Lawmakers get education on perils of cyber warfare

Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

C4I News, March 27, 1997:

Lawmakers get education on perils of cyber warfare

Two House defense panels yesterday held a joint hearing on information warfare, in an attempt to educate lawmakers on what many military officials and defense experts believe is a growing threat to U.S. national security as the Internet and other information networks proliferate.

The House National Security military procurement and research and development subcommittees--for the first time, according to sources-- heard testimony from the Pentagon's top experts in information warfare. This includes attacks on computer networks and battlefield information systems with the intent of gaining or compromising useful information or crippling military operations.

The Pentagon and other federal agencies in recent years have given added focus and, in some cases, extra resources to protecting the government's countless information networks and computer systems from sabotage at the hands of rogue states, terrorist groups, or even U.S. government insiders.

President Clinton last summer commissioned a blue ribbon panel to determine how to protect the National Information Infrastructure, while the Pentagon's Defense Science Board (DSB) last fall completed an in-depth study on information warfare defense, making more than 50 recommendations on how the Pentagon can best prepare itself.

But according to Rep. Curt Weldon (R-PA), the chairman of the research and development panel who convened the hearing, most members of Congress are often pre-occupied with other national security issues--including terrorism, missile proliferation, and the funding of big-ticket weaponry--and are not well schooled in the inherent vulnerabilities associated with the military and the nation entering the information age.

The intent of yesterday's hearing was to focus their attention on it, he said. "Most of our colleagues know very little" about information warfare, Weldon commented to the panel of Pentagon experts assembled before him. He believes it's an area that requires more congressional involvement and possibly additional appropriations.

The DSB study, for example, recommended the Pentagon allocate $3 billion for information warfare defense over the next five years.

"It's the area we should probably be concentrating the most on," Weldon said.

If the attendance at last week's hearing is any indication, lawmakers are anxious to learn more. Even Rep. Floyd Spence (R-S.C.), chairman of the full National Security Committee, popped in the hearing to listen to the testimony.

Some of the Pentagon officials who testified were encouraged by attempts by Weldon and others to bring information warfare--or what they call "information assurance"--to the center of national debate.

"Anything that shines the spotlight on this is good for us," Lt. Gen. William Donahue, deputy chief of staff for communications and information in the Air Force, said.

Added Army Maj. Gen. David Kelly, vice director of the Defense Information Systems Agency, the Pentagon's lead agency on information technology: "The world is full of number one priorities..but this is certainly one of them."

While assuring lawmakers that the Pentagon is taking the information warfare threat seriously, the senior officials warned of the numerous vulnerabilities that come with increased reliance on computers and other information systems.

The officials acknowledged that the primary information warfare threat is to the Pentagon's unclassified networks, which make up the bulk of DoD computer systems. The classified ones, they said, are for the most part well-protected with encryption devices developed by the National Security Agency.

In recent months the military has suffered several successful cyber attacks on its unclassified networks, which still house "mission critical" information, the officials said. According to Kelly, these "hits" are largely from individual computer hackers and not nation- states or organized groups. Two recent examples involved attackers from the United Kingdom and Romania, he said.

However, Army Lt. Gen. Douglas Buchholz, director for command, control, communications, and computer systems on the Joint Staff, said the Pentagon's ability to detect attackers is not as sufficient as it needs to be.

...An "Electronic Pearl Harbor"

As a result it is difficult to quantify how many people are attempting to sabotage DoD networks. "We do not detect very well when somebody is fooling with us," Buchholz said.

But perhaps the sternest warnings of the cyber warfare threat came from Duane Andrews, who chaired the Defense Science Board study and is a former assistant secretary of defense for command, control, communications, and intelligence. He believes that unless the Pentagon--and the national government at large--is adequately prepared to deal with the information warfare threat, there is the prospect for an "electronic Pearl Harbor."

Andrews, who is currently an executive vice president at Science Applications International Corp., points out that in addition to the threat to military operations there is the potential to "take down" other national assets, including the banking industry, public utilities, and the telecommunications infrastructure.

And, he points out, the Pentagon relies on the commercial telecommunications system for 95 percent of its communications. Without sufficient protection in the commercial sector the Pentagon-- despite all its efforts--will remain highly vulnerable, he added.

Andrews also added that while the Pentagon's classified networks are better protected than their unclassified counterparts, hackers can still cause "disruptions of service." While hackers may not be able to access secret information, they can still prevent the systems from operating for a period of time.

The officials testifying yesterday all agreed that the Pentagon has yet to experience a major attack on its information infrastructure.

Weldon, for his part, said he intends to draft legislation requiring the Pentagon to submit annual reports on its progress in information assurance, including an update on those steps taken to implement the DSB report's recommendations.