Security News > 2007 > April > Crash strike caution

Crash strike caution
2007-04-11 08:06

http://www.smh.com.au/articles/2007/04/09/1175971018555.html By Patrick Gray April 10, 2007 Next IF MICROSOFT'S Windows operating system crashes and gives you the "blue screen of death", it's a pain in the proverbial, but it's hardly life-threatening. In 1998, however, a United States Navy destroyer, the USS Yorktown, was left stranded and vulnerable when its Windows NT-based control system failed. The tale of the stranding of the Yorktown is a true story former White House staffer Richard A. Clarke cites as a warning. "(It) was out on an initial shakedown cruise. The Microsoft software that it was running in its control system went kafluey, and the entire ship stopped dead in the water and they had to send tugs out to pull it back ... (it was running) Windows," Mr Clarke told The Age. Mr Clarke, the former United States National Co-ordinator for Security and Counterterrorism, who also served as President George Bush's adviser on cyber security until 2003, says the US is becoming too reliant on network technology in war-fighting. The lesson also applies to Australia. The Australian Defence Force's "Force 2020" plan spells out a transition to "network-enabled operations" which "treat platforms as nodes of a network (which) collect, share and access information". But Mr Clarke's tone is sarcastic. "The Pentagon says 'Oh, good news, we're having a revolution in military affairs and we are going to net-centric warfare where everything will be netted together', and they tout this as progress," he says. In fact, such networking could be a security risk. Western nations are becoming increasingly vulnerable to cyber-attack from hostile nations, terrorist groups and criminal syndicates, and an increasing reliance in civilian technologies by intelligence and military agencies is having an adverse effect on national security. "It used to be that government, intelligence and defence agencies relied on what they called GOTS, Government Off the Shelf products," Mr Clarke says. "There are very few, if any, of those left. Almost everything the Government relies on, even in the military and the intelligence community is, COTS - Commercial Off the Shelf. Which is a way of saying that what the Pentagon is running and the CIA is running is the same as what you're running on your home computer." In addition to normal reliability and security concerns, the commercial technology sector is also vulnerable to infiltration by agents working for hostile nations and terrorist organisations, Mr Clarke says. Agents could steal or sabotage proprietary systems, or use insider knowledge to gather information on potential security weaknesses in software, or perhaps even to plant them. The security of commercial products, and therefore the companies that develop them, is steadily becoming a national security issue in the US. "It is of concern when foreign nationals are employed in American companies. It's also a concern if Americans are employed in American companies and convinced to spy," Mr Clarke says. "(And) there's some reason to believe it's going on." His warning has a local sting: it comes at a time when Australia's defence bureaucracy is ramping up its own outsourcing plans. Several worst-case cyber attack scenarios are described in Mr Clarke's most recent book, Breakpoint, which was launched in January. The fictional novel, set in 2012, begins with attacks on the fibre-optic cables linking the US to the internet. The attacks escalate to include assaults on satellites and the United States' ability to wage war is severely impaired. Carrying out such an attack on Australia would be relatively easy, Mr Clarke says. "A physical attack on cyberspace, one that tries to cut off a country from the rest of cyberspace by hitting physical connections; that's probably something that Australia is more vulnerable to than say Europe or the United States," he says. "The United States has a lot of internet entry points into it, probably in the order of 20 major entry points, and that's a lot to take down. I think Australia's number is probably more in the order of six." To better prepare, Australia should "try to improve physical security around internet nodes, you try to create redundancy," Mr Clarke says. "You want to make sure that there are back-up systems, that certain functions that don't need to be connected to the internet even indirectly, like electrical power, are disconnected." Mr Clarke says attacks on technology infrastructure, physical or virtual, could come from terrorists, criminals or nation states. At several points throughout Breakpoint, Mr Clarke suggests Chinese-manufactured technology in the fictional future he describes could contain "back doors" designed to allow the country's agents to clandestinely access computer and communications