There's growing evidence that what Sen. Fred Thompson, R-Tenn., ominously refers to as "the darker side of the information revolution" might turn out to be even darker than previously thought.
But the problem, which should be a top national security priority, has gone largely ignored by government officials, the general public and the media.Our associate Aaron Karp has reviewed numerous government reports and expert testimony regarding the security of the federal government's various computer systems. We're sorry to report that the United States is becoming increasingly vulnerable to a devastating cyber attack by terrorist hackers.
Peter G. Neumann, a leading private-sector computer scientist who's had experience with federal computer programs dating back to the 1950s, warned Thompson and his colleagues that they'd better start taking the threat of cyber terrorism seriously.
Neumann characterized the Pentagon's Internet computer security as "flimsy," and expressed concern that lawmakers and government officials won't grasp the "magnitude of the potential risks until we are hit by devastating attacks that demand immediate at-ten-tion."
Federal agencies are scrambling to solve the Year 2000 glitch that threatens to shut down computers at the stroke of midnight on Dec. 31, 1999. But the Year 2000 problem, wrote Neumann, "is just the tip of an enormous iceberg."
Just ask officials at the State Department. Congressional investigators from the General Accounting Office conducted a mock attack on State's computer systems, and the results proved to be quite embarrassing for department bigwigs.
"Unfortunately, our penetration tests were largely successful," reported the GAO. "They demonstrated that State's computer systems and the information contained within them are very susceptible to hackers, terrorists or other unauthorized individuals seeking to damage State operations or reap financial gain by exploiting the department's in-for-ma-tion-security weaknesses.
"For example, without any passwords or specific knowledge of State's systems, we successfully gained access to State's networks through dial-in connections to modems. Having obtained this access, we could have modified, stolen, downloaded or deleted important data, shut down services and monitored network traffic such as e-mail and data files."
The GAO was also able to dupe several State employees into giving up passwords and other information that would enable hackers to gain access to information that's normally off-limits to all but high-ranking department officials. GAO investigators called one State employee claiming to be "systems maintenance personnel" and were able to persuade her to disclose her password.
And "in several instances," investigators were "able to enter a State facility without required identification." In one "unlocked office, we found unattended personal computers logged on" to State computer networks. One careless bureaucrat had taped his password and user identification to his computer. Using these computer terminals, the GAO was able to "download a file that contained a password list," which gave investigators easy access to State computer networks.
The first step to strengthening the security of federal computer networks, experts agree, is simply to admit that there's a problem. We've become so enamored with the many positive aspects of the computer revolution that we've blindly become dependent on the new technology without seriously considering the potential risks that come along with it.
As Neumann points out in his testimony, it's "unpopular" to talk about threats to computer security "openly, and thus the risks tend to be largely downplayed - if not almost completely ignored."
But we'd better start paying attention to these hazards before it's too late. "We as a nation cannot wait for the `Pearl Harbor' of the information age," Thompson cautioned at the Senate hearing. "We must increase our vigilance to tackle this problem before we are hit with a surprise attack."
United Feature Syndicate, Inc.