Calling on local cybersleuths

Because cyberattacks can come from many sources — not just terrorists —

the nation should enlist the help of state and local agencies, never before

considered as part of the national security apparatus, says cybersecurity

expert Michael Vatis.

Vatis highlighted the situation by relating the story of a series of

intrusions to more than 500 Defense Department computers systems in 1998.

The hackers had an access level similar to that of a systems administrator.

At the time, the United States was having problems with Saddam Hussein,

and coincidentally, the intrusions were traced back to the United Arab Emirates.

Several U.S. officials thought it was a direct cyberattack and contemplated

military action against Saddam.

However, within three days of investigating the incident, it turned

out the United Arab Emirates was a "weigh station" and the hacking was traced

to California.

"It was not information warfare, it was run-of-the-mill hacking of teenagers,"

but it had the military wanting to go to war, said Vatis, who was the first

director of the FBI's National Infrastructure Protection Center.

Speaking at the National Conference of State Legislatures meeting on

anti-terrorism technology Dec. 6 in Washington, D.C., Vatis said computers

could be used as a weapon to attack other computers and disrupt or take

out, for example, the country's electrical, telecommunications or financial

systems.

"If well-directed and well-coordinated, it could take out some of our

critical infrastructures," he said, adding that one incident could affect

the entire country.

When a cyberattack happens, a systems administrator has no way of knowing

who broke in, what was done and whether it was an isolated or a coordinated

attack, but it's absolutely critical for law enforcement to become involved,

he said.

A number of different "actors" could be responsible, Vatis added, including

teen hackers, disgruntled workers, competing companies, an organized criminal

group, a foreign espionage service or foreign military government — not

just terrorists.

Because the federal government doesn't have the resources to investigate

cyberattacks on a nationwide basis, the country needs to enlist the help

of state and local agencies. They would have to be trained and equipped

with equipment to help in the detection and prevention of such incidents.

Vatis, who is director of the Institute for Security Technology Studies

at Dartmouth College, said his group has been working with state and local

agencies to discuss needs, including financial resources and training. He

said online training classes on this topic might become a better option

than traditional classroom training.

He said his group also is discussing ways to develop a database of experts

who can help investigate computer intrusions and crimes.