[iwar] news

From: Fred Cohen (fc@all.net)
Date: 2001-06-20 22:27:56


Return-Path: <sentto-279987-1358-993101279-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 20 Jun 2001 22:29:07 -0700 (PDT)
Received: (qmail 25137 invoked by uid 510); 21 Jun 2001 04:29:47 -0000
Received: from cj.egroups.com (208.50.144.68) by 204.181.12.215 with SMTP; 21 Jun 2001 04:29:47 -0000
X-eGroups-Return: sentto-279987-1358-993101279-fc=all.net@returns.onelist.com
Received: from [10.1.4.52] by cj.egroups.com with NNFMP; 21 Jun 2001 05:28:00 -0000
X-Sender: fc@all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_1_3); 21 Jun 2001 05:27:59 -0000
Received: (qmail 9975 invoked from network); 21 Jun 2001 05:27:58 -0000
Received: from unknown (10.1.10.142) by m8.onelist.org with QMQP; 21 Jun 2001 05:27:58 -0000
Received: from unknown (HELO all.net) (65.0.156.78) by mta3 with SMTP; 21 Jun 2001 05:27:57 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id WAA03751 for iwar@onelist.com; Wed, 20 Jun 2001 22:27:56 -0700
Message-Id: <200106210527.WAA03751@all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 20 Jun 2001 22:27:56 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] news
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

USA Today
June 19, 2001
Pg. 1

Cyberspace Is The Next Battlefield

U.S., foreign forces prepare for conflict unlike any before

By Andrea Stone, USA Today

ARLINGTON, Va.  — They don't drive tanks, fly jets or even wear boots. 
But the computer technicians hunkered down in virtual foxholes in a pale
yellow building here in suburban Washington might well be the frontline
soldiers in the nation's next war.  They work for the Defense
Information Systems Agency, which figures that future conflicts won't be
won by shooting down the enemy's aircraft but by shutting down its
computers.  Today, they defend the U.S.  military's 2.5 million
computers against hackers.  But they are being trained to guard against
computer attacks by other countries and to launch computer virus
invasions that will bring chaos to a foe's communications networks,
financial systems and power grids. 

Military analysts say the United States is one of more than 20 countries
girding for this new kind of conflict, known within the Defense
Department as &quot;IW&quot; for information warfare.  Last fall, the
Pentagon disclosed that the U.S.  Space Command is building offensive
computer weapons to use against adversaries.  Until then, the Pentagon
had focused on defensive measures to protect U.S.  military computers,
satellites and communications links. 

Russia, North Korea, Iraq, Libya, Cuba, Britain, France, Israel and
China also are developing IW capabilities, according to military
analysts.  The Congressional Research Service says that China has
assembled a battalion of computer experts to develop offensive viruses
and defenses that some in the Pentagon call &quot;the Great Firewall of
China.&quot;

In fact, China is pursuing IW capabilities at least as aggressively as
the Pentagon.  It concluded after the Persian Gulf War in 1991 that it
could never defeat the United States in a conventional conflict, so its
strategists decided to target America's heavy dependence on computers,
analysts say. 

&quot;The next time you see a major international conflict between two
technologically advanced opponents, you're going to see computer network
attacks,&quot; predicts Dan Kuehl, who teaches information warfare at
the National Defense University in Washington. 

Why? At a time when political leaders are eager to minimize casualties
and the U.S.  public has come to expect bloodless precision strikes,
computer viruses are an enticing and relatively cheap weapon.  Analysts
say IW could shorten conventional conflicts or even head them off by
bringing foes to their knees. 

IW is not just the stuff of science fiction.  The Pentagon has already
used computer weapons.  During the Gulf War, U.S.  warplanes emitted
electronic jamming signals that disrupted Iraqi air-defense computers
and interfered with their ability to target allied aircraft. 

During the war in Kosovo in 1999, U.S.  officials considered siphoning
funds electronically from Serbian leader Slobodan Milosevic's bank
accounts but decided not to because of legal concerns, analysts say. 
The Serbs launched a crude IW attack: They vandalized NATO Web sites. 

Defense Secretary Donald Rumsfeld ranks IW as one of the gravest
national security threats.  One of his top priorities is to protect
military computer functions, such as communications, navigation, weapons
targeting, intelligence and logistics. 

&quot;We're going to need to have ways to make sure that we can continue
to see, hear and communicate,&quot; Rumsfeld said in a recent interview. 

Significant obstacles

Cyberweapons could revolutionize war in the 21st century as the airplane
did in the 20th century.  But the Pentagon and policymakers have
obstacles to overcome. 

One is learning how to defend against viruses launched by attackers who
can hide their identities.  If the U.S.  military can't be sure whether
the assailant is a lone hacker or a foreign government, it is difficult
to retaliate. 

Another concern is whether IW fits within the legal and ethical
boundaries of warfare because of the potential threat to civilians. 
Computer weapons aren't precise enough to limit damage to military
targets.  Unlike precision-guided bombs, a virus unleashed to shut down
power in a military command post could spread inadvertently to a
hospital nearby or even cross borders and cause havoc in a neutral
nation. 

John Hamre was a strong advocate of beefing up computer defenses when he
was deputy Defense secretary in the Clinton administration.  But he's
skeptical about using computers as offensive weapons.  &quot;For
warfare, you want high confidence and predictability of outcomes, and
that's very hard to know in cyberspace,&quot; he says. 

