U.S. Government Report Exposes Computer Security Threat

Washington, D.C. -- Computer hackers using software widely available on the World Wide Web could bring down the nation's electrical power grid and military command and control systems, according to a U.S. government report released yesterday.

A complete overhaul of U.S. national security agencies and policies is needed to avert cyber attacks that could cripple the nation's and Corporate America's critical infrastructure, the report states.

The report, entitled, "CyberCrime, CyberTerrorism, and CyberWarfare: Averting an Electronic Waterloo,'' recommends several procedures U.S. policy makers can implement to defend the nation's critical infrastructures from information warfare. "Averting an Electronic Waterloo'' is the result of a three-year effort by the Center For Strategic and International Studies' Global Organized Crime project, chaired by William Webster, former FBI and CIA director.

To illustrate how vulnerable the U.S. defense and national security community is to an information attack, the report notes the results of a recent Joint Chief of Staff exercise code-named "Eligible Receiver.'' A group of security experts, known as a ``red team,'' used software widely available from hacker Web sites to prove that they could disable major portions of the U.S. electric power grid and deny computer services to the entire Pacific military command and control system through an information warfare attack.

"It's unsettling to know that you could be experiencing an attack from almost any quarter and not know when it started or where its coming from,'' said Senator Charles Robb (D-Va.), a member of the Senate Select Committee on Intelligence.

"CyberCrime looks at the problem of cyber attacks on the U.S. infrastructure -- a serious problem which, in the opinion of most [experts], has not been adequately addressed,'' Webster said.

A broad-based security policy must address the total impact of the information revolution on national security, but will not be effective unless government works closely with private corporations -- which are often on the front lines of cyber attacks, the report states.

Robb said the U.S. should prepare now and not wait for a catastrophe to occur. In fact there are already indications that about 20 foreign nations have already successfully penetrated U.S. information systems, according to the report.

CSIS task force recommends the development of a national security policy for the Information Revolution. The president should issue an executive order that requires a top-down review of all the organizations responsible for information security and CyberCrime.

CSIS also recommends that the government support private-sector efforts to improve information security such as the Information Systems Security Board proposed by the telecommunications industry. ISSB would be a private sector-organized group which would evaluate and endorse information security standards.

In the past the government has lead the private sector. But with the growing cyber threat, that can't continue to happen. "The private sector cannot sit back and wait for government to lead,'' Robb said.