A'Hacking the Military Will Go

[mea culpa <jericho () DIMENSIONAL COM>]

http://www.wired.com/news/politics/0,1283,33443,00.html

A'Hacking the Military Will Go
by Declan McCullagh
12:30 p.m. 5.Jan.2000 PST

WASHINGTON -- In a move to enlist hackers as part of the nation's defense,
the US military is drafting a plan to penetrate and disrupt the computers
of enemy nations, officials said Wednesday.

"If you can degrade the air defense network of an adversary through
manipulating 1s and 0s, that might be an elegant way to do it," said
General Richard Myers of the [33]US Space Command, which is coordinating
the effort.

Myers told reporters that Pentagon planners are currently devising general
hacker-war procedures, which must be approved by the Secretary of Defense
and should be complete by October.

In October 1999, the Space Command [36]took over the job of protecting
Defense Department computers from hacker attacks.

But its new roles raise some knotty questions. For instance, should the
military be involved in defending vital military communications when they
travel over commercial networks? Should online attacks on an enemy's
infrastructure be viewed as an act of war, and should such attacks be
approved by the president, Congress, or the Pentagon?

Myers admitted the answers are still unknown. "A very big part of what we
do is to work through the policy and legal parts."

One option -- in a kind of unilateral arms-control agreement -- is for the
US to pledge not to launch electronic attacks in hopes that international
law will follow. It's seems to be what China -- which last year asked the
UN General Assembly to investigate the issue -- and Russia both want.

But for now, the Pentagon is readying its platoons of hackers.

"The services are trying to attract the best and the brightest to come
into this area," Myers said. "We think we can do that because we are going
to be working on leading-edge technology, we'll give them the right tools,
and they'll be doing something for their country."

The Pentagon's announcement, which has been quietly discussed for nearly a
year, comes at a time when military worries about hackers are at an
all-time high. Officials had fretted that attacks would increase on Y2K
eve, though government sources say only one minor incident took place.

A September 1999 report prepared by congressional auditors claimed there
were "serious weaknesses" in the Defense Department's information
security.

Military networks reportedly experienced over 18,500 intrusions last year,
compared to 5,844 in 1998, though some critics have questioned the
methodology used to determine those figures.

Back in 1997, a war-game exercise named Eligible Receiver reportedly
showed that enemy hackers -- in this case, ones playing the part from the
National Security Agency -- could bring down 911 phone service and power
grids in some cities.

The military's NIPRNET (Non-classified Internet Protocol Router Network)
carries non-secret information, while the SIPRNET (Secret Internet
Protocol Router Network) handles more sensitive data.

ISN is sponsored by Security-Focus.COM