[iwar] Article in USA Today...

From: Fred Cohen (fc@all.net)
Date: 2001-06-19 16:21:55

Return-Path: <sentto-279987-1356-992992917-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 19 Jun 2001 16:23:08 -0700 (PDT)
Received: (qmail 1736 invoked by uid 510); 19 Jun 2001 22:24:14 -0000
Received: from hm.egroups.com ( by with SMTP; 19 Jun 2001 22:24:14 -0000
X-eGroups-Return: sentto-279987-1356-992992917-fc=all.net@returns.onelist.com
Received: from [] by hm.egroups.com with NNFMP; 19 Jun 2001 23:21:57 -0000
X-Sender: fc@all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_1_3); 19 Jun 2001 23:21:57 -0000
Received: (qmail 89410 invoked from network); 19 Jun 2001 23:21:56 -0000
Received: from unknown ( by m8.onelist.org with QMQP; 19 Jun 2001 23:21:56 -0000
Received: from unknown (HELO all.net) ( by mta3 with SMTP; 19 Jun 2001 23:21:55 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id QAA21215 for iwar@onelist.com; Tue, 19 Jun 2001 16:21:55 -0700
Message-Id: <200106192321.QAA21215@all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 19 Jun 2001 16:21:55 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] Article in USA Today...
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit


FCCyberspace is the next battlefield U.S., foreign forces prepare for
conflict unlike any before

By Andrea Stone USA TODAY

ARLINGTON, Va.  -- They don't drive tanks, fly jets or even wear boots. 
But the computer technicians hunkered down in virtual foxholes in a pale
yellow building here in suburban Washington might well be the frontline
soldiers in the nation's next war. 

They work for the Defense Information Systems Agency, which figures that
future conflicts won't be won by shooting down the enemy's aircraft but
by shutting down its computers. 

Today, they defend the U.S.  military's 2.5 million computers against
hackers.  But they are being trained to guard against computer attacks
by other countries and to launch computer virus invasions that will
bring chaos to a foe's communications networks, financial systems and
power grids. 

Military analysts say the United States is one of more than 20 countries
girding for this new kind of conflict, known within the Defense
Department as ''IW'' for information warfare.  Last fall, the Pentagon
disclosed that the U.S.  Space Command is building offensive computer
weapons to use against adversaries.  Until then, the Pentagon had
focused on defensive measures to protect U.S.  military computers,
satellites and communications links. 

Russia, North Korea, Iraq, Libya, Cuba, Britain, France, Israel and
China also are developing IW capabilities, according to military
analysts.  The Congressional Research Service says that China has
assembled a battalion of computer experts to develop offensive viruses
and defenses that some in the Pentagon call ''the Great Firewall of

In fact, China is pursuing IW capabilities at least as aggressively as
the Pentagon.  It concluded after the Persian Gulf War in 1991 that it
could never defeat the United States in a conventional conflict, so its
strategists decided to target America's heavy dependence on computers,
analysts say. 

''The next time you see a major international conflict between two
technologically advanced opponents, you're going to see computer network
attacks,'' predicts Dan Kuehl, who teaches information warfare at the
National Defense University in Washington. 

Why? At a time when political leaders are eager to minimize casualties
and the U.S.  public has come to expect bloodless precision strikes,
computer viruses are an enticing and relatively cheap weapon.  Analysts
say IW could shorten conventional conflicts or even head them off by
bringing foes to their knees. 

IW is not just the stuff of science fiction.  The Pentagon has already
used computer weapons.  During the Gulf War, U.S.  warplanes emitted
electronic jamming signals that disrupted Iraqi air-defense computers
and interfered with their ability to target allied aircraft. 

During the war in Kosovo in 1999, U.S.  officials considered siphoning
funds electronically from Serbian leader Slobodan Milosevic's bank
accounts but decided not to because of legal concerns, analysts say. 
The Serbs launched a crude IW attack: They vandalized NATO Web sites. 

Defense Secretary Donald Rumsfeld ranks IW as one of the gravest
national security threats.  One of his top priorities is to protect
military computer functions, such as communications, navigation, weapons
targeting, intelligence and logistics. 

''We're going to need to have ways to make sure that we can continue to
see, hear and communicate,'' Rumsfeld said in a recent interview. 

Significant obstacles

Cyberweapons could revolutionize war in the 21st century as the airplane
did in the 20th century.  But the Pentagon and policymakers have
obstacles to overcome. 

One is learning how to defend against viruses launched by attackers who
can hide their identities.  If the U.S.  military can't be sure whether
the assailant is a lone hacker or a foreign government, it is difficult
to retaliate. 

Another concern is whether IW fits within the legal and ethical
boundaries of warfare because of the potential threat to civilians. 
Computer weapons aren't precise enough to limit damage to military
targets.  Unlike precision-guided bombs, a virus unleashed to shut down
power in a military command post could spread inadvertently to a
hospital nearby or even cross borders and cause havoc in a neutral

John Hamre was a strong advocate of beefing up computer defenses when he
was deputy Defense secretary in the Clinton administration.  But he's
skeptical about using computers as offensive weapons.  ''For warfare,
you want high confidence and predictability of outcomes, and that's very
hard to know in cyberspace,'' he says. 

