Expert predicts terrorism-related cyberattacks

The threat of a cyber attack on the Internet and on critical infrastructures such as the electricity or transportation sectors that depend on the Internet has heightened following this month's terrorist attacks on the United States, a security expert acknowledged Wednesday. Michael Vatis, director of the Institute for Security Technology Studies at Dartmouth College, led a team that conducted a threat assessment after the Sept. 11 attacks. They analyzed several political conflicts within the last two years, including the tensions raised after the collision of a Chinese military jet and a U.S military spy plane, ongoing violence between Israel and Palestine, and the recent war in Kosovo. "We concluded that cyberattacks immediately follow physical attacks within the circumstances of the political conflicts," Vatis, a former chief of the federal government's National Infrastructure Protection Center (NIPC), told the House Government Reform Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations. He said "politically motivated cyberattacks are increasing in volume, sophistication and coordination." Vatis said the likely culprits for such attacks would include known terrorists such as Osama bin Laden and his associates, who are the chief targets in the Bush administration's war on terrorism. But countries cited for harboring terrorists, such as Iraq or Libya, also could instigate an assault, as could "terrorist sympathizers" and "anti-U.S. hackers." Vatis and Richard Pethia, director of the CERT Coordination Center at Carnegie Mellon University, said the Internet's servers and routing systems are particularly vulnerable to cyberattacks. The weaknesses are well known, but a lack of resources and prioritization on the part of government agencies and private businesses are major hurdles, Vatis said.

Harris Miller, president of the Information Technology Association of America, disputed the notion that a cyberattack would cripple the Internet. "Nothing is totally invulnerable, but I don't want people to get the idea that the Internet is about to be brought down," he said. The Internet was a vital communication channel for people on Sept. 11 because of disrupted telephone services, he noted.

Panelists at the hearing--who included current NIPC Director Ronald Dick, Joel Willemssen of the General Accounting Office and Mark Seetin, vice president of the New York Mercantile Exchange--agreed with the suggestion of subcommittee Chairman Stephen Horn, R-Calif., that the newly created White House Office of Homeland Security, rather than an overworked White House Office of Management and Budget, should manage cybersecurity issues.

Panelists also pressed for a government-led research and development effort to create a long-term defense against potential attacks. A program to develop better research also could bolster training efforts to satisfy a critical shortage of technology security specialists, experts said.