BY TRACEY S. ROTH
Managing Editor, C@LL CENTER CRM Solutions^™

WhoopsLittle Johnny Launched The Missiles: 
The U.S. Government's Crusade To Safeguard Its Systems

Here's a plot to the next sexy, high-budget Hollywood power flick. A huge organization with multinational interests views itself vulnerable to computer hacker attacks, basing its justifiable paranoia on a recent spate of Internet attacks that put an estimated $1.2 billion dollar strain on Internet businesses. The organization decides to shore up its own defenses by consulting an eccentric, long-haired hacker genius to identify its weak spots and suggest means of protection. Quickcall Harrison Ford and Anthony Hopkins' casting people!

But this isn't fiction. The huge organization is the U.S. government, the long-haired hacker is real person, an individual named "Mudge" who is a member of a well-known Massachusetts-based hacker group and the $1.2 billion lost dollars is a figure estimated by the Yankee Group. So why is President Clinton inviting hackers over for tea and cucumber sandwiches? Because the U.S. government has realized, in light of last month's "denial of service" hacker attacks on prominent Web sites such as Yahoo!, CNN.com and eBay, that it would be terrifically embarrassing, not to mention globally catastrophic, to have a 17-year old bring down the computer systems of the Department of Defense just before he starts his algebra homework and in between re-runs of "The Jeffersons."

Why am I picking on the Department of Defense? Because of something terrifying I read in a statement issued by William A. Reinsch, Under Secretary of Commerce for Export Administration. The statement was made in mid-February of this year to the Subcommittee for Commerce, Justice, State, the Judiciary and Related Agencies of the Senate Appropriations Committee. The Under Secretary stated that, "The Department of Defense is well on its way to securing its critical systems." Well on its way? Does that mean "We're desperately trying to protect the missiles from being launched by junior-high school students" or "We almost have the system so safeguarded there's not a person alive who could hack into our computers?"

In either case, the recent attacks have motivated various government agencies into taking a more proactive stance on e-commerce security than their former attitude of benign encouragement of its growth. As with most organizations, the directive came from the top down and is filtering through almost every agency of the government. On March 3rd, President Clinton wrote a memo to the heads of executive departments warning them to mobilize their respective departments to begin learning about what they can do to protect themselves. "I ask that each Cabinet Secretary and agency head renew their efforts to safeguard their department or agency's computer system against denial-of-service attacks on the Internet," Mr. Clinton wrote. "Within legal and administrative limits, attention should also be paid to contractors providing service. The Federal Computer Incident Response Center and the National Infrastructure Protection Center have available software tools to assist you in these efforts," he concluded. Have a nice day. Saying that this is a tall order is an extraordinary understatement.

The President specifically refers to denial-of-service attacks. As most of us now know, a denial-of-service attack involves flooding a Web site with so many requests for pages the server becomes completely locked up for regular business and often crashes. The individuals who carry out these types of attacks use fake IP addresses, making the source of the attacks extremely difficult or even impossible to trace. It's important to note that with a denial-of-service attack, the hackers are not actually breaking into a company's systemsthey are merely distracting and confusing them. Hacking into an e-commerce site for the purpose of obtaining credit card or personal information is a different game to the hacker, but it's one that is concerning business and government leaders as much as denial-of-service attacks.

Just within the last few weeks, some of the most high-profile individuals in the U.S. government have been addressing the crisis. Attorney General Janet Reno has been very visible recently, indicating that she is dedicating her staff to track down those responsible for last month's attack on prominent Web sites. FBI Director Louis Freeh testified at a Senate committee hearing in mid-February, admitting that his own resources were stretched "paper thin." It was perhaps this admission that prompted the President to put forth a proposal to pour a sharply increased amount of money into the government's cyber-security budget. Mr. Clinton has proposed a 15 percent increase this year in the budget dedicated to safeguarding Federal computer systems, from $1.75 billion in 1999 to $2 billion in 2000. Built into this budget is an increase from $451 million last year to $606 million this year for research and development of techniques to defend government computer systems from cyber attacks.

Research and development implies that something can be done about denial-of-service attacks and other types of cyber-terrorism. It is likely that the agency chosen to shoulder this research and development will be the National Infrastructure Protection Center (NIPC), an agency created two years ago by the Department of Justice and the FBI. A page on the organization's Web site already contains information pertaining to, and downloadable software for, the protection of denial-of-service attacks. According to the NIPC, these types of attacks are detectable, as there are apparently common threads in protocol attacks that are not impervious to identification and blocking. Some systems are more vulnerable than others to these types of attacks, so the FBI is strongly recommending that e-businesses examine their systems and search for the type of vulnerabilities that denial-of-service hackers prey upon. Filtering techniques are also available that detect fake IP packets. You can expect a great deal of money, in both the private and public sectors, to be spent on expanding these technologies in the near future. Finally, the true spirit of entrepreneurism, insurance companies have begun offering hacker insurance to large sites concerned about the integrity of their systems.

So, like any good Tom Clancy novel, the plot thickens. The months ahead should be a good show that proves once again, the truth is stranger than fiction. Anyone know how to get in touch with Harrison Ford?

The author welcomes your conspiracy theories at troth@tmcnet.com.