[iwar] [fc:Now,.Weapons.of.Mass.Disruption?]

From: Fred Cohen (fc@all.net)
Date: 2001-10-22 22:02:51
Next message: Fred Cohen: "[iwar] [fc:Microsoft.Explores.Legal.Options.Against.Hacker]"
Previous message: Fred Cohen: "[iwar] [fc:Power.Station.Incident.Should.Generate.Further.Security.Awarenes]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200110230502.f9N52qP14728@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Mon, 22 Oct 2001 22:02:51 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Now,.Weapons.of.Mass.Disruption?]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

Now, Weapons of Mass Disruption? 'Soft terrorism' would be aimed against
the 'system of systems' that is modern America 
Newsweek, 10/22/2001
<a href="http://www.msnbc.com/news/645533.asp">http://www.msnbc.com/news/645533.asp>

Oct. 29 issue - Americans have received their marching orders. They have
been told to stiffen their sinews, summon up their blood-and go to the
mall. And a movie. This summons to normality is akin to the rallying cry
on the eve of Agincourt. However, energetic everydayness, even
lightheartedness, is suddenly a serious duty. Just as there is at all
times a moral obligation to be intelligent, there is today an obligation
to be cheerful. 
IT WOULD BE irrational for Americans to begin acting as though
terrorists are capable of making daily life hazardous for Americans
generally. Acting that way would cripple the country's social and
economic vigor, its defining assets. And an even more important reason
for not allowing current problems to knock America off its normally
jaunty stride is that the nation's equilibrium may soon be tested by
even bigger problems. When in 1820 the argument about the admission of
Missouri to the Union as a slave state aggravated sectional animosities,
Jefferson called the crisis a "fire bell in the night," awakening the
nation to the possibility of worse to come. Last week's fire bell was
anthrax, a small sample of what can be called the terrorism of
substances, biological and chemical. There have been hearings, reports
and books on these subjects, but complacent democracies are educated
primarily by events, not exhortations-the British did not bring
Churchill to power until Hitler approached the English Channel ports.
What might be the next alarm bell to ring? Of course, a truck bomb would
intensify national nervousness by making things that are
ubiquitous-trucks-seem ominous. And high explosives directed against,
say, Hoover Dam would not only complicate life in the Southwest, it
would underscore the unsettling message that even big things can be
pulverized. However, it is time to think about attacks using things not
solid and directed against things not as solid as skyscrapers or dams.
Consider cyberterrorism, assaults that can be undertaken from anywhere
on the planet against anything dependent on or directed by flows of
information. Call this soft terrorism. Although it can put lives in
jeopardy, it can do its silent, stealthy work without tearing flesh or
pulverizing structures. It can be a weapon of mass disruption rather
than mass destruction, as was explained by the President's Commission on
Critical Infrastructure Protection in its 1997 report on potential
cyberattacks against the "system of systems" that is modern America.
"Life is good in America," the report says, "because things work. When
we flip the switch, the lights come on. When we turn the tap, clean
water flows." Now suppose a sudden and drastic shrinkage of life's
"taken for granted" quotient. The report notes that terrorist attacks
have usually been against single targets-individuals, crowds, buildings.
But today's networked world of complexity and interconnectedness has
vast new vulnerabilities with a radius larger than that of any
imaginable bomb blast. Terrorists using computers might be able to
disrupt information and communications systems and, by doing so, attack
banking and financial systems, energy (electricity, oil, gas) and the
systems for the physical distribution of America's economic output.
Hijacked aircraft and powdered anthrax-such terrorist tools are crude
and scarce compared with computers, which are everywhere and
inexpensive. Wielded with sufficient cunning, they can spread the
demoralizing helplessness that is terrorism's most important intended
byproduct. Computers as weapons, even more than intercontinental
ballistic missiles, render irrelevant the physical geography-the two
broad oceans and two peaceful neighbors-that once was the basis of
America's sense of safety. A threat is a capability joined with a
hostile intent. In early summer 1997 the U.S. military conducted a
threat-assessment exercise, code-named Eligible Receiver, to test the
vulnerabilities of "borderless cyber geography." The results confirmed
that in a software-driven world, an enemy need not invade the territory,
or the air over the territory, of a country in order to control or
damage that country's resources. The attack tools are on sale
everywhere: computers, modems, software, telephones. The attacks can
shut down services or deliver harmful instructions to systems. And a
cyberattack may not be promptly discovered. The report says, "Computer
intrusions do not announce their presence the way a bomb does." Already
"subnational" groups-terrorists, organized crime-are taking advantage of
legal and widely available "strong encryption" software that makes their
communications invulnerable to surveillance. How invulnerable? John
Keegan, the British military analyst, quotes William Crowell, former
deputy director of the largest U.S. intelligence agency, the National
Security Agency: "If all the personal computers in the world were put to
work on a single [strongly encrypted] message, it would still take an
estimated 12 million times the age of the universe to break a single
message." 
Now suppose a state or group or state-supported group used similar
cybermarvels to attack, say, U.S. banking and financial systems, or the
production and distribution of electric power. Americans know how
impotent, and infuriated, they feel when a thunderstorm knocks out
electrical power for even a few hours. The freezer defrosts, the Palm
handheld cannot be recharged, "SportsCenter" is missed. War is hell. And
speaking of war: It would be interesting to know how many of the
thousands of foreign students who have earned advanced degrees in
computer science (and nuclear engineering, while we are at it) at
American universities have come from, and returned to, the Middle East.
If we are supposed to stiffen our sinews and summon up our blood for a
battle, it would be well to remember that the Battle of Agincourt, for
which Shakespeare's Henry V exhorted the stiffening and summoning, was
won in 1415 by the skill of English archers wielding longbows, the high
technology of the day.

© 2001 Newsweek, Inc.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:Microsoft.Explores.Legal.Options.Against.Hacker]"
Previous message: Fred Cohen: "[iwar] [fc:Power.Station.Incident.Should.Generate.Further.Security.Awarenes]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST