RSSWorries grow about America’s cyber security
Feb 13
China, security China, insecure news No Comments
Worries grow about America’s cyber security
Feb 13, 2010 (The Kansas City Star – McClatchy-Tribune Information Services via COMTEX)
– The deputy secretary of defense says “the cyber threat” is the one thing that keeps him up at night.
The director of national intelligence says such attacks pose a severe menace to the “fragile system behind the country’s information infrastructure.” The president says, “America’s economic prosperity in the 21st century will depend on cyber security.” This is not some hypothetical danger, they point out, but a war that has been joined already. No less a digital dominator than Google has felt the need to enlist the National Security Agency to help it ward off Chinese hackers.
And yet our networked sky has not fallen.
No electronic mischief has sunk Wall Street’s computers. No Internet sabotage has stilled our power plants. No illicit flip-switching in Beijing has released torrents from our dams.
“There’s a little more Hollywood in some of these dire scenarios than reality,” said John Pike, the chief defense analyst at GlobalSecurity.org.
“That said,” he continued, “I like to hope that someone is looking at air traffic control and other things that get scary when someone starts messing around with the controls.” Indeed, the professionals who puzzle over and prioritize the hazards to national security don’t dismiss the potential of cyber warfare.
They also agree that keeping terrorists out of motherboards will require diligence from government and industry, that it will demand more money from taxpayers and consumers.
What remains less clear, or at least in debate, is whether worries about cyber terror resonate more like Chicken Little or Paul Revere.
“This is a lot of hype,” said Owen Cote, the associate director of the security studies program at the Massachusetts Institute of Technology.
He sees competing agencies trying to outdo each other in their alarms amid competition to seize control of the responsibility, and the funding, of America’s cyber defenses.
At the same time, many warn that a nearly invisible cyber arms race already is under way. It’s a war with many fronts. Rival governments are trying to outsmart and outmuscle each other’s network defenses. Criminals have employed hacking as a way to steal and extort. Terrorist groups use the Internet to plan and organize, and spy agencies use it to monitor and quash those Web-based maneuvers.
“Global digital warfare is expected to intensify in the near future,” said a report from the Jamestown Foundation, a national security think tank.
That report played out a growing virtual arms war between the United States and China over which country could develop the power to keep hackers at bay from its networks while building the tools to foul the other’s electronic webs in some future conflict.
China, said the Jamestown analysis, “is devoting unprecedented resources to strengthening its already formidable cyber warfare prowess.” It cites two reasons.
First, a simple desire to keep pace with what Beijing perceives as Washington’s push to dominate cyber battlefields of the near future.
Second, China has problems of its own. Besides what it sees as anti-Chinese propaganda from the West — information that it has been roundly criticized for censoring — some 40,000-plus Web sites in the country were crashed in 2009 and 18 million of its computers were rendered useless by viruses.
“The Internet,” said a top official in Beijing,” has become a major vehicle through which anti-China forces are perpetrating their work of infiltration and sabotage.” American officials speak in the same strong terms. One estimate suggests hackers attempt to penetrate Defense Department computers 300 million times a day. A single hack into a NASA computer cost $1.5 million. Losses to American banks through the penetration of their computers are estimated in the billions of dollars.
The Pentagon has added more than $100 million for cyber security in its next budget, and a turf war has broken out between the Defense Department and the NSA over who ultimately will oversee the country’s electronic defenses.
“Cyber defenders right now have to spend more and work harder than the attackers do,” Dennis Blair, the director of national intelligence, told a congressional committee recently. “And our efforts, frankly, are not strong enough to … deal with that reality.” In the report it prepares every four years on defense priorities, the Pentagon concluded that U.S. government and corporate “networks are infiltrated daily by a myriad of sources … ranging from small groups of individuals to some of the largest countries in the world.” Deputy Defense Secretary William Lynn said late last year, “The consequences for our military, and indeed for our whole national security, could be dire.” The United States almost certainly is designing its own cyber weapons. A recent survey of 600 information technology executives from 14 countries ranked the United States just ahead of China as the country with the greatest ability to launch cyber attacks.
