Chaos: The Coming Technology War

[InfoSec News <isn () c4i org>]

http://www.newsfactor.com/perl/story/13738.html

Tim McDonald 
September 25, 2001 

Chances are that you won't see the next war start live on CNN, as in
the 1991 Gulf War. Nor will your early warning signal be the emergency
broadcast beep going off on your television or radio. So how will you
know it's started? There will be some clues.

Your pager won't work. The movie you're watching on HBO might suddenly
go blank while the cable connection seems fine. Or your ATM machine
will kick back your debit card for no apparent reason.

In 1998, the Galaxy IV satellite that was orbiting the earth suddenly
malfunctioned. About 80 percent of the pagers in the U.S. quit
working. Cable and broadcast video feeds also shut down, while credit
card authorization networks and other communication systems failed for
weeks.

Space: The 'Irresistible' Target

The official explanation was that it was simply a malfunction. But,
was it? And will it be next time? Only days after the incident, the
official Chinese news agency Xinhua ran an article that said, in part:

"For countries that could never win a war by using the methods of
tanks and planes, attacking the U.S. space system may be an
irresistible and most tempting choice."

It wouldn't take much to disrupt and even immobilize the U.S.
satellites upon which the country's military, government and
commercial interests are increasingly dependent. All that would be
needed is a rocket that can reach outer space, with some aiming
capability, and a small nuclear warhead.

China easily has such potential. So does Russia. And so do Iran, Iraq
and North Korea. And, perhaps scariest of all in the current crisis,
so does Pakistan.

A 'U.S. Crusader' Virus?

The only thing upon which defense experts agree with respect to
information technology and its place in future conflicts is that it
will be used somehow, some way. There are an infinite number of
possibilities.

Computer viruses are commonplace now, though almost always relatively
unsophisticated. They could become more specific, however, and be
directed at narrower targets.

For example, a "PLO virus" was developed at Hebrew University in
Israel. In Japan, hackers invaded the computerized control system for
commuter trains, disrupting major cities for hours. Italian terrorist
group the Red Brigade specifically spells out how to take out computer
systems and installations in its manifesto.

In Ireland, Sinn Fein supporters posted details of the British army
intelligence operations in Northern Ireland on the Internet, and they
weren't even in Ireland when they did so -- they were working from the
University of Texas at Austin.

Electric power grids, oil and gas pipelines, vital communications
systems, sensitive data -- they're all becoming more and more
computerized and centralized.

"Thirty years ago, terrorists could not have obtained extraordinary
leverage," said Robert Kupperman, terrorist expert and chief scientist
of the U.S. Arms Control and Disarmament Agency. "Today, however, the
foci of communications, production and distribution are relatively
small in number and highly vulnerable."

Kupperman made that statement in 1977.

Air-Breathing 'Jetscrams'

What are we doing about it? The U.S. is preparing itself with a number
of measures that range from the subtle to the spectacular. One of the
most spectacular is NASA's Hyper-X project, featuring 12-foot-long,
unmanned, air-breathing X-43A "jetscram" aircraft launched from F-15
fighter jets that are capable of hunting down and destroying foreign
satellites that threaten ours.

Its targets could be as small as 20-pound "nano-satellites" loaded
with sophisticated equipment and capable of jamming U.S. satellite
transmissions with electronics or even lasers. Pakistan is only one of
the countries working on such technology.

There are other, less spectacular ways that could eventually be more
effective. For example, the Federal Computer Incident Response Center
plans to revamp a system that automatically sends security patches to
civilian agencies, hoping to find a cheaper and easier way to protect
systems against malicious viruses.

Protecting Software

On another front in the tech war, the National Science Foundation
announced this week that it will create a new research program
designed to upgrade the basic security level in commercial technology
used by government and industry.

"It is a necessity to ensure that future information systems not only
behave as expected, but more importantly, continue to produce expected
behavior and are not susceptible to subversion," the NSF said in its
announcement.

In addition, Georgetown University and the Terrorism Research Center
maintain an information warfare database where incidents of suspected
foreign invasions of information systems can be reported.

"Information warfare attacks are occurring with increasing frequency
and it is vital that a dynamic resource exists to track their
incidence," the site says.

Who? Us?

There is also the chance you may not know about a U.S. response to an
act of foreign electronic warfare. A paper by the Terrorism Research
Center, headed by Matthew Devost, recommends a digital integrated
response team (DIRT).

The idea is for the U.S. to have its own, secret group of information
warfare terrorists, sanctioned by executive order and scattered around
the country in secret "cells."

They would constitute a kind of "digital Delta Force," the paper says
-- an offensive strike force capable of inflicting chaos on an enemy's
electronic infrastructure. Such attacks would be cloaked in anonymity
for security and other reasons.

The paper concludes: "Such a response offers ultimate plausible
denial."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.