Cyber Threats: How Serious? Teenage Hacker's Breach of Pentagon Computer Site Points to Growing Problem of Break-Ins and Cyberterrorism

Article excerpt

In describing the intrusions into its computer sites, the Department of Defense's words had the gravity of a serious breach of national security. They were "the most organized and systematic attack the Pentagon has seen to date," announced an official.

In an interview days later, one of the perpetrators, a high school boy in Cloverdale, Calif., who in cyberworld is known as Makaveli, explained his motive: "It's power, dude, you know, power."

Is the Information Age a time of unprecedented strategic vulnerability for the United States, where enemies can wage war by unconventional means? Or is it a venue mainly for electronic ankle-biting that is more annoying than dangerous? "All of the above," says Frank Cilluffo, a senior analyst at the Center for Strategic and International Studies in Washington. "At one end, it's a tool for conventional warfare, terrorism, and organized crime. At the other, it's the hackers, the kids, whose intent is not necessarily hostile." Experts place their concern on different points of Mr. Cilluffo's spectrum. To date, most activity has been at the less-serious end. But most agree that the unprecedented reliance on the flow of information between computers and along the Internet has opened new vulnerabilities. In dealing with the risks, the old rules don't apply. When cyber intrusions can be launched from anywhere, the traditional distinction between foreign defense and domestic law enforcement blurs. So does the neat separation of government and private-sector responsibility when the phone lines, for instance, transport growing amounts of civilian information and commerce as well as more than 90 percent of military communications. Aside from the regularity of hacker headlines, like the Pentagon intrusion earlier this month, which reportedly did not penetrate any classified sites, the issue of cyber-security has been relatively low key. Its breadth and complexity had something to do with that. Experts also point out there has been no catastrophic incident - an indication to some that there is no cause for alarm. In addition, there has been ambivalence among some policymakers about the wisdom of broadcasting vulnerability. Presidential commission Whatever the reason, that low-key approach is changing. Indeed, the White House is expected to soon implement the first broad-based, national effort to respond to the threat. A commission set up by President Clinton in 1996 has urged steps such as more R&D to find better information-security tools, a concerted effort to raise public awareness, and the creation of new structures for greater cooperation between government and industry. Gen. Robert Marsh, chairman of the Presidential Commission on Critical Infrastructure Protection, says he expects action on the group's recommendations "in a week or two." It would include, he hopes, appointing someone to the National Security Agency to act as a "highly visible" point person on information and infrastructure security. The commission's work was massive, charged with examining how to protect key functions like the nation's communication and power systems, given their increasing dependence on computers. A small step was taken in late February when Attorney General Janet Reno put the FBI in charge of a new infrastructure protection center that will gather and disseminate information. Still, even supporters of the pioneering work say it's just a start. In testimony to Congress last year, Peter Neumann, principal scientist in the Computer Science Lab at the research firm SRI International, wrote that the commission "has identified only the tip of a very large iceberg. …