Get American Troops Ready To March On Cyber Battlefield

In the science fiction film "Independence Day" the humans used a computer virus to defeat the invading space aliens. That and other fictional displays of computer hacking talent gives one the the impression that America rules the electronic waves. However, in the real world, the US may loose a future war on the cyber battlefield.

"The rules, the weapons and more importantly, the leadership are simply not ready for Information Warfare," stated retired Admiral "Mike" McConnell, former Director of the National Security Agency. "It's 1919 and we have just discovered strategic air power. There is no modern Billy Mitchell."

"The US depends on computers," noted McConnell in a recent interview for INSIGHT. McConnell was the intelligence officer for Colin Powell during the Gulf war and then later headed the National Security Agency under Presidents Bush and Clinton. "We are a great deal more vulnerable to this kind of attack than third world countries who do not rely on computers."

Is the US under an electronic threat? The Defense Information Security Agency (DISA) conducted a vulnerability study of military and government computers. Their figures are truly alarming: 88% of defense computer systems are easily penetrated. Of the successful penetrations, 96 % are not detected. Even worse, 95 % of the detected penetrations are not reported nor responded to. Even when a penetration is detected, it is usually impossible to determine who did it. DISA studies indicate that there were over 265,000 intrusions into government computer systems in 1994 alone.

The weapons of a modern info warrior include computer viruses, or software designed to steal, damage or destroy computer data. Some virus programs are designed to tap your computer information and send it to hackers. So called "shadow" or "sniffer" programs are designed to spy on you via your computer, taking passwords, and important data from you. Other programs can actually do damage to computer hardware.

Nor are all these viruses coming from America. In fact, according to John Morris of Norman Data Defense, a Fairfax, Va. company that has the US Defense Dept. contract to protect nearly 1.5 million computers, new computer virus programs have started to show up from around the world. Morris noted that one virus detected recently by his company originated in Australia and another was built in Bulgaria.

Some other info-ware weapons may be delivered by missiles . One of these was considered for use in Bosnia by the US military. The Tomahawk EMG (Explosive Magnetocumulative Generator) bomb uses explosives and electronics to create a massive magnetic shock wave that disables all electronic devices within a short distance. Another device, according to Aviation week and Space Technology, is the Russian micro-wave warhead. This exploding warhead creates a giant micro-wave pulse designed to knock out electronics such as the Patriot radar system.

Some info-war weapons are within the reach of even low budget terrorist. One such low cost weapon is called "Van Eck" after its dutch inventor. Van Eck devices are modified TV sets designed to pick up the faint radio signals from a computer monitor. The device then re-creates the same image on its own screen. Van Eck devices have been built and used by hackers to tap bank, government and even police computer monitors from as much as a mile away. Van Eck devices are not very expensive. In fact, the parts list and design is available on the Internet. Prices range from about $400 to $1000 dollars, depending on how sophisticated a Van Eck is desired. Although, Van Eck devices are not illegal to own, the one and only US kit manufacturer who used to produce them was "requested" by the NSA to discontinue sales.

Defense Department computers have suffered some serious attack. Last year hackers broke into Defense computer systems 250 times, according to Air Force Lt. Gen. Kenneth Minihan, director of the NSA. In December, 1995, a 16 year old hacker invaded a USAF computer at Rome Air Force Base, New York. The enterprising youth took control of the computer, stealing classified details for air tasking orders (what bombs fall when), and then connected the USAF computer to Chile, Colombian, Latvia and Korea. This is where the story takes a chilling, nuclear nightmare twist. The Korean site also turned out to be a atomic energy research lab.

At first, this caused much panic at the FBI and the USAF because authorities did not know if the nuclear lab was in North or South Korea. This hacking incident could have easily turned into a nuclear World War, according to the GAO which wrote a report on Defense computer security. The GAO testified that the hacker could have easily faked a US computer attack, leaving traces pointing back to Rome, New York. "He could have put the North Koreans in a 'use 'em or loose 'em' situation," stated the GAO information security officer during testimony before Congress. In the end, the nuclear site turned out be in South Korea. The teen hacker was arrested but his accomplice in Latvia got away with all the classified information.

And how is the military responding to the "BitsKrieg"? The USAF has already created their own information warfare units known as Electronic Security Engineering Teams or ESETs. ESET units spend most of their time at various Air Force locations testing the computer security for weaknesses. ESETs electronically "hack" Air Force computer facilities to access their security posture and provide training and security solutions to correct all identified problems. The ESET units act as "Red" Teams, attempting to electronically manipulate or control operations. The Red Teams emulate a structured threat and attempt to take control of Air Force computer assets used during wartime scenarios. How good are these information warriors? The "Connection", a USAF information protection journal, noted the ESET Red Team units obtained complete control over 30 percent of the military computers they attacked. This percentage is an alarming rate when you consider it is the result of a two- or three-person team.

Yet, according to McConnell, even having the best teams and weapons available may do no good at all. "Our biggest problem is how do we tell if we are under IW attack," stated McConnell. "It is difficult to determine if an incident is merely a software error, a teen-age vandal intent on causing trouble, a criminal, a terrorist cell or another country actually carrying out an attack. In fact, when we ran war games that simulated these scenarios, we found the most difficult objective was determining if there was a threat to begin with. Furthermore, even when we eliminated that question and told the game leadership the threat was real, they more or less froze up. They simply did not know what to do."

As the National Research Council recently put it, "Tomorrow's terrorist may be able to do more with a keyboard than a bomb." Yet, too few military commanders realize that tomorrow is today. Many US commanders are not computer literate; some have never touched a computer. They are battleship Admirals in cyberspace, facing a future digital Pearl Harbor. The Department of Defense must address information warfare with the necessary training, weapons and tactics for both US commanders and their soldiers. We must make sure the "Billy Mitchell" of cyberspace is an American.

PUBLISHED 12/1/97 INSIGHT MAGAZINE, page 29

All content COPYRIGHT SOFTWAR (C) 2000. Any reproduction or use of content herein must be approved by SOFTWAR.