Thoughts for the bit bucket
Wed Jun 21 20:02:50 MDT 2000
This morning I took a look at the article at
http://www.fcw.com/fcw/articles/2000/0619/news-dfnse-06-19-00.asp
and wasn't quite sure I could believe what I was reading. Had it been found
on a less reputable site, I might've assumed it was simply a joke article,
and had a laugh.
It would seem, in the context of this article, that certain governmental
groups are very upset at those evil naughty hackers for not being evil or
naughty enough. Jeffrey Hunker, senior director for critical
infrastructure protection (can that title even fit on a business card?) at
the National Security Council, claims that "attacks historically have been
labeled 'nuisances'." Because attacks have not been so severe as to
cripple the functioning of the nation's computer and electronic
infrastructure, the government isn't spending enough to fund electronic
spying programs which have been demanded because 'cyberterrorism' is so
prevalent. Huh?
Yes. This non-existent threat spawned demands for counter-terrorist
measures which violate the privacy of all American citizens, not to
mention citizens of other countries that use a medium which happens to, in
part, cross the United States' physical borders. And after all the hype,
after all the doomsday preaching, after all the sky-is-falling hysteria
propagated by those with something to gain from strict surveillance of the
Internet, there has -still- not been an attack against our government's
computer infrastructure that could be considered more than a "nuisance",
much less crippling enough to be called cyberterrorism.
The lack of any concrete evidence of such activities, whether planned,
attempted, or accomplished, isn't stopping groups such as the NSA, NIPC,
or the State department, whose National Commission on Terrorism (led by
Ambassador L. Paul Bremer) released a report on 5.June which raised the
bar on fear, uncertainty, and doubt in its attempt to spook the country
into subservience. The Bremer Commission's report, which can be found at
http://www.fas.org/irp/threat/commission.html
, claims that "Certainly,
terrorists are making extensive use of the new information technologies
and a conventional terrorist attack along with a coordinated cyberattack
could exponentially compound the damage...Without international
cooperation, the United States cannot protect its national infrastructure
from the cyber threat."
Other than events, such as the repeated defacements of government web
sites, which have been rightly called "nuisances," no evidence of this
"cyber threat" seems to exist. In fact, on 4.February 1999, FBI director
Louis Freeh testified before the Senate Appropriations Committee's
Subcommittee on the Departments of Commerce, Justice, and State. In his
testimony, available at
http://www.fbi.gov/pressrm/congress/congress99/freehct2.htm
, Freeh stated
that since the World Trade Center bombing in 1993, "no significant act of
foreign-directed terrorism has occurred on American soil." In general,
Freeh claimed, "the frequency of terrorist incidents in the United States
has decreased in number." To back up this claim, Freeh testified that in
1998, "FBI investigative actions prevented 10 planned terrorist
acts"...nine of which were prevented by the arrest of six white
supremacists in Illinois who planned to assassinate certain black and
Jewish figures. The tenth prevented act was the planned bombing of a
Washington DC building by an individual. Freeh stated that in general,
the main threat of terrorist activity surrounded abortion clinic bombings
and far-right militias with access to weapons of mass destruction. No
specific incidence of "cyber threat" or cyberterrorism, planned or actual,
was mentioned. Even so, Freeh requested $36,742,000 for the Technology
and Cyber Crimes initiative and $13,046,000 for the National
Infrastructure Protection Center's staffing.
So what's the problem? The problem, apparently, is that the attacks that
are actually coming from the Internet are nowhere near as bad as some
governmental groups would like them to be. If the evil nasty hackers so
feared in sensationalist propaganda were actually as evil as they're
supposed to be, it'd be okay to budget millions and pass laws allowing
extensive monitoring of all Internet traffic and legalizing intrusions
into computers by government agents without the owner's consent. Instead,
this Chicken Little attitude of demanding funding to defend against an
imagined threat that does not exist leads to vague speculation of
worst-case scenarios and impending, groundless contingency plans. The
problem is that attacks just aren't bad enough to back up the
exaggerations of cyberterrorism, so agencies don't get the millions of
dollars they want.
/dev/null