In February, Internet invader and electronic intruder Kevin Mitnick was brought to ground in Raleigh, North Carolina, by San Diego-based researcher Tsutomu Shimomura and the FBI, in an adventure story that merits a movie script. Mitnick's alleged misdeeds, which include snooping through others' e-mail and stealing credit card numbers from computer systems nationwide, serve to focus the information industry's attention on questions of security and intelligence. These were just the issues explored last November at the Third International Symposium on National Security & National Competitiveness: Open Source Solutions, in Alexandria, Virginia. The meeting was a production of OSS, Inc. (Open Source Solutions).
Business is about survival of companies, nations, and people, according to featured speaker Douglas Bernhardt, Business Research Group SA. Competitive advantage, he said, is to know the enemy. Bernhardt and other business leaders, government officials information professionals, global thinkers, and even some hackers came together at the Symposium to warn an audience of industry people, government officials, and academics of holes in our national and industrial security net.
As a nation, they warned, we are ill prepared to avoid security problems with the vast data we transmit over computer networks, and that leaves us perilously open to competitive disadvantage. Our vulnerability will be even greater as our public use of networks increases, because anyone with moderate technological skill can penetrate our public, commercial, and government data networks. If we do not fundamentally restructure our thinking, disastrous events will force us to do so.
Threats to Governing and Doing Business Safely
Looking at issues of security, Winn Schwartau of INTERPACT, in a talk entitled "Chaos in Cyberspace," said that people don't really even recognize the problem. Our intelligence, military, and commercial systems networks are up and running. If they stop, we have denial of service and a big problem.
We know how to secure systems, Schwartau said. We know about integrity--we have just about solved the problem using encryption-style techniques, and we have the infrastructure to build it in. What we do not have, he observed, are immediate answers or even ideas on implementation.
The future of warfare will be economic and social, according to Schwartau. Attacks will occur on Wall Street, the Federal Reserve System, or other vulnerable areas. When technology is developed, someone somewhere finds how to use it in a malicious way. We must acknowledge the problem now so that there is a chance we can solve it. We need to recognize that the Internet is a real problem as well as a real asset, he advised.
Continuing this theme, Robert D. Steele, founding president of OSS, asserted that information is a strategic asset of the United States today. We must protect it both through policy and through strategy, he said. "The world has changed from a tangible to an intangible virtual world ... And we are inviting attacks (on the information we generate and own)."
There is no safe environment in cyberspace, and in the current system there are no hooks for security, Steele said. In industry, the stockholders of an organization should demand a secure computing environment. In government, the NII needs to be security driven so no denial of services can occur.
The "Hackers" Weigh In
Among the self-described hackers who attended the security and competitiveness symposium, some held their own sessions to discuss capabilities and to target computer system vulnerabilities. (They also took pains to establish a sharp difference between themselves as symposium participants and hackers who destroy data, "immature kids who do not know how to do anything else," according to Emmanuel Goldstein. Goldstein received an OSS Golden Candle Award "in recognition of his awesome feat in bringing together 1400 hackers, cyberpunks, and hacker wannabes at Hackers on Planet Earth (HOPE) in New York City in August last year. …