Friday, August 01, 2008

Cyber Terrorism - America's Achilles Heel

Cyber Terrorism - Part 1
What Price for Freedom?

Series by Jim Putnam

We live in a society that dictates the need to protect our selves, families, homes, property and business. America without insurance would be like air without oxygen. It is difficult to find a single aspect of life in America in which protection is not integrated and essential.

Yet our leadership tell us that the most basic services in which our life and lifestyle depends, the infrastructure of the American standard of living, cannot be protected. The necessities of life, food, air, water, housing and transportation, are all vulnerable to terrorist attack.

We can protect the president. We can protect our money, our gold and our treasures. We can even protect our nuclear arsenal and weapons of destruction. But we cannot protect our quality of life and our people from the threat of cyber terrorism.

Former Bush Administration cyber expert Richard Clarke predicts an “Electronic Pearl Harbor” and has blasted the private sector for failing to protect our infrastructure. Yet all experts agree it is a complex issue. Cyber security seems to demand a trade off. More security can be given if we are willing to sacrifice our freedom and privacy.

America’s corporate world, especially the financial and international commerce communities, refuse to accept the government intrusion into their world of corporate secrets for fear the information will be used to tax or prosecute them. Recent examples of corporate greed and abuse suggest there is a lot to hide from the government. Yet the privacy issue is valid.

At the same time, the corporate world has been reluctant to tell us if they have been successfully hacked. To do so would acknowledge they are vulnerable. It would raise doubt as to their ability to protect their records, clients and intellectual property. It would threaten their credit rating and worst of all, it could cause their stock value to fall. Better to cover up the attack than to undermine investor confidence.

Politically, with the federal elections on the horizon and control of the White House in the balance, it is always safer to blame someone else or deflect blame than to assume responsibility. The politicians use the convenient mantra we can’t protect our infrastructure from cyber attack. They blame the private sector for failing to develop adequate security. And they accuse the private sector of refusing to cooperate and of withholding information about cyber vulnerability.

Wouldn’t you refuse to tell the government all your secrets? The government can’t keep it’s own secrets, let alone be trusted with proprietary corporate secrets. Still it is a “Catch 22” that must be overcome for the average citizen to go to sleep at night feeling secure that their essential services are protected from the hands of blood thirsty, hate filled terrorists committed to killing Americans and destroying our way of life.

Because tonight the water supply could be poisoned. Tonight the electrical grid could be shut down and air conditioners would stop working in the heat wave. Nuclear reactors could have a melt down sending clouds of deadly radiation into the air and contaminating the countryside. Air traffic controllers could be stopped from contacting the thousands of planes in the air.

Floodgates on dams could be opened sending billions of gallons of water crashing down on communities. You could wake up tomorrow and your bank records could be gone, your insurance coverage cutoff, and health care disrupted. Raw sewage could be diverted into your drinking water. Emergency calls to 911 could go unanswered.

Because our standard of living is excessive, it takes an excessive infrastructure to support it. Our lifestyle is computer and energy dependent. From the cockpit of an airplane to the control room of a nuclear reactor, the 500 digital TV channels to the cell phone attached to your ear, we need the infrastructure to feed our addiction for more.

The techniques that could be used by a single terrorist cell working through cyber space could threaten the very existence of our national infrastructure. Every single catastrophe I mentioned is possible from a few keystrokes on a keyboard. So if the politicians are not responsible, the government can’t help, and the private sector is in denial, where do you turn for help?

We need a wake up call to America, to the government leadership and the business community on the threat to our national infrastructure and what can be done to protect our resources and people. It is too late for theories and hypothetical solutions to very real problems of today threatening our standard of living and quality of life.

Cyber Terrorism - Part 2
Media Awareness?

In America there are time-honored traditions for using the media to sell you everything from the news to the latest unnecessary drug. Once upon a time you could distinguish between media’s supposedly unbiased news stories, and those selling goods, services and points of view.

That day is gone. The editorial policy of the media outlet dictates the slant of the news coverage. Revenues rule philosophy and news is no longer a service but a profit center. News content and presentation is designed for ratings, sales and advertising revenue, not objectivity and public good.

In light of this, why is news coverage of cyber terrorism generally limited to technology stories for special interest groups and safely tucked away in the egghead section? Three obvious reasons come to mind. 1.) It is a complex issue. 2.) It might scare the public. And 3.) It might upset the advertisers on the media.

Cyber terrorism is the largest single threat to the quality of life for our citizens. It represents a far greater threat than corporate corruption, government inertia, media bias or bank and phone company service charges. So why are we not being warned about it?

Sure, the cyber world is complex, isn’t all technology? How many consumers know how their air conditioner, television, automobile or computer work? How many know how their money got from a bank into the ATM to them? They don’t. You throw a switch, push a button, or turn a key and it works.

People are not stupid. They don’t need to know how technology works, just what it can do for them. They know all aspects of American life are dependent on the computer, or the electricity that powers the computer. They know we are being bombarded by microwave beams and every other form of electronic signal and frequency to support that technology.

I have a simple way to perceive the cyber world. Our physical world is three dimensional and interpreted by the physical senses. The cyber world is what is beyond the physical realm, is limited only by one’s imagination, and is interpreted by the expanded mind.

