Facing armed hackers
Besides the destruction left in the wake of numerous terrorist attacks during
the past few decades, another outcome has been a loss of naivete and a recognition
that safety in some parts of the world is mostly an illusion.
Today we still live in a state of innocence regarding the Internet.
Sure, there have been headline-grabbing incidents, like the repeated attacks
on the FBI and Justice Department World Wide Web sites, and the extended
closing of the Environmental Protection Agency site because of security
concerns. But we haven't had really serious problems, for the most part.
However, the age of Internet innocence could come to an abrupt end following
attacks that are potentially far more destructive than software viruses.
Two possibilities are attacks by 21st century terrorists using high-energy
radio frequency (HERF) guns and electromagnetic pulse (EMP) devices.
An associate of mine told me about a staged HERF gun demo at a recent
trade show in which a small device powered by D-cell batteries destroyed
a computer from about 30 feet away. The gun also accidentally fried a pair
of digital cameras that were set up to record the event.
A HERF gun is basically a signal generator, a high-wattage power source
and a highly directional antenna. When triggered, the gun sends a pulse
of energy that overloads electronic circuits. Depending on the power of
the gun, its distance from the target and other factors, the effects on
a targeted computer can be temporary loss of function requiring a reboot
or more permanent damage requiring replacement of parts.
Imagine someone driving by the facility housing your agency's Web site
with one of those devices mounted in a van.
An even more destructive attack can be mounted using an EMP device,
which can burn out computer electronics and destroy data stored on electromagnetic
media. A small EMP device can be constructed using ordinary electrical supplies.
Delivered to an office perhaps by a malefactor posing as a computer repair
person or a representative of your trusted reseller an EMP device hidden
in an ordinary desktop computer could cause agencywide havoc.
An EMP device hidden in a server and delivered to an agency Web site
location, however, would be a thousand times worse. The Web site would be
offline for days, perhaps weeks, and the repair cost would be tens if not
hundreds of thousands of dollars. If your site is hosted at an Internet
service provider that allows co-location, it could be taken down in an mass
act of terrorism.
One solution is choosing an ISP that does not allow co-location so that
nobody can sneak such a device onto the premises, which should also be shielded
from external radiation.
When you're thinking about how to host your new Web site, maybe thinking
about the unthinkable would pay off. At the very least, there's a new and
powerful argument in favor of outsourcing this particular problem or increasing
your internal security.
Bragg is an independent consultant and systems architect with extensive
experience in the federal market. He welcomes your questions and topic suggestions
at [email protected].