Computer-savvy crooks constantly probe America's premier financial institutions. The new generation of safecrackers doesn't need dynamite or drills, but uses digital tricks that include breaking encrypted codes (like passwords) or inserting Trojan horses, worms and other computer viruses into the information systems of banks and investment firms.
American defense systems are also vulnerable. Given America's reliance on computers and digital data links, this means weapons, weapons delivery platforms (e.g., airplanes), intelligence systems (satellites) and communications systems, from tactical radios to global strategic systems, face a digital threat.
Filching video from American Predator unmanned aerial vehicles (UAVs) operating over Iraq and elsewhere serves as an example of a type of cyber-theft. StrategyPage.com pointed out last Dec. 18 why Predator video feeds could be intercepted using off-the-shelf programs for stealing commercial television satellite transmission. "(S)ometimes, you take a chance," StrategyPage observed. "And then you get caught. For years, the video from UAV was unencrypted. This was to save communications capacity ("bandwidth"), which was always in short supply. To encrypt the video would require more bandwidth, and specialized equipment on the UAVs and ground receivers. ... This was not a secret, it was known to people in the business. Now everyone knows, and encryption, and all its costs, will be added to UAV video broadcasts."
StrategyPage noted this was not a "hack" to the Predator's digital controls, but akin to electronic eavesdropping or tapping a telephone. However, the prospect of taking over the computers running an aircraft or commo system -- or, in the civilian sector, a city's electrical grid -- concerns cyber-warriors.
The U.S. military believes digital communications systems capable of creating "shared situational awareness" are critical to 21st century modernization. "Shared situational awareness" is Pentagonese for letting soldiers know where they are located, where friendly forces are positioned and what the enemy is doing. A digital system connecting infantrymen, tanks, helicopters, aircraft and ships would permit soldiers to share real-time intelligence, find the best defensive position or select the best available weapon to strike the enemy.
A reliable system passing accurate locations and weapons effects data would greatly lower the risk of "friendly fire" striking friendly units. However, can cyber security protecting such a complex "battlefield wi-fi" fend off enemy hackers employing armies of digital worms and Trojan horses?
"App mania" (use of computer applications in digital devices) afflicts every community on the planet with a cell tower and Internet connection. People download billions of applications each year. Despite antivirus software, each download risks viral infection. According to thetechherald.com, in September 2009 the Zeus Trojan "family of Malware" infected 3.6 million personal computers in the U.S., and Zeus viruses target "banking related information."
A calculated cyber-attack that disrupts or destroys the civilian Internet would have immense financial consequences. Disrupting military digital communications and targeting systems at a critical moment in war could be catastrophic.
Cyber-security experts I have interviewed on background tell me they fear that America's ability to protect its digital systems from cyber-assault has deteriorated, despite spending hundreds of billions for digital defense (to include "hard defense" like protected cabling for fiber optics networks and sophisticated firewalls).
There are a number of reasons. China and other potential adversaries employ cyber-warfare battalions -- the hackers' techniques have improved. Modern software itself is complex and sometimes difficult to troubleshoot. Constant patching and updating creates vulnerabilities. Attacks can also be launched from inside an organization, by a "cyber-saboteur." Defense and intelligence agencies take the cyber-traitor scenario quite seriously.
Last month, the Obama administration appointed Howard Schmidt as "cyber-czar." Schmidt has an impressive resume, with civilian and governmental cyber-security experience. His portfolio could extend through all federal civilian, intelligence and military agencies -- and perhaps it should. He will coordinate both Pentagon and Homeland Security cyber-operations.
Schmidt must use his clout to develop new security tools and systems that will protect America's digital devices and networks. The challenge, however, is immense. The Center for Strategic and International Studies report "Securing Cyberspace for the 44th Presidency" (dated December 2008) said the U.S. needs a "comprehensive national security strategy for cyber-space." Achieving that goal should be on Schmidt's agenda.