U.S. sitting duck, DOD panel predicts

By Bob Brewin and Heather Harreld

By Bob Brewin and Heather Harreld

|

The dependence of the United States on computers and communications systems to run its critical power finance and transportation systems places the country at risk in the event of an information warfare (IW) attack according to a report prepared by a toplevel Defense Department advisory panel. Thi

The dependence of the United States on computers and communications systems to run its critical power finance and transportation systems places the country at risk in the event of an information warfare (IW) attack according to a report prepared by a top-level Defense Department advisory panel. This reliance it said has "created a tunnel of vulnerability previously unrealized in the history of conflict" and could have a "catastrophic effect on the ability of [DOD] to fulfill its mission."

The report of the Defense Science Board Task Force on Information Warfare-Defense (IW-D) obtained by Federal Computer Week called the threat of an IW attack "significant " adding that the nation's "vulnerabilities are numerous [and] the countermeasures are extremely limited...."

Citing a specific example the DSB report said one building in Savannah Ga. (a Bell South switching facility FCW learned) houses not only a vital communications hub but information technology systems supporting key electric power and transportation companies. Because Savannah serves as a vital port of embarkation for Army troops based in that area an IW attack against that one building would "make it impossible to deploy military forces at the pace specified in operations plans."

The DSB task force chaired by two former assistant secretaries of Defense for command control communications and intelligence (ASD/C3I) Duane Andrews and Donald Latham viewed the IW problem as so severe that it urged the Pentagon to embark immediately on a crash course to protect against this new form of warfare providing detailed policy funding and legal recommendations.

These recommendations included a controversial call for the Pentagon to have the legal power to protect nongovernmental portions of the infrastructure in the name of "the common defense." To defend DOD and critical nongovernmental systems against IW the report recommends new legal authority that will allow "DOD law enforcement and intelligence agencies to conduct efficient coordinated monitoring of attacks on the critical civilian information infrastructure...."

In carving out a position for DOD to take on this role in the civil sector the report bluntly summed up the problem: "We should not forget information warfare is a form of warfare not a crime or an act of terror." It took an equally blunt approach on how the Pentagon should respond to such an attack or intrusion. "The response could entail civil or criminal prosecution use of military force...diplomatic initiatives or economic mandates."

DSB which said it has urged immediate and concerted action on the IW-D front for the past three years had a number of recommendations on how DOD should get its own information warfare act together. The report said it would take $3 billion over the next five years to translate these recommendations into reality.

This includes establishing the ASD/C3I as the single focal point for IW-D within the department - a necessary step to spread the diffusion of IW responsibilities among the services and Defense agencies according to a source familiar with the thinking of the task force. Emmett Paige Jr. ASD/C3I said he had read a copy of the DSB briefing to deputy secretary of Defense John White. Paige said "I saw nothing in that briefing I do not agree with. I strongly support everything in their briefing."

DISA's Role

The Defense Information Systems Agency would take on a pivotal IW-D role based on the recommendations in the report. It called for DISA to set up an IW operations center to provide tactical warning attack assessment and emergency response with infrastructure restoration capabilities and it pegged funding for this center at $275 million over five years. DISA also should establish a joint office for system network and infrastructure design the report said with funding estimated at $225 million over five years.

DISA director Lt. Gen. Al Edmonds has already acted on these recommendations setting up last week a Global Operations and Security Center and a Programs office (see Intercepts page 34).

Edmonds said DISA decided not to wait to have these recommendations approved. "We're doing this on our own. We want a new focus here...and we're funding it out of our own budget [by] prioritizing on Information Warfare-Defense. The DSB is right on target and they got us rolling."

The Pentagon also needs to refocus its IW research and development the report said recommending $580 million over five years. This poses a tough challenge DSB said because "prior R&D efforts have been in areas such as computer and network security.... Little attention has been paid to surviving willful malicious attack or detecting and eliminating corrupt software."

The DSB task force also took some potshots at some well-established and well-entrenched DOD IW policies and programs. Looking at the national debate over the key escrow encryption systems backed by the Clinton administration the DSB report dismissed encryption as a "distraction.... Encryption simply does not solve all of the information security problems some are led to believe."

The National Security Agency's long-running Multilevel-Secure Information Systems Security Initiative also received short shrift from the task force which suggested commercial products such as security "tokens" rather than passwords could go a long way in the near term toward resolving DOD's security problems.

The task force also brought sober realism to the theme of "information superiority" promulgated by all the services during the past several years to such an extent that it has become almost a mantra. "The doctrine of information superiority assumes the availability of information and information technology - a dangerous assumption.... Published service and joint doctrine does not address the operational implications of a failure of information and technology " the report said.

The intelligence community's ability to handle IW also came in for a similar assessment by the task force which called IW "a nontraditional intelligence problem [that is]...not easily discernible by traditional intelligence." Traditional intelligence skills "are largely irrelevant in the information warfare environment."Percy Pierre an electrical engineering professor at Michigan State University and a member of the DSB task force said DOD's interest in protecting critical infrastructure is a result of "the recognition that the Defense Department is dependent on private-sector assets for logistical support and other types of support."

Any move by government toward civil electronic defense must be delicately balanced to avoid antagonizing the private sector said Winn Schwartau a security consultant and author of several information warfare books.

"For them to blatantly say `We want to monitor ' that creates a huge problem " he said. "If the government says `You don't worry private sector we're going to take care of you ' they're going to have a problem.

NEXT STORY: Paige prods Lockheed Martin to integrate key C3I systems

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.