100 DAY Y2K REPORT: View excerpts of the report by category View the entire report Y2K readiness in 10 destinations worldwide  RELATED SITE: Senate Special Committee on the Year 2000 Technology Problem VIDEO CNN's Charles Bierbauer summarizes the report. Real 28K 80K Windows Media 28K 80K  ALSO: Senate Y2K report: progress and warnings Senate Y2K report predicts U.S. travel delays, serious overseas troubles Russian officers to visit U.S. nuclear command center for Y2K joint program Senate report questions health care industry's Y2K readiness

September 22, 1999
Web posted at: 12:17 p.m. EDT (1617 GMT)

In this story: Potential risk hard to assess Nation unprepared for cyberterrorism RELATED STORIES, SITES

By Robin Lloyd
CNN Interactive Senior Writer

(CNN) -- The very effort to fix Y2K problems has left the nation's businesses and federal government wide open to a broad spectrum of international attacks on its computer systems, according to a Senate report released Wednesday.

The government and the private sector hired contractors -- many of them from outside the United States -- to address the "millennium bug" without regard for domestic and financial security.

That has left U.S. computer networks vulnerable to maneuvers that could harm the nation's economy and its leading companies.

In fact, some security firms told a Senate Committee of finding hidden "trap doors" left behind by contractors and there is no way to know if they were left for benign or malicious reasons.

One major technology firm that used a Pakistani consultant found such a trap door, according to the report.

"Committee interviews have found time and again that security has taken a back seat to deadlines," according to the report by the Senate Special Committee on the Year 2000 Technology Problem.

Potential attacks could come from foreign intelligence services, rogue nations, organized crime, corporate spies, terrorists, disgruntled employees or casual thrill-seekers.

Attackers could use their knowledge of our nation's crucial computer systems for to get information, to pollute data or simply to destroy vital software, databases and systems.

The Gartner Group, an information and technology research company, has predicted a $1 billion Y2K "heist," in which people could steal money and ideas electronically, the report said.

Yet the government and law enforcement are unprepared for such threats, the report said.

"How do you defend against a threat that is not necessarily military? What happens when you can't determine whom the adversary is? Who responds: law enforcement or defense?" the report asks.

Potential risk hard to assess

U.S. companies have spent billions to fix problems that could arise when dates in computers roll over for the next century to a two-digit "00," possibly confusing the year 1900 with the year 2000.

The trouble is that repair efforts gave contractors a road map for how to run, or derail, our nation's computers.

Sandia National Laboratories warned the Committee that malicious hackers, believing that the nation was preoccupied with Y2K, might take advantage of the moment to attack infrastructure or use Y2K failures as a cover for theft, arson and bombings.

"The U.S. might find itself more vulnerable to information warfare attacks -- not just on January 1, 2000, but also for some time in the future," according to the report.

Adversaries could exploit computer technology to disrupt the national infrastructure, such as utilities, telecommunications, transportation and finance -- all of which are controlled by computers.

The National Counterintelligence Center told the Committee that governments of at least 23 countries are targeting U.S firms to exploit their computer systems remotely.

Nation unprepared for cyberterrorism

The U.S. has no comprehensive plan for how to respond to information security risks, the report states.

The President recently signed a directive requiring an assessment and repair of vulnerable computer systems, but that policy has problems. It sets up no process to identify priorities, it fails to focus on the potential for international threats and it offers no assignment of which agencies would defend against information warfare attacks.

Already, the Department of Defense is suffering from what is called the "Moonlight Maze" attack, in which adversaries -- believed to be Russian -- are trying to mine sensitive information from the United States.

The Department of Defense and National Infrastructure Protection Center are on the job but so far the adversaries are ahead, the report states.

A former KGB unit specializing in electronic eavesdropping "was certain to be exploiting the Internet for spying on America," one former Soviet counterintelligence leader told the Senate Committee.

Now that Russia is economically strapped, it's cheaper to steal our research results electronically than to generate them within Russia, said Oleg Kalugin, the former chief of the Soviet Federal Agency for Government Communications and Information, part of the KGB.

The solution, according to the report, is a cooperative effort that breaks down barriers between law enforcement, defense and intelligence responses.

Experts must determine what the bare minimum for cyber-security is to protect the nation.

"If we are to move into me next century maintaining U.S. sanctuary, then we must realize that national security is a shared responsibility," the report states.