Article
from
Newsday
U.S. Cyber Defense Needs to Surge
by Joseph S. Nye, Jr.
March 25, 2002
Reprinted from Newsday
National Security is changing. Technology is putting into the hands of
individuals and groups destructive powers that were once reserved to
governments.
Even the horrors of Sept. 11 will pale if terrorists obtain weapons of mass
destruction, but that is not the only threat. We also face threats of mass
disruption coming from cyberspace.
Damage done by imported viruses can be larger in terms of money or lives
lost than the effects of some wars. The May 2000, Love Bug virus
launched by a hacker in the Philippines did billions of dollars of damage in
the United States. If a hacker or cyberterrorist closed down electrical
power grids in a northern city some winter, thousands of lives could be
lost.
As the U.S. Commission on National Security in the 21st Century pointed
out, our country has not been invaded by foreign armies since 1814, and
the military is designed to project force and fight wars far from our
shores. But our military is not well equipped to protect us against an
attack on our homeland by terrorists wielding weapons of mass
destruction or mass disruption.
Information technology has some effects on the use of force that benefit
the small against the powerful. The off-the-shelf commercial availability of
formerly costly military technologies benefits small states and
nongovernmental actors and increases the vulnerability of large countries
such as the United States.
Today, for example, anyone can order inexpensively off the Internet
one-meter resolution satellite images of what goes on in military bases.
Commercial firms and individuals can go to the Internet and get access to
satellite photographs that were top- secret and cost governments billions
of dollars just a few years ago. Terrorists can purchase pictures of
American bases as well as commercial facilities. And thousands of Web
sites provide free advice on how to break passwords and steal data.
Global positioning devices that provide precise locations, once the
property of the military alone, are readily available at local electronics
stores. What''s more, information systems create vulnerabilities for rich
states by adding lucrative targets for terrorist groups. Former House
Speaker Newt Gingrich, who has looked deeply into the subject, says,
"There''s a real danger that a powerful nation will believe it can create the
cyberspace equivalent of a Pearl Harbor sneak attack. It''s conceivable in
the next 25 years that a sophisticated adversary, such as a small country
with cyberwarfare resources, will decide it can blackmail the United
States."
There is also the prospect of freelance cyber attacks. For example, after
the Hainan airplane collision in 2001, both Chinese and American hackers
engaged in a spate of attacks on both government and private Web sites
in each other''s countries.
Cyberspace attackers may be governments, groups, individuals or some
combination. They may be anonymous and not even come near the
country. In 1998, when Washington complained about seven Moscow
Internet addresses involved in the theft of Pentagon and National
Aeronautics and Space Administration secrets, the Russian government
replied that phone numbers from which the attacks originated were
inoperative. The United States had no way of knowing whether the
Russian government had been involved.
Many nations have developed aggressive computer-warfare programs.
But, as anyone with a computer knows, any individual can also enter the
game. With a few keystrokes, an anonymous source anywhere in the
world might break into and disrupt the private power grids of American
cities or the public emergency-response systems.
Improving U.S. government firewalls is important, but not enough. Every
night, American software companies send work electronically to India and
other countries where software engineers can work, while Americans
sleep, and send it back the next morning. Someone outside our borders
could also embed trapdoors deep in the computer code for use at a later
date.
Recently, the Pentagon announced a ban on non-citizens working on a
wide range of computer contracts - including processing paychecks and
writing software for tracking supplies. But as Richard Clarke, the
cybersecurity adviser to President George W. Bush argued, trying to
restrict information technology professionals to American citizens would be
far less effective than redesigning the architecture of our information
systems, the majority of which are in the private sector.
Those who argue that our military success in Afghanistan proves that
unilateralism works in the war against terrorism are thinking about national
security in overly simple military terms. Our military response was a
necessary but not a sufficient response. Equally important will be the
development of civilian cooperation with other countries in intelligence
sharing, police work and tracking financial flows. There is no unilateral
solution to the threats to our security in an information age.
Joseph S. Nye is dean of the Kennedy School of Government at Harvard
University and co-author of ''''Governance in a Globalizing World.''''