Analysts say they assume that there are regular debates whether to knock down violent Islamist Web sites or to instead watch them to gain intelligence about an elusive foe.
“You always have the question of when do you use the capability,” said Clifford Neuman, the director of the University of Southern California Center for Computer Systems Security. “The answer is never simple.” Others even equate the escalating stakes to those at play between the United States and the Soviet Union in the early years of the Cold War. Surely, mounting cases hint heavily at damaging electronic subterfuge with geopolitical overtones.
The Web site of the Russian newspaper Novaya Gazeta came back to life this month after what its editor described as a “well-organized and powerful” attack. The paper is a bold critic of the Moscow government.
Search giant Google began talking last month about pulling out of China — the surrender of a gargantuan market over angry accusations that Beijing pilfered software code and snooped on the Gmail accounts of dissidents.
A few months before, that same Chinese government cracked down on a hacking academy that advertised “guaranteed successful attack tools.” The school had 12,000 subscribers, and 170,000 people took its online courses before the November shutdown.
Attacks on computer networks of South Korean government agencies and the Pentagon last summer were widely, but inconclusively, blamed on North Korea.
The year before, corporate and government Web sites in the former Soviet republic of Georgia were traced to Moscow.
The year before that, Estonian networks were hit in a similarly suspicious way.
Those incidents have given rise to fearful scenarios: –Assaults on cell phone networks would do more than frustrate text-mad teenagers. Increasingly more commerce communication is going mobile, and it’s easy to picture a not-too-distant future when the Internet is delivered as much by wireless smartphone or iPad as any other means.
–Power grids already go brown and even black from their own internal weaknesses. Certainly a successful attack on a heavily populated area could create a great hardship and even trigger civil unrest.
The difficulty would be in infiltrating systems with deliberate redundancies and with built-in mechanisms intended — although hardly foolproof — to minimize the chances of outages rippling across the map.
–About 7,000 planes are in the air over the United States at any given time. Imagine if the air traffic controllers who keep them from colliding or touching down on the same runways suddenly lost contact.
But the Federal Aviation Administration has designed backup systems, and some analysts say the very absence of a successful terrorist hack on such an obvious target may speak to the agency’s defenses.
–Except perhaps for day laborers and a few others who take a day’s pay in cash, all our financial assets are really just a series of ones and zeros in computer banks. What better way to send America into crisis than clever software that tosses our accounts into chaos? Experts say it’s already happening — that banks are regularly hacked and write off their losses as the cost of doing business.
The head of Britain’s top investigative agency recently warned companies negotiating in China to assume that hacking likely has revealed their bottom lines to the folks on the other side of the bargaining table. That very perception could undercut China’s trade with the West.
Antivirus maker McAfee Inc. has estimated that in 2008 companies lost at least $1 trillion worldwide in intellectual property to hackers.
“A group of hackers turning the United States into a Third World economy? That’s nonsense. But we’re already paying for this,” said James Lewis, a security researcher at the Center for Strategic and International Studies. “The question is how you get people to take more precautions. No one’s saying there’s a silver bullet out there to stop this.” Indeed, it’s generally assumed that everyone will have to pay more — either as a consequence of hacks or the sustained efforts to ward them off.
“This is a total system problem. You can’t trust all of the hardware. You can’t trust the software. You can’t trust the communications. And you can’t always trust the people working for you,” said Peter Neumann, the principal scientist at the digitally oriented think tank SRI International. “If there’s one weak link, that’s all it takes. A few weak links can completely undo you.” Cote, the MIT defense analyst, concedes that hackers can do real damage.
Still, he finds it hard to imagine the sort of attack that could bring a superpower to its knees.
Consider the U.S. military’s Secret Internet Protocol Router Network, or SIPRNet. It’s like the Internet, but you can’t get there from here. It’s a physically separate system with strict rules that prohibit so much as a memory stick going from one of its computers to a private laptop. Experts call that “putting air” between networks.
“A tried and true axiom of American politics is that if you have a collective problem,” Cote said, “you have to scare people into taking action.” To reach Scott Canon, call 816-234-4754 or send e-mail to scanon@kcstar.com.