As to our concerns cyber terrorism stories would scare the public, so what! One of our constitutional freedoms has always been the right to be scared to death. Stephen King and Dean Koontz wouldn’t sell many books if the public did not want to be scared. Many movies and TV shows were successful because they were very scary.

People pay billions of dollars to be frightened. Supposedly “free” news stories on cyber terrorism would be a great bargain. Sometimes the power of the media to scare people can change our way of life, and sometimes for the better.

Finally, there is the concern that cyber terrorism stories might upset advertisers. Does anyone doubt it? Computer manufacturers, software companies, technology driven companies and companies dependent on communications and advertising for sales are all directly affected. So are services that are electronically dependent like ATM banking, credit cards, phones, etc.

Of course they don’t want stories about how their product can be hacked by terrorists, or how easily services can be disrupted. Billions of dollars in advertising revenue from these companies are poured into the media, the same media that brings you the news. Do you really think “truth” is more powerful than investor confidence or corporate stock valuation?

Those advertising dollars can buy a lot of influence, especially when the advertising and media companies are losing ratings, readers and revenues. As long as the news sources are owned by the same media companies dependent on ad dollars for valuation and survival, there could be a potential conflict of interest. The recent collapse of stock prices, lost advertising revenues, increased cable and digital competition, and fewer viewers or readers have already caused media companies major problems.

They can ill afford to lose more. In spite of all these reasons why the threat of cyber terrorism is not adequately covered by the news media, occasionally there are stories that contribute to understanding the truth. Barton Gellman, Washington Post Staff Writer, wrote a story titled, “Cyber-Attack by Al Qaeda Feared”, published June 27, 2002. It clearly identified the problem. Unfortunately, to find it you had to get to the Internet online technology section of the Washington Post, but at least it was a start.

More recently The National Journal, not the traditional news media, ran a cover story (May 31, 2008) titled China's Cyber-Militia by Shane Harris which discusses how Chinese hackers pose a clear and present danger to the U.S. government and private sector computer networks and may be responsible for two major U.S. power blackouts. The story is reprinted in the CPT.

Cyber Terrorism - Part 3
Who are the hackers?

Most experts seem to agree we face an unprecedented threat from cyber terrorism, and we are all but helpless to stop it. Who are these “hackers” poised to bring the mighty America to its knees through a cyber space assault? Webster’s New World Dictionary defines a hacker as “a talented amateur user of computers, specifically, one who attempts to gain unauthorized access to files in various systems.” I think the definition falls far short.

Hackers are the new Messiahs of the cyber universe immersed in a quest to create like God. The fact they are creating illegal ways to access other people’s files is not a concern to them, as long as they are creating. Still, there is no convenient way to stereotype hackers.

I sense there are at least three distinct types of hacker, the Idealist, the Invisible and the Insidious. Popular books and movies glorify the first type, the Idealist. Hacking secured systems is a challenge to them and when they are successful it is essential they receive proper recognition for their prowess.

The need for peer recognition and ego insure they take credit for their handiwork. But in a distorted way they are not malicious in their intent. Their goal is not the destruction of property or disrupting lives, although that may very well be the consequence of their efforts.

Far more dangerous are the Invisible types. To them successful hacking is not merely to penetrate a secured file or system, but to go undetected in the process. Thus they are able to come and go at will. Government, quasi-government and shadow government agencies fall into this category. They all want to know everything you are doing. There is no system or network in the world safe from their prying eyes.

Thanks to the digital revolution our Constitutional guaranteed Bill of Rights is now obsolete. There is not a phone call, bank transaction or Internet communication safe from big brother. Private corporations have their own Invisible hackers as well so it is not just the government monitoring your life.

Curiously, all those politicians claiming to be defenders of freedom, and that includes Republicans and Democrats, liberals and conservatives, are mostly silent about the wholesale invasion of privacy now underway.

Fortunately, the eavesdroppers are so successful at capturing all calls, emails and transactions that the sheer volume is beyond their processing capability. For now our dwindling freedom is protected more as a result of bureaucratic constipation than political action. Super computers will soon eliminate that processing limitation, and everything about your life will be an open book.

The last category of hacker, the Insidious, is the most dangerous. Insidious hackers possess the skills and resources of the Idealist and Invisible hackers, but their motivation is without conscious. To them the art of hacking is a tool to get what they don’t have but want, or for bringing about war and destruction.

Criminals and fanatics, and often they are one in the same, go beyond the game of hacking through computer security barriers. Penetrating the systems is not enough. They steal the information, divert money or damage their targets in a way they cannot be caught. Or, they become cyber mercenaries for a terrorist cause and will use hacking to wreak havoc, devastation and destruction on unsuspecting victims.

Lives destroyed and human deaths resulting are nothing more than digital statistics in a higher cause being served. Unfortunately the combined power, resources and might of the vast American intelligence, law enforcement and defense communities is of no advantage when confronting cyber criminals or cyber terrorists.

The Insidious hacker is incorporeal, without material body or substance in the cyber universe. They have no base of operations, no geographic limitations and no political boundaries to restrict them. You cannot identify them with metal detectors or profiling and you most certainly cannot stop them with current computer security techniques and technology.

No comments: