Technology

Cyber Terror in the Air


According to a study released last week, seventy-five percent of Internet

users around the world now believe in cyber terrorism-the theory that

terrorists will soon inflict massive casualties on innocent lives by

attacking corporate and governmental computer networks. Now, if only we

could get the terrorists to buy it.

The survey, conducted in 19 major cities around the world by Euro RSCG

Worldwide, an advertising agency network, found that 45% of respondents

agreed completely that "computer terrorism (against corporations and

governments) will be a growing problem." And another 35% agreed somewhat.

I have to admit, I have some doubts about the survey. The vague phrase

"will be a growing problem" leaves a lot of wiggle room -- the problem

certainly can't shrink much, hovering as it is at zero cyber terrorist

incidents per year. And the study also found that netizens' greatest

technology-related fear is "the fusion of humans and computers," with

one-in-four worried that "computers will grow too powerful for people to

control." If you do your polling at a Terminator film festival you'll come

up with all sorts of screwy answers.

But statistics aside, there's no doubt that cyber terror, and its

nation-state equivalent, infowar, is in the zeitgeist. Witness the

feverish, panting diatribes on the subject that have muscled into

mainstream forums in the last two months.

The influential journal Foreign Affairs lent space to a silly rant by

iDefense's James Adams about hackers blacking out cities and killing

emergency 911 systems "with a couple of keystrokes." His point, after a

few mischaracterizations of recent events and liberal use of apocalyptic

imagery, is that the U.S. Defense Department needs to be placed in charge

of protecting all U.S. networks from cyber attack. Cooler heads might

wonder if the Pentagon shouldn't get the hang of securing its own

computers first.

Meanwhile, no less an authority than The New Yorker assured us in May that

"sophisticated terrorists... now have the ability to crash satellite

systems, to wage economic warfare by unplugging the Federal Reserve system

from Wall Street, even to disrupt the movements of ships at sea."

Finally, the cyber terror hype reached breakfast tables around America

with Andrea Stone's June 19th article in USA Today, titled 'Cyberspace:

The next battlefield'.

"[A]n adversary could use ... viruses to launch a digital blitzkrieg

against the United States. It might send a worm to shut down the electric

grid in Chicago and air-traffic-control operations in Atlanta, a logic

bomb to open the floodgates of the Hoover Dam and a sniffer to gain access

to the funds-transfer networks of the Federal Reserve," writes Stone.

There is a virus at work here, but it's not the troublesome

W32-ShutDownAllPowerInChicago.worm. It's a misinformation virus, and

credulous publishers are playing the role of Microsoft Outlook.

Part of the problem is that no one has a vested interest in debunking the

myth of the information apocalypse. A little doom-saying doesn't hurt the

computer security industry, the Defense Department could always use a

little extra cash from Congress, hackers enjoy their image as dangerous

terrorists whose very fingertips are deadly weapons, and journalists like

writing things like "digital blitzkrieg" and "information apocalypse."

Adding to the mess, some defense planners actually believe this stuff.

Hidden behind language like "asymmetric warfare" is a textbook

demonstration of fallacy from a Logic 101 course:

1. Computers can be disrupted by viruses.

2. The power grid is controlled by computers.

3. Therefore, terrorists and foreign governments can cause massive

blackouts with viruses.

National security planners see deadly logic bombs raining down on Chicago

-- it works that way with real bombs, after all. This is high-level

thinking. Really high, where the air is thin and the real nature of cyber

attacks isn't visible.

A more down to earth 'Electric Power Risk Assessment' conducted by the

Clinton White House's National Security Telecommunications Advisory

Committee in 1997 found that the power grid was indeed vulnerable to

computer intruders. However, "Despite the growing concern about cyberspace

attacks, the physical destruction of utility infrastructure elements is

still the predominant threat to electric utilities," reads the report.

To cause even a brief, regional blackout cyber terrorists would have to

find a path to control networks that are usually isolated from the

Internet. They would spend time conducting critical node analyses, learn

to communicate with remote telemetry systems using proprietary,

undocumented protocols, and all the while avoid detection for weeks, or

even months, while building and maintaining their access.

We'd live in a more peaceful world if terrorists spent their time hunched

over PCs looking at hex dumps of SCADA traffic.

Sadly, ten years after pundits first predicted an "Electronic Pearl

Harbor," terrorists still aren't buying it. They refuse to give up

violence in favor of computer hacking. Maybe they don't read USA Today.

They still stubbornly swear by explosives. They continue to favor sneak

attacks over the kind that can be picked up by intrusion detection

systems. They go for the assaults that are effective even if the victims

are doing everything right, instead of the kind that exploit buggy

software and configuration errors. And they prefer loss of life over loss

of electrical power.

They probably don't believe in cyborgs either. By Kevin Poulsen


Later, Baby
LIMITED-TIME OFFER SUBSCRIBE NOW

(enter your email)
(enter up to 5 email addresses, separated by commas)

Max 250 characters

Sponsored Links

Buy a link now!

 
blog comments powered by Disqus