Thoughts for the bit bucket
Wed Jun 21 20:02:50 MDT 2000

This morning I took a look at the article at http://www.fcw.com/fcw/articles/2000/0619/news-dfnse-06-19-00.asp and wasn't quite sure I could believe what I was reading. Had it been found on a less reputable site, I might've assumed it was simply a joke article, and had a laugh.

It would seem, in the context of this article, that certain governmental groups are very upset at those evil naughty hackers for not being evil or naughty enough. Jeffrey Hunker, senior director for critical infrastructure protection (can that title even fit on a business card?) at the National Security Council, claims that "attacks historically have been labeled 'nuisances'." Because attacks have not been so severe as to cripple the functioning of the nation's computer and electronic infrastructure, the government isn't spending enough to fund electronic spying programs which have been demanded because 'cyberterrorism' is so prevalent. Huh?

Yes. This non-existent threat spawned demands for counter-terrorist measures which violate the privacy of all American citizens, not to mention citizens of other countries that use a medium which happens to, in part, cross the United States' physical borders. And after all the hype, after all the doomsday preaching, after all the sky-is-falling hysteria propagated by those with something to gain from strict surveillance of the Internet, there has -still- not been an attack against our government's computer infrastructure that could be considered more than a "nuisance", much less crippling enough to be called cyberterrorism.

The lack of any concrete evidence of such activities, whether planned, attempted, or accomplished, isn't stopping groups such as the NSA, NIPC, or the State department, whose National Commission on Terrorism (led by Ambassador L. Paul Bremer) released a report on 5.June which raised the bar on fear, uncertainty, and doubt in its attempt to spook the country into subservience. The Bremer Commission's report, which can be found at http://www.fas.org/irp/threat/commission.html , claims that "Certainly, terrorists are making extensive use of the new information technologies and a conventional terrorist attack along with a coordinated cyberattack could exponentially compound the damage...Without international cooperation, the United States cannot protect its national infrastructure from the cyber threat."

Other than events, such as the repeated defacements of government web sites, which have been rightly called "nuisances," no evidence of this "cyber threat" seems to exist. In fact, on 4.February 1999, FBI director Louis Freeh testified before the Senate Appropriations Committee's Subcommittee on the Departments of Commerce, Justice, and State. In his testimony, available at http://www.fbi.gov/pressrm/congress/congress99/freehct2.htm , Freeh stated that since the World Trade Center bombing in 1993, "no significant act of foreign-directed terrorism has occurred on American soil." In general, Freeh claimed, "the frequency of terrorist incidents in the United States has decreased in number." To back up this claim, Freeh testified that in 1998, "FBI investigative actions prevented 10 planned terrorist acts"...nine of which were prevented by the arrest of six white supremacists in Illinois who planned to assassinate certain black and Jewish figures. The tenth prevented act was the planned bombing of a Washington DC building by an individual. Freeh stated that in general, the main threat of terrorist activity surrounded abortion clinic bombings and far-right militias with access to weapons of mass destruction. No specific incidence of "cyber threat" or cyberterrorism, planned or actual, was mentioned. Even so, Freeh requested $36,742,000 for the Technology and Cyber Crimes initiative and $13,046,000 for the National Infrastructure Protection Center's staffing.

So what's the problem? The problem, apparently, is that the attacks that are actually coming from the Internet are nowhere near as bad as some governmental groups would like them to be. If the evil nasty hackers so feared in sensationalist propaganda were actually as evil as they're supposed to be, it'd be okay to budget millions and pass laws allowing extensive monitoring of all Internet traffic and legalizing intrusions into computers by government agents without the owner's consent. Instead, this Chicken Little attitude of demanding funding to defend against an imagined threat that does not exist leads to vague speculation of worst-case scenarios and impending, groundless contingency plans. The problem is that attacks just aren't bad enough to back up the exaggerations of cyberterrorism, so agencies don't get the millions of dollars they want.



/dev/null