networking equipment installed throughout the US and Western world. Such back doors would not be easy to detect, Mr Clarke says. "It's very, very difficult to detect things that are embedded in chips, embedded in motherboards - I think it would be extraordinarily difficult, especially if they're not used until a certain point in time ... (and are) remotely activated. "When IBM stopped making laptops and sold the company to a Chinese manufacturer the US Defence Department and State Department immediately cancelled all orders for the IBM laptops. That reflects perhaps some paranoia, but it may also reflect something else." Mr Clarke denies that software companies allow US Government agencies, such as the CIA and National Security Agency, to plant back-door software of their own into their products. "I think American manufacturers depend so much now on the world market that they would be reluctant to do that because if they ever get caught they'd lose huge portions of their market," he says. While Mr Clarke admits it's possible the CIA and NSA may seek to infiltrate US software companies and plant back doors of their own into products - without the permission or knowledge of the companies themselves - he doubts the Government is engaged in those types of activities. "That's possible, (but) it probably gives the United States Government more credit for competence than it deserves," he says. However, Mr Clarke says both the US and Chinese governments have admitted they have a cyber-attack capability that could allow them to attack network infrastructure and penetrate foreign governments' systems to gather intelligence. Breakpoint has turned out to be somewhat prophetic. Last month Scotland Yard detectives claimed to have foiled an al-Qaeda plot to destroy a major "internet hub" through which most of Britain's internet traffic is reportedly routed. "There was also an arrest in the United States not long after 9/11 of an al-Qaeda operative who was apparently supposed to do a second-wave series of attacks, including on internet hubs, so we know al-Qaeda does think about that," Mr Clarke says. "To some extent the book is prophetic in that it talked a lot about things like Chinese anti-satellite attacks, and I think the day the book was published in the United States the Chinese did a satellite attack." The Chinese Government confirmed it shot down one of its satellites in January, while insisting it was committed to the "peaceful development of outer space". Mr Clarke's resume is impressive. He served as a special assistant to President Bill Clinton for eight years and was the National Co-ordinator for Security and Counterterrorism for both Clinton and George W. Bush. From 2001 until his retirement in 2003, Mr Clarke was special adviser to President Bush on cyber security and chairman of the President's Critical Infrastructure Protection Board. Mr Clarke became well known around the world when he accused President Bush of mismanaging the "War on Terror" in his scathing account of his tenure under the President, Against All Enemies, published in 2004. Today he serves as the chairman of Good Harbor Consulting, a security and counterterrorism consultancy. He says he wrote Breakpoint [1] as a fictional novel because a more sober warning would have fallen on deaf ears. "I write fiction because I think it's a way of telling people interesting facts ... that they would never read because most people don't read nonfiction," he says. "Because it's a thriller people will read it. They'll learn, subliminally perhaps, about ... the issues." Breakpoint ventures beyond issues involving cyber security and computing technology. The book raises concerns around genetic engineering technology and the reverse engineering of the human brain. According to Mr Clarke, developments in genetic technology, artificial intelligence, robotics and the fusing of humans and machines will have significant consequences for society and national security. "(Breakpoint is) meant to be a warning. Not only on the computer side but on the genetics side, and robotics and artificial intelligence," he says. "What I'm saying is there's not just one technology that's emerging in the next 10 years, there are five or six major technologies that are going to be mutually supportive and burst on the scene in a big way in the next 10 years, and they will drastically change the nature of society. That will have political, economic, social and national security implications and we haven't thought them through." To hear Patrick Gray's interview with Richard A. Clarke, download his podcast from ITRadio.com.au/security [1] http://www.amazon.com/exec/obidos/ASIN/0399153780/c4iorg http://www.shopinfosecnews.org/ __________________________ Subscribe to InfoSec News http://www.infosecnews.org


News URL

http://www.smh.com.au/articles/2007/04/09/1175971018555.html