Facing armed hackers

Besides the destruction left in the wake of numerous terrorist attacks during the past few decades, another outcome has been a loss of naivete and a recognition that safety in some parts of the world is mostly an illusion.

Today we still live in a state of innocence regarding the Internet. Sure, there have been headline-grabbing incidents, like the repeated attacks on the FBI and Justice Department World Wide Web sites, and the extended closing of the Environmental Protection Agency site because of security concerns. But we haven't had really serious problems, for the most part.

However, the age of Internet innocence could come to an abrupt end following attacks that are potentially far more destructive than software viruses. Two possibilities are attacks by 21st century terrorists using high-energy radio frequency (HERF) guns and electromagnetic pulse (EMP) devices.

An associate of mine told me about a staged HERF gun demo at a recent trade show in which a small device powered by D-cell batteries destroyed a computer from about 30 feet away. The gun also accidentally fried a pair of digital cameras that were set up to record the event.

A HERF gun is basically a signal generator, a high-wattage power source and a highly directional antenna. When triggered, the gun sends a pulse of energy that overloads electronic circuits. Depending on the power of the gun, its distance from the target and other factors, the effects on a targeted computer can be temporary loss of function requiring a reboot or more permanent damage requiring replacement of parts.

Imagine someone driving by the facility housing your agency's Web site with one of those devices mounted in a van.

An even more destructive attack can be mounted using an EMP device, which can burn out computer electronics and destroy data stored on electromagnetic media. A small EMP device can be constructed using ordinary electrical supplies. Delivered to an office — perhaps by a malefactor posing as a computer repair person or a representative of your trusted reseller — an EMP device hidden in an ordinary desktop computer could cause agencywide havoc.

An EMP device hidden in a server and delivered to an agency Web site location, however, would be a thousand times worse. The Web site would be offline for days, perhaps weeks, and the repair cost would be tens if not hundreds of thousands of dollars. If your site is hosted at an Internet service provider that allows co-location, it could be taken down in an mass act of terrorism.

One solution is choosing an ISP that does not allow co-location so that nobody can sneak such a device onto the premises, which should also be shielded from external radiation.

When you're thinking about how to host your new Web site, maybe thinking about the unthinkable would pay off. At the very least, there's a new and powerful argument in favor of outsourcing this particular problem — or increasing your internal security.

—Bragg is an independent consultant and systems architect with extensive experience in the federal market. He welcomes your questions and topic suggestions at tbragg@acm.org.

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.