Sophisticated weapon-system computers are vulnerable to "viruses" just like business and personal computers, but experts say efforts to fight such software sabotage are barely beyond the planning stages.
Viruses - actually small strings of computer code - can be stealthily inserted into software programs, where they may lie dormant for months or years before causing computers, and the weapons they help control, to go haywire."Software attack, often best carried out with the aid of well-placed insiders, is emerging as a coherent new type of systematic offensive warfare," Scott A. Boorman, a Yale University sociology professor, and Paul R. Levitt, a mathematician, wrote recently in the military electronics journal Signal.
"It can be waged far removed in space and time from any battlefield to affect not only combat outcomes, but also peacetime balances of power," they wrote. It can "strike key civilian targets, such as electronic funds transfer, other financial and data communications, air traffic control systems and even the vote-tallying machinery at the heart of the democratic process."
Their article discussed the threat "viruses" pose to computers used by the military and government agencies with a national security mission.
Within the past year, viruses have "infected" computers at NASA, the National Oceanic and Atmospheric Administration, information systems on Capitol Hill, George Washington University, Lehigh University and Hebrew University in Jerusalem. They also have slowed IBM's electronic mail system to a crawl and reportedly caused video monitors in Silicon Valley to burst into flames, apparently by speeding up the cycle speed of certain video functions.
Tactics that can be used to disrupt computer operations include:
-Viruses, essentially small programs that can hide in the computer's operating system, giving orders that range from a relatively benign message that flashes on the screen to destruction of data files or erasure of disks. A virus differs from other sabotage in that it clones itself and spreads.
-"Trojan horses," programs that look and act like normal ones but contain hidden commands that eventually take effect and cause havoc.
-"Logic bombs," small sets of instructions surreptitiously entered into other software, where they remain undetected and inactive until the computer arrives at a certain result during normal computation.
-"Time bombs," which go into action at a set date and time.
The supersecret National Security Agency, based at Fort Meade, Md., is responsible for safeguarding the security of U.S. government computer systems. It has set up the National Computer Security Center at Fort Meade to help the military, defense contractors and other private companies cope with software warfare and other threats to vital computer systems.
Spokeswoman Pat Coulson said the NSA had no comment on the Signal article.
Michael Harrison, a computer science professor at the University of California at Berkeley, said the center has developed criteria for "trusted computer system evaluation . . . This is a practical attempt to decide what systems are more trustworthy than others."
Boorman and Levitt said much more needs to be done to develop effective technical countermeasures, and to alert military commanders as well as civilian managers. "Strategic, tactical and logistic planning to meet the software warfare challenge remains in its infancy in many cases," they wrote.