Are cyberterrorists for real?
- By Dan Verton
- Jun 26, 2000
The debate over whether the United States faces imminent danger from cyberterrorist
attacks took a new turn last week when the top defender of the nation's
key information systems said "terrorism" may be too strong a word when describing
Richard Clarke, national co-ordinator for security, infrastructure protection
and counterterrorism at the National Security Council, said that while it
would be a "tough call" to tell the difference between an attack by hackers
and one launched by terrorists intent on disrupting national security, the
administration's cyberdefense programs are battling a perception problem
that stems from the misuse of the word terrorism.
"Maybe we shouldn't be saying 'cyberterrorism.' Maybe we should be saying
'information warfare,'" said Clarke, who spoke at a conference on cyberattacks
and critical infrastructure protection sponsored by the American Enterprise
Institute for Public Policy Research in Washington, D.C. "In the end, you're
going to know it when you see it," he said, referring to the difference
between joy-riding hackers and state-sponsored cyberattacks.
Clarke's comments underscore a significant problem for the Clinton administration,
which has failed to convince Congress to support some of its key cyberdefense
initiatives including the Federal Cyber Services initiative, which would
offer college students scholarships to study information security in return
for government service.
Experts agree that, to date, most of the major cybersecurity incidents
are best described as nuisance attacks, although many fear that a devastating
surprise attack, sometimes referred to as an "electronic Pearl Harbor,"
This month, at a similar conference on Capitol Hill sponsored by The
Brookings Institution, experts blamed a Cold War budget mentality for shortcomings
in the government's information technology and security programs [FCW, June
19]. Jeffrey Hunker, senior director for critical infrastructure protection
at the NSC, said that although the government tries to be proactive, he
believes that "we are going to get nailed seriously" sooner rather than
By not preparing for the worst-case scenario, we may be endangering
the public's civil liberties, according to Clarke, who argued that "a lot
of people are going to be willing to throw civil liberties out the window"
in an effort to recover from an attack that cripples large portions of the
nation's critical infrastructure.
Elizabeth Rindskopf Parker, former general counsel for the CIA and the
National Security Agency, agreed that preparation is crucial, and, in the
current legal system, defensive measures are more "workable" than offensive
ones. Overall, however, cyber-defense "is not well understood and is not
talked about sufficiently," she said.
Rep. Curt Weldon (R-Pa.), chairman of the House Military Research and
Development Subcommittee, said pretending the threats are not there is not
a solution, and he criticized the Clinton administration for decreasing
high-tech R and D spending. "We are seeing efforts by rogue groups to acquire
encryption algorithms and sophisticated tools," said Weldon, who spoke last
week at the GovTech 2000 convention in Washington, D.C. "The administration
has lulled the American people into a false sense of security.
John Pike, a defense analyst with the Federation of American Scientists, agreed that
the debate over the threat of cyberattacks to the nation's security has
been overblown. Although something much larger than the recent denial-of-service
attacks is likely on the horizon, Pike said he does not believe it will
be anything like an electronic Pearl Harbor.
"I hope that [Clarke's comments] will get the debate out of the realm
of cartoons and help people focus on real problems," he said. "Most of the
time I feel like I'm watching a really bad cartoon."