House members watch DOE official hack into federal computers

Members of Congress watched Thursday as an Energy Department cybersecurity expert hacked into a computer hooked to the Internet, underscoring the federal government's vulnerability to international information warfare. Members of the House Energy and Commerce Committee's Subcommittee on Oversight and Investigations looked on as Jason Bellone, a member of Energy's Office of Cybersecurity and Special Reviews, broke passwords again and again with tools available for free download over the Internet. "The federal government stores vast amounts of sensitive data," said full committee chairman Billy Tauzin, R-La. And when it comes to computer security "we are barely treading water. In this increasingly interconnected world, we're either going to prioritize our resources better to meet this challenges ... or we're going to find ourselves in deep, deep trouble," Tauzin said. The demonstration was meant to heighten the federal government's awareness of just how serious information security risks and threats are. Defense Department data indicate that more than 100 countries have or are creating information warfare capabilities. The nature of the threat is difficult for even the experts to define. "In cyberspace we all look the same," said Ronald Dick, director of the FBI's National Infrastructure Protection Center. "Finding the origin of an intrusion ... is a huge challenge." The statistics of cyber incidents and successful compromises are frightening. In 1999, 580 incidents affected 1.3 million civilian systems and 614 military systems, according to data provided by the Federal Computer Incidence Response Capability (FedCIRC). But this number barely scratches the surface of the problem. FedCIRC estimates that 80 percent of all cyber incidents go unreported. "As government and industry systems and network interconnectivity increase, the boundaries between the two begin to blur," said Sallie McDonald, assistant commissioner of the General Services Administration's Office of Information Assurance and Critical Infrastructure Protection. "With the rapid transition to a paperless government and increasing dependence on e-government solutions, the focus on secure technology approaches must be a high priority." The threat of information warfare combined with the increased reliance on computers for vital operations within the public and private sectors frightens many already in the trenches. "The United States spends billions of dollars buying weapons and gaining intelligence to protect our country from more conventional kinds of attack," said Tom Noonan, president and CEO of Internet Security Systems Inc., a computer security software developer based in Atlanta. "Our computer systems must also be adequately protected, or our entire infrastructure could be compromised by one person with one computer."