Fighting the virtual Cold War: There's no peace in cyberspace
- By Brig. Gen. Robert F. Behler
- May 24, 1998
Less than a decade after the Berlin Wall came tumbling down, we are in the midst of a new Cold War. Unlike its predecessor, this Cold War doesn't revolve around bombs and missiles, it revolves around information.
A digital enemy can bypass the military and take down critical infrastructure— automated power plants, stock markets and transportation systems— and disable this nation without firing a shot.
Call it a virtual Cold War, but the potential threats are tangible. The information superhighway is lined with warehouses that store our personal histories. While easy access to this information makes our lives more convenient, it also makes us more vulnerable.
These ubiquitous information warehouses are vulnerable to theft, manipulation and destruction. Imagine the impact on your life if someone broke into your personal digital record and changed your pay account, altered your credit rating, tampered with your drug prescription at the pharmacy or publicized the movie you watched at a hotel.
This sensitive data must be secured from digital highway bandits or computer terrorists. Yet few individuals or corporations pay attention to computer security. Recent estimates suggest that security breaches cost our nation billions of dollars in lost information, research and other intellectual properties. A survey by the Computer Security Institute and the FBI found that 520 of the Fortune 1,000 businesses reported digital theft losses of nearly $140 billion in 1997— up 37 percent from 1996.
As the point man for computer security at the U.S. Strategic Command, which directs all U.S. strategic nuclear forces, I'm keenly aware of the stakes of warfare in the cyberworld. Each day, I see evidence that the United States is in a digital war with cyberbandits and terrorists who are intent on destroying our nation's computer systems. We are faced with individuals who may attack our computer systems, and more than 30 nations have sponsored programs to disrupt information systems worldwide. Experience has taught me that there is no peace in the cyberworld.
The Defense Department recently received a wake-up call when a few well-networked teen-age hackers broke into several of unclassified systems. The deputy secretary of Defense called these intrusions "the most organized and systematic attack the Pentagon has seen to date." The tools we use to protect our systems against these bandits are expensive and complicated, while hackers often use tools that are free and simple to operate.
Keeping ahead of cyberenemies must become a national priority. Our commitment to protect information is a vital national interest. To help achieve this goal, I suggest the United States commit to a "Year of Cyberspace Security." Such an initiative would range from teaching schoolchildren the consequences of giving out their Internet addresses to developing better means of safeguarding sensitive information.
Thanks to the ongoing efforts of industry and academia, we are armed with a quiver of defensive weapons to protect our systems. However one critical arrow is still missing: a national awareness that we are, in fact, in the midst of a digital arms race that is unlikely to have a peaceful conclusion.
Are we losing this war in cyberspace? Maybe; at this time I'm not certain. But I am certain that if we maintain the current level of complacency about computer security, 21st century cyberwarlords will "eat our lunch."
The Year of Cyberspace Security is an idea whose time has arrived. We must step up to this challenge now or face an electronic Pearl Harbor that could sink a lot more than a few ships.
Behler is director of command, control, communications and computer systems for the U.S. Strategic Command.