Pentagon giving cyberwarfare high priority
Stephen Green Copley News Service
December 21, 1999, Tuesday
Two years ago, the Pentagon gave a team of computer whizzes from the National Security Agency (NSA) a challenge certain to appeal to any self-respecting hacker.
In an exercise code-named ''Eligible Receiver,'' the techies played the role of North Koreans attempting to break into U.S. military computer networks.
The invasions ''were wildly successful,'' said Michael Swetman, a cyberwarfare expert and president of the Potomac Institute for Policy Studies, a military think tank.
In fact, the hackers' success changed the Pentagon's thinking about cyberwarfare. Not only has it bolstered the defense of its own networks, it has honed plans for cyber attacks against potential enemies. Outside experts believe the Pentagon has developed its own arsenal of computer viruses.
And now there are discussions about the need for cyber arms control, along the lines of agreements governing nuclear, chemical and biological weapons.
The intensification of military cyber activities underscores the reality of new millennium warfare: How well the Pentagon can protect its computer systems from attacks may determine what happens on the on the battlefield.
Compelled by that realization as well as the results of Eligible Receiver, the Pentagon has consolidated its cyberwarfare defenses, which previously had been left up to each service.
''We had little capability to detect or assess cyber attacks,'' acknowledged Deputy Secretary of Defense John J. Hamre.
Now, in a secure building near the Pentagon, the Joint Task Force for Computer Network Defense operates a command center around the clock.
Three large overhead screens display computer links of U.S. forces in Europe, the Pacific and the United States, ready to signal an intrusion. The task force was created in June and in October placed under U.S. Space Command at Peterson Air Force Base in Colorado, which has been given responsibility for overseeing all cyberwarfare activities.
''We're concerned because information technology is the key factor that will allow us to do more with less in the 21st century and the technical systems we want to use are susceptible to people who want to do us harm,'' said Air Force Maj. Gen. John H. Campbell, commander of the joint task force.
''It's cheap and easy to put together a credible (attack) capability either in-house, or for hire,'' added the former fighter pilot who has changed his bedroom reading from Tom Clancy novels to computer books.
Cyber weapons have self-descriptive names like logic bombs, Trojan horses, worms, viruses and ''denials of service.''
With such an arsenal, ''even marginal foes can take on a superpower that no longer can be challenged with conventional weapons,'' said former Sen. Sam Nunn, R-Ga., chairman of the Center for Strategic and International Studies.
So far, the military has installed intrusion-detection devises at the entry point of key computer systems, expanded intrusion response-and-repair teams and attempted to improve its ability to analyze intrusion data.
But even though the Pentagon now spends about a billion dollars a year defending against cyber invasions, the vulnerability of its computer systems is underscored by the ease with which invaders still succeed.
An estimated 80 to 100 intrusions occur daily most believed to be harmless. Some 10 percent are investigated. Intruders suspected of serious criminal intent are investigated by the FBI.
No state-sponsored intrusions have been detected, according to Campbell.
The most serious breach, known as ''Moonlight Maze,'' was an intensive series of attacks earlier this year on computers operated by the Pentagon, Energy Department, NASA, defense contractors and several universities.
Intruders downloaded extensive non-classified but sensitive information to Russia, the FBI found, but the agency still is uncertain who was responsible and the investigation continues.
So far, none of the breached military computers have contained classified material, although such sensitive information as troop movements can be obtained from non-classified systems.
A major reason classified computers remain secure is that they are not accessible by outside telephone lines. The downside to this is that commanders in the field cannot easily access classified information that could help them fulfill their missions, said Swetman, who also serves as a cyberwarfare consultant to congressional committees.
While Pentagon officials have talked publicly about efforts to defend against cyber attacks, they say little about the U.S. military's efforts to develop its own offensive capability.
But Campbell stated the military has spent more on cyberwarfare offense than defense. It is believed the military has developed its own computer viruses and other cyber weapons.
Army Gen. Henry H. Shelton, chairman of the Joint Chiefs of Staff, has acknowledged the use of cyberwarfare in the Kosovo campaign but provided no details. There have been unconfirmed reports that U.S. military hackers aboard electronic warfare aircraft invaded computers coordinating Serb air defenses.
John Pike, military expert at the Federation of American Scientists, said one reason little information has been provided about offensive cyberwarfare is the involvement of the super-secret NSA, the agency responsible for the nation's electronic intelligence.
Experts say the United States leads the way in cyberwarfare. Nations trying to catch up include Russia, China, Israel, India, France and England.
Civilian facilities, such as banking and power grid computers, are especially susceptible to cyberwarfare, but civilian targets are supposed to be off limits to military attacks, under international agreements.
John Arquilla, a cyberwarfare expert at the U.S. Navy Post Graduate School in Monterey, Calif., said the potential for cyber weapons to disrupt the civilian infrastructure shows the need for international controls on cyberwarfare.
It's in America's interest to pursue cyber arms control, he said, because ''we are such a broad and rich target.''
The Pentagon's latest cyberwarfare game took place in October with ''Zenith Star,'' an exercise to determine if defenses have improved since Eligible Receiver.
''We've made some progress,'' said Campbell.
But, acknowledged Air Force Maj. Gen. Thomas B. Goslin, space command's director of operations, ''We still have a long way to go.''
Copyright© Copley News Service All rights reserved.