If you believed press reports earlier this year, Chinese technogeeks were preparing to bring down the Internet by jamming American web sites. Supposedly they were upset over the up-close-and-personal encounter between our EP-3E surveillance aircraft and their fighter jet over the South China Sea.
Alas, "Hack the USA Week" was a bust and may have been mainly media hype in any case. As it turned out, only a few United States web sites with sloppy security were defaced with graffiti.
That's the good news. The bad news is—as with last year's Love Bug virus attacks—these pranks are diverting attention from a more serious problem. The real threat is not the hackers you see; it's the ones you don't.
Military organizations in several countries are busy developing capabilities for computer network attacks. There is also a growing international trade among terrorists in "hackers for hire." Corporate spies and organized crime are getting into the act too.
These pros are developing tools to steal data and win wars. Professional info-warriors spend months probing targeted networks. When they crack into a network, they don't publicize their success. They exploit it.
If a crisis were to break out—say, a conflict between the United States and China over Taiwan—these specialists could attack U.S. computer networks to intimidate American leaders or complicate military mobilization. Terrorists could use computer warfare to hamstring civil defense workers and police responding to bombings and other attacks.
The most likely targets would not be military networks but commercial and civilian infrastructure—the computers that control transportation systems, financial networks, communications, and the like. Commercial systems are usually easier to dial into and less secure. Civilian operators are also less aware of hard-core computer warriors and terrorists.
Fortunately, there is time to prepare. Even more important, this is one area in which the military services, U.S. industry, civil libertarians, and the public all share common interests.
The technology and security measures that make it harder for cyberterrorists and computer warriors are the same measures that would protect the privacy of individuals and the safety of electronic commerce: strong encryption, easy-to-use security software, and better education about the threat.
Everyone would be better off if we also had better planning that allowed businesses, the military, and law enforcement officials to work together. For this to happen, the public needs to be able to trust both government and industry—which means we need effective oversight.
Finally, the government needs to adopt policies that let U.S. companies remain predominant in the global information economy. It will be easier to fend off insider threats if more software and hardware are designed in the United States, not in some other countries one can think of.
In today's deregulated, global economy, information industry companies can set up shop almost anywhere. The United States needs policies that attract the best businesses and let them compete effectively. It has been said that computer warfare is the dark side of the information revolution. With a little effort, sensible policies, and good faith, we can prepare.