In describing the intrusions into its computer sites, the
Department of Defense's words had the gravity of a serious breach
of national security. They were "the most organized and systematic
attack the Pentagon has seen to date," announced an official.
In an interview days later, one of the perpetrators, a high
school boy in Cloverdale, Calif., who in cyberworld is known as
Makaveli, explained his motive: "It's power, dude, you know, power."
Is the Information Age a time of unprecedented strategic
vulnerability for the United States, where enemies can wage war by
unconventional means? Or is it a venue mainly for electronic
ankle-biting that is more annoying than dangerous?
"All of the above," says Frank Cilluffo, a senior analyst at
the Center for Strategic and International Studies in Washington.
"At one end, it's a tool for conventional warfare, terrorism, and
organized crime. At the other, it's the hackers, the kids, whose
intent is not necessarily hostile."
Experts place their concern on different points of Mr.
Cilluffo's spectrum. To date, most activity has been at the
less-serious end. But most agree that the unprecedented reliance on
the flow of information between computers and along the Internet
has opened new vulnerabilities.
In dealing with the risks, the old rules don't apply. When
cyber intrusions can be launched from anywhere, the traditional
distinction between foreign defense and domestic law enforcement
blurs. So does the neat separation of government and private-sector
responsibility when the phone lines, for instance, transport
growing amounts of civilian information and commerce as well as
more than 90 percent of military communications.
Aside from the regularity of hacker headlines, like the
Pentagon intrusion earlier this month, which reportedly did not
penetrate any classified sites, the issue of cyber-security has
been relatively low key. Its breadth and complexity had something
to do with that. Experts also point out there has been no
catastrophic incident - an indication to some that there is no
cause for alarm. In addition, there has been ambivalence among some
policymakers about the wisdom of broadcasting vulnerability.
Whatever the reason, that low-key approach is changing.
Indeed, the White House is expected to soon implement the first
broad-based, national effort to respond to the threat. A commission
set up by President Clinton in 1996 has urged steps such as more
R&D to find better information-security tools, a concerted effort
to raise public awareness, and the creation of new structures for
greater cooperation between government and industry.
Gen. Robert Marsh, chairman of the Presidential Commission on
Critical Infrastructure Protection, says he expects action on the
group's recommendations "in a week or two." It would include, he
hopes, appointing someone to the National Security Agency to act as
a "highly visible" point person on information and infrastructure
The commission's work was massive, charged with examining how
to protect key functions like the nation's communication and power
systems, given their increasing dependence on computers. A small
step was taken in late February when Attorney General Janet Reno
put the FBI in charge of a new infrastructure protection center
that will gather and disseminate information.
Still, even supporters of the pioneering work say it's just a
start. In testimony to Congress last year, Peter Neumann, principal
scientist in the Computer Science Lab at the research firm SRI
International, wrote that the commission "has identified only the
tip of a very large iceberg. …