Military officials won't divulge their offensive capabilities.  But
analysts say they believe the Pentagon has a formidable arsenal. 

''We have powerful tools that we have not used,'' says Steven Hildreth,
a Congressional Research Service defense analyst.  The United States is
the leader in the field, but it doesn't take great economic resources to
develop powerful computer weapons. 

Analysts say the U.S.  arsenal likely includes malevolent ''Trojan
horse'' viruses, benign-looking codes that can be inserted
surreptitiously into an adversary's computer network.  They include:

* Logic bombs.  Malicious codes that can be triggered on command. 

* Worms.  Programs that reproduce themselves and cause networks to

* Sniffers.  ''Eavesdropping'' programs that can monitor and steal data
in a network. 

The U.S.  military could use these weapons to trigger disruptions in
enemy territory, such as a shutdown of oil and natural gas pipelines or
a cutoff of phone service, analysts say. 

At the same time, an adversary could use these same viruses to launch a
digital blitzkrieg against the United States.  It might send a worm to
shut down the electric grid in Chicago and air-traffic-control
operations in Atlanta, a logic bomb to open the floodgates of the Hoover
Dam and a sniffer to gain access to the funds-transfer networks of the
Federal Reserve. 

Those kinds of attacks, which would target civilians, probably violate
international law.  But computer strikes that destroy or interrupt the
flow of military information would conform to international rules of

For example, U.S.  military technicians could send an adversary's
precision-guided weapons off course by altering signals from the control
system.  They could change the enemy's tank computers to identify
''friendly'' forces as foes, prompt the enemy to redeploy forces based
on false information fed into its computers and route truck parts
instead of bombs to fighter jet squadrons. 

Vulnerable computers

The Pentagon is vulnerable to the same kinds of attacks.  About 95% of
its communications are carried over unclassified, commercial networks. 

''The (Internet) linkages that take a cybercrime to Amazon and eBay are
exactly the same linkages that would take an attack inside critical
military facilities,'' says the National Defense University's Kuehl. 

The vulnerabilities of U.S.  military and civilian computers are well
known to China. 

In 1996, a Chinese military paper told of preparing for ''a war of
decisions and control, a war of knowledge, and a war of intellect.''

Three years later, two Chinese officers wrote a book that advocated
using cyberattacks against civilian power, transportation,
communications and financial systems.  U.S.  analysts say the Chinese
are pouring significant resources into developing such capabilities. 

For now, the main threat comes from hackers, not hostile nations. 
They're trouble enough: 413 intruders broke into U.S.  military networks
last year.  That record makes analysts wonder how the Pentagon will fend
off sophisticated attacks from hostile countries. 

Although the Pentagon spent $1.6 billion on computer defenses last year,
the General Accounting Office, a congressional watchdog agency,
criticized it in March for having networks ''beset by vulnerabilities.''

The Pentagon has known for several years that its computers are

* In 1997, it held an exercise called ''Eligible Receiver.'' Teams from
the intelligence-gathering National Security Agency (NSA) used Internet
hacker programs to simultaneously break into nine city power grids and
911 emergency systems and 36 Pentagon computer networks, says computer
consultant James Adams, an NSA adviser.  Systems administrators detected
only two of the military attacks, he says. 

* In 1998, more than 500 Pentagon computer systems were compromised in a
series of attacks code-named ''Solar Sunrise.'' The intrusions appeared
to originate in the United Arab Emirates but eventually they were traced
through several countries to two California high school students and
their 18-year-old Israeli mentor. 

* Since March 1998, a group of hackers apparently based in Russia has
broken into hundreds of Pentagon and other government computer networks
and stolen thousands of unclassified technical files in an operation
U.S.  officials have dubbed ''Moonlight Maze.'' Moscow denies
involvement, and the culprits are unknown. 

Beefed-up defense

The Pentagon recognized that any of those attacks could have come from a
foreign government.  And it concluded that it had to raise the digital
ramparts.  It formed what is now the Joint Task Force for Computer
Network Operations to coordinate defensive and offensive information
warfare programs.  It has asked Congress for a 500% increase in funding,
from $3.1 million to $18.6 million in 2002. 

In addition, each service has its own information warfare operations. 

The Pentagon also is trying to figure out the legal consequences of IW. 
If a foreign government hacked into a bank's computers and stole
billions of dollars, would that constitute an act of war?

''Even as we have challenged the technologists to develop great tools,
we are really challenging the lawyers to find the legal framework,''
says Army Maj.  Gen.  Dave Bryan, head of the joint task force.  ''We
are asking for some new rules.''

There's also the problem of identifying whether the enemy is a foreign
government, terrorist group or amateur hacker.  ''Pinning the blame on a
specific group or nation is tough,'' Adams says. 

But these concerns have not slowed a rush by militaries to integrate
this new weapon into their war plans in hopes it will reduce casualties. 
Information warfare ''doesn't have the same punch as bombs,'' Kuehl
says.  ''But if it does offer the possibility to drop the cost in human
life, that's good.''Cover storyCover story


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:18 PDT