Calling on local cybersleuths
- By Dibya Sarkar
- Dec 06, 2001
Because cyberattacks can come from many sources — not just terrorists —
the nation should enlist the help of state and local agencies, never before
considered as part of the national security apparatus, says cybersecurity
expert Michael Vatis.
Vatis highlighted the situation by relating the story of a series of
intrusions to more than 500 Defense Department computers systems in 1998.
The hackers had an access level similar to that of a systems administrator.
At the time, the United States was having problems with Saddam Hussein,
and coincidentally, the intrusions were traced back to the United Arab Emirates.
Several U.S. officials thought it was a direct cyberattack and contemplated
military action against Saddam.
However, within three days of investigating the incident, it turned
out the United Arab Emirates was a "weigh station" and the hacking was traced
"It was not information warfare, it was run-of-the-mill hacking of teenagers,"
but it had the military wanting to go to war, said Vatis, who was the first
director of the FBI's National Infrastructure Protection Center.
Speaking at the National Conference of State Legislatures meeting on
anti-terrorism technology Dec. 6 in Washington, D.C., Vatis said computers
could be used as a weapon to attack other computers and disrupt or take
out, for example, the country's electrical, telecommunications or financial
"If well-directed and well-coordinated, it could take out some of our
critical infrastructures," he said, adding that one incident could affect
the entire country.
When a cyberattack happens, a systems administrator has no way of knowing
who broke in, what was done and whether it was an isolated or a coordinated
attack, but it's absolutely critical for law enforcement to become involved,
A number of different "actors" could be responsible, Vatis added, including
teen hackers, disgruntled workers, competing companies, an organized criminal
group, a foreign espionage service or foreign military government — not
Because the federal government doesn't have the resources to investigate
cyberattacks on a nationwide basis, the country needs to enlist the help
of state and local agencies. They would have to be trained and equipped
with equipment to help in the detection and prevention of such incidents.
Vatis, who is director of the Institute for Security Technology Studies
at Dartmouth College, said his group has been working with state and local
agencies to discuss needs, including financial resources and training. He
said online training classes on this topic might become a better option
than traditional classroom training.
He said his group also is discussing ways to develop a database of experts
who can help investigate computer intrusions and crimes.