News

USIS Washington 
File

15 December 1998

CSIS STUDY URGES INCREASED FOCUS ON INFORMATION WARFARE THREAT

(Group calls for public-private cooperation in effort) (780)

By Ralph Dannheisser

USIA Congressional Correspondent



Washington -- The advent of cyberterrorism and information warfare
threaten to revolutionize the nature of conflict as much as anything
in history, including the development of gunpowder and nuclear
weapons, says the project director of a new study on the subject.


And the resulting threat of potentially paralyzing damage to U.S.
infrastructure is so grave that government and private industry must
start working together swiftly and in earnest to develop defenses,
Arnaud de Borchgrave said at a Capitol Hill news conference December
15.


De Borchgrave, former editor of The Washington Times, directed the
study for the Center for Strategic and International Studies (CSIS), a
public policy research institution dedicated to analysis and policy
impact.


Appearing with him to unveil the resulting report -- "Cybercrime,
Cyberterrorism, Cyberwarfare: Averting an Electronic Waterloo" -- were
William Webster, former director of both the Federal Bureau of
Investigation and the Central Intelligence Agency, who chaired the
project, and Senator Charles Robb, a leading congressional proponent
of steps to counter the cyberwarfare threat.


De Borchgrave contended that some 30 foreign countries already have
"attacked the United States electronically" in the form of conducting
economic or military espionage. He declined to name any or to identify
his sources, but said that "some (of the countries) are very close
friends of ours."


An assault by an outright enemy nation or terrorist group could be
devastating, he said, making it urgent to "break down the barriers of
distrust between the private sector and the public sector" that now
interfere with addressing the problem.


Robb agreed that a cooperative approach is vital, declaring that "the
private sector cannot simply sit back and wait for the government to
lead."


The senator said he did not wish to be an alarmist, but hypothesized
that enemies of this nation could find the start of the year 2000 to
be an ideal time to wreak havoc on computer-controlled power, water
and banking systems along with other key elements of U.S.
infrastructure.


That is because their actions could then be masked by the effects of
the so-called Y2K problem -- the anomaly in information coding which,
many fear, will cause extensive problems when computers geared to
identify years by the last two digits are unable to recognize the
double zero of the figure 2000. Many government agencies and private
industry groups are working feverishly to preempt major problems from
arising when 2000 arrives.


Should a deliberate attack on the information structure be launched at
that time, Robb said, "we would not know when it started, we would not
know who was behind it, we would not know where it was coming from."


He projected scenarios as grave as false information being intruded
into U.S. munitions systems, causing them to "go into a launch mode."


The study's authors find that "in today's electronic environment, many
haters can become a Saddam Hussein and take on the world's most
technologically vulnerable nation.


"America's adversaries know that the country's real assets are in
electronic storage," they write. "Virtual corporations, electronic
transactions, and economies without inventories -- based on
just-in-time deliveries -- will make attacks on data just as
destructive as attacks on physical inventories. Bytes, not bullets,
are the new ammo. Or, more dramatically, a combination of bytes,
bullets and bombs."


The CSIS report urges that, to combat cyberterrorism and cyberwarfare,
the president must overhaul national security organizations and
policies and end a situation in which policymakers are "responding to
this 21st century threat with 20th century thinking."


Such an overhaul should be based on a top-down review of the existing
organizations assigned responsibilities for information warfare,
information security, security policy, and cybercrime, the report
recommends. The review would set national policy and guidance for the
use of offensive information warfare, draft guidelines for acceptable
and prohibited targets, and determine oversight procedures.


The authors find that the traditional intelligence organization and
process, developed during the Cold War, is poorly suited to
information warfare threats. They recommend that the director of
central intelligence designate a national intelligence officer who
would deal specifically with offensive and defensive information
warfare, providing a focal point in the intelligence community.


In addition, the report calls for recruiting the specialized talent
needed to analyze the arcane new threats, including "young computer
virtuosos."


Specific measures must also be devised to ensure the continuance of
vital government services, primarily national defense and the rule of
law, even under the stressful conditions of information warfare
attack, the authors say.