Military officials won't divulge their offensive capabilities.  But
analysts say they believe the Pentagon has a formidable arsenal. 

&quot;We have powerful tools that we have not used,&quot; says Steven
Hildreth, a Congressional Research Service defense analyst.  The United
States is the leader in the field, but it doesn't take great economic
resources to develop powerful computer weapons. 

Analysts say the U.S.  arsenal likely includes malevolent &quot;Trojan
horse&quot; viruses, benign-looking codes that can be inserted
surreptitiously into an adversary's computer network.  They include:

*Logic bombs.  Malicious codes that can be triggered on command. 

*Worms.  Programs that reproduce themselves and cause networks to
overload. 

*Sniffers.  &quot;Eavesdropping&quot; programs that can monitor and
steal data in a network. 

The U.S.  military could use these weapons to trigger disruptions in
enemy territory, such as a shutdown of oil and natural gas pipelines or
a cutoff of phone service, analysts say. 

At the same time, an adversary could use these same viruses to launch a
digital blitzkrieg against the United States.  It might send a worm to
shut down the electric grid in Chicago and air-traffic-control
operations in Atlanta, a logic bomb to open the floodgates of the Hoover
Dam and a sniffer to gain access to the funds-transfer networks of the
Federal Reserve. 

Those kinds of attacks, which would target civilians, probably violate
international law.  But computer strikes that destroy or interrupt the
flow of military information would conform to international rules of
war. 

For example, U.S.  military technicians could send an adversary's
precision-guided weapons off course by altering signals from the control
system.  They could change the enemy's tank computers to identify
&quot;friendly&quot; forces as foes, prompt the enemy to redeploy forces
based on false information fed into its computers and route truck parts
instead of bombs to fighter jet squadrons. 

Vulnerable computers

The Pentagon is vulnerable to the same kinds of attacks.  About 95% of
its communications are carried over unclassified, commercial networks. 

&quot;The (Internet) linkages that take a cybercrime to Amazon and eBay
are exactly the same linkages that would take an attack inside critical
military facilities,&quot; says the National Defense University's Kuehl. 

The vulnerabilities of U.S.  military and civilian computers are well
known to China. 

In 1996, a Chinese military paper told of preparing for &quot;a war of
decisions and control, a war of knowledge, and a war of intellect.&quot;

Three years later, two Chinese officers wrote a book that advocated
using cyberattacks against civilian power, transportation,
communications and financial systems.  U.S.  analysts say the Chinese
are pouring significant resources into developing such capabilities. 

For now, the main threat comes from hackers, not hostile nations. 
They're trouble enough: 413 intruders broke into U.S.  military networks
last year.  That record makes analysts wonder how the Pentagon will fend
off sophisticated attacks from hostile countries. 

Although the Pentagon spent $1.6 billion on computer defenses last year,
the General Accounting Office, a congressional watchdog agency,
criticized it in March for having networks &quot;beset by
vulnerabilities.&quot;

The Pentagon has known for several years that its computers are
vulnerable:

In 1997, it held an exercise called &quot;Eligible Receiver.&quot; Teams
from the intelligence-gathering National Security Agency (NSA) used
Internet hacker programs to simultaneously break into nine city power
grids and 911 emergency systems and 36 Pentagon computer networks, says
computer consultant James Adams, an NSA adviser.  Systems administrators
detected only two of the military attacks, he says.  In 1998, more than
500 Pentagon computer systems were compromised in a series of attacks
code-named &quot;Solar Sunrise.&quot; The intrusions appeared to
originate in the United Arab Emirates but eventually they were traced
through several countries to two California high school students and
their 18-year-old Israeli mentor.  Since March 1998, a group of hackers
apparently based in Russia has broken into hundreds of Pentagon and
other government computer networks and stolen thousands of unclassified
technical files in an operation U.S.  officials have dubbed
&quot;Moonlight Maze.&quot; Moscow denies involvement, and the culprits
are unknown. 

Beefed-up defense

The Pentagon recognized that any of those attacks could have come from a
foreign government.  And it concluded that it had to raise the digital
ramparts.  It formed what is now the Joint Task Force for Computer
Network Operations to coordinate defensive and offensive information
warfare programs.  It has asked Congress for a 500% increase in funding,
from $3.1 million to $18.6 million in 2002. 

In addition, each service has its own information warfare operations. 

The Pentagon also is trying to figure out the legal consequences of IW. 
If a foreign government hacked into a bank's computers and stole
billions of dollars, would that constitute an act of war?

&quot;Even as we have challenged the technologists to develop great
tools, we are really challenging the lawyers to find the legal
framework,&quot; says Army Maj.  Gen.  Dave Bryan, head of the joint
task force.  &quot;We are asking for some new rules.&quot;

There's also the problem of identifying whether the enemy is a foreign
government, terrorist group or amateur hacker.  &quot;Pinning the blame
on a specific group or nation is tough,&quot; Adams says. 

But these concerns have not slowed a rush by militaries to integrate
this new weapon into their war plans in hopes it will reduce casualties. 
Information warfare &quot;doesn't have the same punch as bombs,&quot;
Kuehl says.  &quot;But if it does offer the possibility to drop the cost
in human life, that's good.&quot;


------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:18 PDT