure -- such as a nation’s phone systems ~- to harassing intermittent, shutdowns, computer virus attacks, theft of secure information, and planting corrupted data in important databases. Tees ane ¢ at Information Warfare strategists view hacker warfare with the most skepticism of the three. Martin Libicki, a Senior Fellow at the Institute for National Strategic Studies, is one of its biggest critics. He says hacker warfare is little more than childish harassment that an enemy's computers could easily tackle. What's more, the US would want to think twice about using hackers offensively, citing the "glass houses" maxim. "The US is far more dependent on computer systems than other nations," says Libicki. Hacker retaliation against the US could cause us more headaches than whatever inconvenience we caused our enemy. Libicki adds ironically that if the US comes under hacker attack, it will most likely be from someone trained at our own universities. "Roughly 60 percent of the doctorates granted here in ‘computer science and security are awarded to citizens of foreign countries, two-thirds of which are from Islamic countries or India," he says. A cheap way to irritate the enemy On April 19, hackers broke into the New York City Police Department's phone system and left a recording that informed callers that the police ere busy eating donuts ind that if it was a "real emergency, dial 11 ~New York Post Sixty percent of the doctorates granted in the US in computer science and security are awarded to citizens of foreign countries, ‘two-thirds of which are from Islamic countries or India, 06/27/96 08:01:10Libicki also points out that hacker warfare carries some of the same risks as biological warfare. "It would be quite embarrassing," he wars, "if a computer virus intended for another coun computer systems leaked and contaminated ours." Because hacking is cheap, some nations may see it as a way to harass their enemies without unleashing full-scale attacks against information infrastructures. But analysts view hacker warfare as a weak and unpredictable weapon, like sending a terrorist to plant small bombs in an enemy's cities: damage is done, the enemy is annoyed, civilians frightened ... but it's no way to win a war. Aico in Web Review. A ‘Copyright © Song ne Studios, Ine, 1996, ‘ALL RIGHTS RESERVED 2o0f2 0627/961of2 eview Ci A blitzkrieg on communication systems ‘comprehensive attack aimed at "disrupting, if not destroying, an enemy's information and communication systems." Think of it as an information blitzkrieg, a lightning attack that destroys the enemy's communications systems, cutting off military and political leadership from its command and control grid. Military strategists call this "a head shot." 8 yberWar is more serious than HackerWar, a Pers ase But in an interconnected world, this can be tricky. First, strong defensive measures widely employed in the civilian sector could fal into enemy hands, thereby shielding their computers from counter attack. Second, many of the technical avenues an opponent might use to attack the US (which the US would want to destroy) are the same channels needed for the US to respond to the attack. In other words, waging war against the Net's infrastructure could do more harm to the US's interests than those of the attacker. Of the military's 150,000 computer systems on the Internet, 95% use the same phone grid that the rest of the Net uses to communicate. “In the past you could pinpoint the places you needed to secure on a map of Washington, DC and its environs," says Caroline Hamilton of Risk Watch, a Maryland consulting group working with the Defense Department to come up with sensible Information ‘Warfare strategies. "But today, you have to include the phone system switches, the phone company offices, the federal aviation system... "We used to just talk about locking up the mainframe," Hamilton says. "But over the past 10 "The DoD wants it both ways. They want to be able to wage offensive information warfare, but they don't want strong security products out there, particularly products that would Inhibit their ability to kind of = Lynn McNulty, Defense consultant “The point is not that the DoD cannot shut off aceess to [the Internet) ean, but ata cost which, in political terms, grows more expensive every year. of the US risk, DoD will be politically constrained. — Martin Libicki, Institute for Nationat Strategic Studies Click. Attack! This is the way Pentagon futurists envision 21st centur wars being waged." ~ NMIA in Cyberia: Dob Harnessing Data "The key to Mongol success was their absolute dominance of battlefield information, ‘They struek when and where they deemed 0627/96years the configuration has changed to interconnect, everything internally and externally with the rest of the World. So, everybody is connected to everybody else, which means that everyone is dependent upon everybody else.” In short, even though the US may be able to shut down its own network, doing so would be like threatening to bomb our own cities to root out a handful of terrorists. Because of this, Rand analysts determined, the US must continue to rely on conventional weapons. "Potential battlefields can be found anywhere networked systems allow access,” Rand reported. "The vulnerability of these systems is currently poorly understood. In addition, the means of deterrence and retaliation are uncertain and may rely on traditional military instruments in addition to cyberwar threats," Libicki finds comfort in this. "Information technology ironically restores man to the center of the struggle for national security," he says. "With unconventional warfare, where War-fighting machines are virtually useless, these nets are precisely the point of maximum vulnerability for both sides." appropri ‘arrow riders" kept field commanders, often separated by of miles, in di communication, the Great Khan, sometimes thousands of miles away, was aware of developments in the field within days of their ‘occurrence. ‘Also in Web Review... 