Study: U.S. vulnerable to cyberterrorism
October 21, 1997
Web posted at: 3:06 p.m. EDT (1906 GMT)
WASHINGTON (CNN) -- Crucial parts of the United States'
infrastructure are vulnerable to computer attacks, a
presidential commission to study cyberterrorism said in a
report this week. The panel urged the government to step up
measures to protect against potential threats.
"National defense is not just about government anymore, and
economic security is not just about business anymore," the
Commission on Critical Infrastructure Protection wrote in a
summary of the classified report it delivered Monday to the
In past wars, national infrastructure components -- airports,
power plants and communication centers, for example -- were
military targets whose destruction could cripple a nation.
But the commission, headed by retired Air Force Gen. Robert
Marsh, said that with the country's growing dependence on
computers, a new vulnerability in the nation's infrastructure
has appeared. The computer-based systems that run airports,
power grids and communication systems are open to
"It's perfectly clear that given the tools and given our
vulnerabilities, that somebody with intent to do us serious
harm sometime in the future will proceed unless we take steps
now to protect against that," Marsh said.
Security consultant Winn Schwartau, the author of the
cyberterrorism tome "Information Warfare: Chaos on the
Electronic Superhighway," says that by some estimates, the
U.S. information infrastructure is attacked as many as a
billion times a year -- sometimes by hackers, sometimes by
If a major attack comes over the wires, he said, it could
potentially leave portions of the country without
electricity, air travel, or phones. "That's going to affect
the man in Iowa, affect his lifestyle," he said.
(179K/14 sec. AIFF or WAV sound)
The presidential commission says we must learn to tell the
difference, as Marsh put it, between "a deliberate attack by
an organized effort on the part of somebody who'd do us real
harm" and "isolated incidents."
The Marsh commission recommends several steps, including more
research on computer security, more education to make
everyone aware of the need for computer security, development
of better computer security systems, and revising laws to
ensure protection against computer attacks.
Because revamping laws would be a "lengthy and massive
undertaking," the commission offered several suggestions to
jump-start the process.
"We identified existing laws that could help the government
take the lead and serve as a model of standards and practices
for the private sector," it wrote. "We identified other areas
of law that ... can enable infrastructure owners and
operators to take precautions proportionate to the threat."
And the commission calls for a new concept of cooperation
between the private sector, which owns most of the nation's
information infrastructure, and government, which regulates
much of it.
"It's the private sector that's going to have to take the
necessary steps," Marsh said. "It's the government that has
to enable that to happen."
But before that can happen, there must be agreement on
contentious issues like encryption --- a politically charged
technology that the commission strongly endorses.
Correspondent David George contributed to this report.