by Austin Bay
January 12, 2010Computer-savvy
crooks constantly probe America's
premier financial institutions. The new generation of safecrackers doesn't need
dynamite or drills, but uses digital tricks that include breaking encrypted
codes (like passwords) or inserting Trojan horses, worms and other computer
viruses into the information systems of banks and investment firms.
American
defense systems are also vulnerable. Given America's
reliance on computers and digital data links, this means weapons, weapons
delivery platforms (e.g., airplanes), intelligence systems (satellites) and
communications systems, from tactical radios to global strategic systems, face
a digital threat.
Filching
video from American Predator unmanned aerial vehicles (UAVs) operating over Iraq
and elsewhere serves as an example of a type of cyber-theft. StrategyPage.com
pointed out last Dec. 18 why Predator video feeds could be intercepted using
off-the-shelf programs for stealing commercial television satellite
transmission. "(S)ometimes, you take a chance," StrategyPage
observed. "And then you get caught. For years, the video from UAV was
unencrypted. This was to save communications capacity ("bandwidth"),
which was always in short supply. To encrypt the video would require more
bandwidth, and specialized equipment on the UAVs and ground receivers. ... This
was not a secret, it was known to people in the business. Now everyone knows,
and encryption, and all its costs, will be added to UAV video broadcasts."
StrategyPage
noted this was not a "hack" to the Predator's digital controls, but
akin to electronic eavesdropping or tapping a telephone. However, the prospect
of taking over the computers running an aircraft or commo system -- or, in the
civilian sector, a city's electrical grid -- concerns cyber-warriors.
The
U.S.
military believes digital communications systems capable of creating
"shared situational awareness" are critical to 21st century
modernization. "Shared situational awareness" is Pentagonese for
letting soldiers know where they are located, where friendly forces are
positioned and what the enemy is doing. A digital system connecting
infantrymen, tanks, helicopters, aircraft and ships would permit soldiers to
share real-time intelligence, find the best defensive position or select the
best available weapon to strike the enemy.
A
reliable system passing accurate locations and weapons effects data would
greatly lower the risk of "friendly fire" striking friendly units.
However, can cyber security protecting such a complex "battlefield
wi-fi" fend off enemy hackers employing armies of digital worms and Trojan
horses?
"App
mania" (use of computer applications in digital devices) afflicts every
community on the planet with a cell tower and Internet connection. People
download billions of applications each year. Despite antivirus software, each
download risks viral infection. According to thetechherald.com, in September
2009 the Zeus Trojan "family of Malware" infected 3.6 million
personal computers in the U.S.,
and Zeus viruses target "banking related information."
A
calculated cyber-attack that disrupts or destroys the civilian Internet would
have immense financial consequences. Disrupting military digital communications
and targeting systems at a critical moment in war could be catastrophic.
Cyber-security
experts I have interviewed on background tell me they fear that America's
ability to protect its digital systems from cyber-assault has deteriorated,
despite spending hundreds of billions for digital defense (to include
"hard defense" like protected cabling for fiber optics networks and
sophisticated firewalls).
There
are a number of reasons. China
and other potential adversaries employ cyber-warfare battalions -- the hackers'
techniques have improved. Modern software itself is complex and sometimes
difficult to troubleshoot. Constant patching and updating creates
vulnerabilities. Attacks can also be launched from inside an organization, by a
"cyber-saboteur." Defense and intelligence agencies take the
cyber-traitor scenario quite seriously.
Last
month, the Obama administration appointed Howard Schmidt as
"cyber-czar." Schmidt has an impressive resume, with civilian and
governmental cyber-security experience. His portfolio could extend through all
federal civilian, intelligence and military agencies -- and perhaps it should.
He will coordinate both Pentagon and Homeland Security cyber-operations.
Schmidt
must use his clout to develop new security tools and systems that will protect America's
digital devices and networks. The challenge, however, is immense. The Center
for Strategic and International Studies report "Securing Cyberspace for
the 44th Presidency" (dated December 2008) said the U.S.
needs a "comprehensive national security strategy for cyber-space."
Achieving that goal should be on Schmidt's agenda.