9) oo os Ine, 1996, ‘ALL RIGHTS RESERVEDcontroversial) level of Information Warfare, a Haiti, US intelligence seriously considered t hen there's NetWar, the most intense (and During a recent crisis in Air Force jet to sort of "mutually assured destruction” not only of communication and information systems, but of a society's confidence in its media and beliefs. synthesized voice of deceased Hatta leader ‘The Rand report says the goal of an all-out NetWar is vere to "disrupt, damage, or modify what a target Lolo Ny selewlce population knows or thinks it knows about itself and eeealae” the world around it.” rere ar Tia ae Aleader with a reputation for drinking too much could be made to slur his words. a Such an attack would focus not on an enemy's information infrastructure, but on the enemy population's mind and attitudes by subverting the media and infiltrating computer networks to promote confusion and dissent, In other words, in a NetWar the attacker turns the target nation's own media into a weapon against it. Libicki says that in a perfectly executed NetWar the “system under attack operates and will be perceived as operating correctly, but will generate answers at variance with reality." fall the Information Warfare options, this one holds the most allure for military strategists. Air Force Col. Richard Szafranski believes manipulating information is the key to modern warfare. “Information Warfare has the ultimate aim of using information weapons to affect the knowledge and belief systems of some external adversary," Szafranski says. And, he adds, a population's belief systems are the most fruitful target of Information Warfare. (06/27/96 08:01:3520f3 "Unlike knowledge systems (the objective data an enemy population uses to organize their lives), belief systems are highly individualized," Szafranski says. “The enemy i eally many individual enemies, many minds," which need changing. Radio Free Europe was a primitive form of Information Warfare. But NetWar requires many ‘megatons more persuasion than transparent propaganda. Information Warfare capitalizes on a population's confidence in their own information delivery channels. Among the tools in the NetWar arsenal are weapons like Commando Solo, an Air Force jet packed with top secret electronics. The plane's integrated systems and crew can capture live radio, TV, and data traffic over enemy territory and, almost in real time, alter and rebroadcast the material. For example, the TV image of a leader addressing his nation during a crisis could be morphed in subtle ways that would erode public confidence. A leader with a reputation for drinking too much could be made to slur his words. It's just a short leap from fiddling with a real broadcast to creating an entirely false one -- and that possibility intrigues strategic NetWar planners like Professor George Stein of the American War College. Stein says that by incorporating the existing ticks of Hollywood film technology, "a genuinely revoltionary form of warfare would becoene possible. "Combining live actors with computer-generated video graphics can easily create a virtual news conference or summit meeting," Stein says. "Stored images can be recombined or morphed endlessly to produce any effect chosen." And, by “hitching a ride on an unsuspecting commercial satellite, a fictive simulation can be broadcast" to an unsuspecting public. Professor Stein's moral considerations are well taken. But there's a deeper problem with NetWar tactics that no one seems to be talking about. If NetWar is ever waged as described here, and an enemy (or our own government) were to successfully alter the evening TV news -- putting words into Peter Jennings mouth and altered or false images on the screen -- it would for the foreseeable future destroy public confidence in the information they receive about the world around them. What would life be like in the aftermath of a NetWar 06/27/96 08:01:35,that leaves entire populations of suspicious and distrusting citizens on both sides? Would there be entire populations who no longer believe anyone or anything they see or hear? Can such a people even be governed? If they cannot, then who won? Do you fear a cyber attack? Let us know. [Hein wep Review. Te Copyseht © Songline Studios, nc, 1996, ‘ALL RIGHTS RESERVED. 30f3 06/27/96 08:01:35,eb review im e ® ofiviieee me. © Fi al ae Are we already under attack? s the US vulnerable to an Information Warfare ‘The Rand report called i} attack? Last April CIA Director John Deutch i us oe per iS (then serving as deputy defense secretary) told a ‘Taferniation Winters: Senate committee that the question of US Aaa vulnerability was "a very important subject...which we accustomed to things don't really have a crisp answer to. working without a zien. “Knowing that we have a vulnerability and knowing what to do about it are two different things," Deutch said, DISA ~ the Defense Information Systems Agency — handles Wa Metis information technology sie aet abet potest Defense. It plans, develops, and supports the military's Car (Command, Control, Communications, Computers, and Intelligence) functions, and reports to the a ci The Defense Department has set out to study the Ghairdan of the Joint problems they may face in an information war, and at Chiefs of Stat” the center of their research is the strategic think tank, the Rand Corporation. The Pentagon asked Rand _ last year to prepare a report on Information Warfare and to develop gaming scenarios to train PETE Senior military and intelligence staff in how to think Pentagan'\gesrrareh and act on a cyber-battlefield. and the Pentagon only spotted them in 4%. Rand analyst David Gompert reported that the US is probably the world's most vulnerable nation. “Americans are accustomed to things working — whether it's telephones, light switches, automatic tellers, or air traffic control systems -- and we give little thought to what could go wrong until it does," said Gompert. "Ifthe systems we take for granted start going haywire because someone or some group is tampering with them, we could be in for some very rude shocks." Rand also predicts that a cyber attack against the US is practically inevitable, if for no other reason than because waging cyberwar is ridiculously cheap to 10f2 (06/27/96 08:01:00rr ‘wage. Unlike traditional weapons technology, acquiring information weapons is within the financial 1p of individuals as well as organized groups and impoverished nations. ‘That started Pentagon officials wondering if just maybe they weren't already under attack. They ordered an audit to determine just how vulnerable their own command and control information systems were. The Defense Information System Agency (DISA) employed its own staff of in-house hackers to stress-test the DoD's computer system. When the smoke cleared the hackers had broken into 88% of the Pentagon's nearly 9,000 computers. Even worse, the Pentagon -- which knew the DISA hackers were ing to break in -- were able to detect only 4% of the successful penetrations. When the DISA combined the results of their tests with data collected from known break-ins by unidentified hackers, they concluded that the Pentagon's computers had probably been successfully penetrated more than 300,000 times in 1994 alone by unknown hackers who looked at, stole, or changed ‘who knows what data. Shocked into action, Information Warfare is now the hottest topic in military circles. Each service branch is training its own IW corps and the FBI is developing, its own cyberspace defense team. ‘Though it remains a murky and emerging discipline, the shape of Information Warfare has already begun to take form. And, as military planning always does, the thinking and planning have already gone well beyond the realm of purely defensive planning. Offensive Information Warfare tactics and strategies are also being developed and tested. pr Copyright © Songline Studios, Inc, 1996, "ALL RIGHTS RESERVED 20f2 (06/27/96 08:01:00 a