by Austin Bay
January 12, 2010
Computer-savvycrooks constantly probe America'spremier financial institutions. The new generation of safecrackers doesn't needdynamite or drills, but uses digital tricks that include breaking encryptedcodes (like passwords) or inserting Trojan horses, worms and other computerviruses into the information systems of banks and investment firms.
Americandefense systems are also vulnerable. Given America'sreliance on computers and digital data links, this means weapons, weaponsdelivery platforms (e.g., airplanes), intelligence systems (satellites) andcommunications systems, from tactical radios to global strategic systems, facea digital threat.
Filchingvideo from American Predator unmanned aerial vehicles (UAVs) operating over Iraqand elsewhere serves as an example of a type of cyber-theft. StrategyPage.compointed out last Dec. 18 why Predator video feeds could be intercepted usingoff-the-shelf programs for stealing commercial television satellitetransmission. "(S)ometimes, you take a chance," StrategyPageobserved. "And then you get caught. For years, the video from UAV wasunencrypted. This was to save communications capacity ("bandwidth"),which was always in short supply. To encrypt the video would require morebandwidth, and specialized equipment on the UAVs and ground receivers. ... Thiswas not a secret, it was known to people in the business. Now everyone knows,and encryption, and all its costs, will be added to UAV video broadcasts."
StrategyPagenoted this was not a "hack" to the Predator's digital controls, butakin to electronic eavesdropping or tapping a telephone. However, the prospectof taking over the computers running an aircraft or commo system -- or, in thecivilian sector, a city's electrical grid -- concerns cyber-warriors.
TheU.S.military believes digital communications systems capable of creating"shared situational awareness" are critical to 21st centurymodernization. "Shared situational awareness" is Pentagonese forletting soldiers know where they are located, where friendly forces arepositioned and what the enemy is doing. A digital system connectinginfantrymen, tanks, helicopters, aircraft and ships would permit soldiers toshare real-time intelligence, find the best defensive position or select thebest available weapon to strike the enemy.
Areliable system passing accurate locations and weapons effects data wouldgreatly lower the risk of "friendly fire" striking friendly units.However, can cyber security protecting such a complex "battlefieldwi-fi" fend off enemy hackers employing armies of digital worms and Trojanhorses?
"Appmania" (use of computer applications in digital devices) afflicts everycommunity on the planet with a cell tower and Internet connection. Peopledownload billions of applications each year. Despite antivirus software, eachdownload risks viral infection. According to thetechherald.com, in September2009 the Zeus Trojan "family of Malware" infected 3.6 millionpersonal computers in the U.S.,and Zeus viruses target "banking related information."
Acalculated cyber-attack that disrupts or destroys the civilian Internet wouldhave immense financial consequences. Disrupting military digital communicationsand targeting systems at a critical moment in war could be catastrophic.
Cyber-securityexperts I have interviewed on background tell me they fear that America'sability to protect its digital systems from cyber-assault has deteriorated,despite spending hundreds of billions for digital defense (to include"hard defense" like protected cabling for fiber optics networks andsophisticated firewalls).
Thereare a number of reasons. Chinaand other potential adversaries employ cyber-warfare battalions -- the hackers'techniques have improved. Modern software itself is complex and sometimesdifficult to troubleshoot. Constant patching and updating createsvulnerabilities. Attacks can also be launched from inside an organization, by a"cyber-saboteur." Defense and intelligence agencies take thecyber-traitor scenario quite seriously.
Lastmonth, the Obama administration appointed Howard Schmidt as"cyber-czar." Schmidt has an impressive resume, with civilian andgovernmental cyber-security experience. His portfolio could extend through allfederal civilian, intelligence and military agencies -- and perhaps it should.He will coordinate both Pentagon and Homeland Security cyber-operations.
Schmidtmust use his clout to develop new security tools and systems that will protect America'sdigital devices and networks. The challenge, however, is immense. The Centerfor Strategic and International Studies report "Securing Cyberspace forthe 44th Presidency" (dated December 2008) said the U.S.needs a "comprehensive national security strategy for cyber-space."Achieving that goal should be on Schmidt's agenda.