The myth of cyberterrorism: there are many ways terrorists can kill you--computers aren't one of them.A GAIN AND AGAIN SINCE SEPTEMBER 11, President Bush, Vice President Cheney, and senior administration officials have alerted the public not only to the dangers of chemical, biological, and nuclear weapons but also to the further menace of cyberterrorism See cyberwar and information warfare. . "Terrorists can sit at one computer connected to one network and can create worldwide havoc," warned Homeland Security Noun 1. Homeland Security - the federal department that administers all matters relating to homeland security Department of Homeland Security executive department - a federal department in the executive branch of the government of the United States Director Tom Ridge Thomas Joseph Ridge (born August 27 1945 near Pittsburgh, Pennsylvania) is an American politician who served as a member of the United States House of Representatives (1983–1995), Governor of Pennsylvania (1995–2001), Assistant to the President for Homeland Security in a representative observation last April. "[They] don't necessarily need a bomb or explosives to cripple a sector of the economy, or shut down a power grid." Even before September 11, Bush was fervently depicting an America imminently in danger of an attack by cyberterrorists, warning during his presidential campaign that "American forces ale overused and underfunded un·der·fund tr.v. un·der·fund·ed, un·der·fund·ing, un·der·funds To provide insufficient funding for. underfunded adj → infradotado (económicamente) precisely when they are confronted by a host of new threats and challenges--the spread of weapons of mass destruction Weapons that are capable of a high order of destruction and/or of being used in such a manner as to destroy large numbers of people. Weapons of mass destruction can be high explosives or nuclear, biological, chemical, and radiological weapons, but exclude the means of transporting or , the rise of cyberterrorism, the proliferation of missile technology." In other words Adv. 1. in other words - otherwise stated; "in other words, we are broke" put differently , the country is confronted not just by the specter of terrorism, but by a menacing new breed of it that is technologically advanced, little understood, and difficult to defend against. Since September 11, these concerns have only multiplied. A survey of 725 cities conducted by the National League of Cities The National League of Cities is the oldest and largest organization in the United States devoted to strengthening and promoting cities as centers of opportunity, leadership and governance. for the anniversary of the attacks shows that cyberterrorism ranks with biological and chemical weapons atop officials' lists of fears. Concern over cyberterrorism is particularly acute in Washington. As is often the case with a new threat, an entire industry has arisen to grapple with to enter into contest with, resolutely and courageously. See also: Grapple its ramifications--think tanks have launched new projects and issued white papers, experts have testified to its dangers before Congress, private companies have hastily deployed security consultants and software designed to protect public and private targets, and the media have trumpeted the threat with such front-page headlines as this one, in The Washington Post last June: "Cyber-Attacks by Al Qaeda Feared, Terrorists at Threshold of Using Internet as Tool of Bloodshed, Experts Say." The federal government has requested $4.5 billion for infrastructure security next year; the FBI boasts more than 1,000 "cyber investigators" President Bush and Vice President Cheney keep the issue before the public; and in response to September 11, Bush created the office of "cybersecurity czar" in the White House, naming to this position Richard Clarke Richard Clarke may be
It's no surprise, then, that cyberterrorism now ranks alongside other weapons of mass destruction in the public consciousness. Americans have had a latent fear of catastrophic computer attack ever since a teenage Matthew Broderick hacked into the Pentagon's nuclear weapons system and nearly launched World War III World War III (abbreviated WWIII), or the Third World War, is a term used to describe a hypothetical conflict on the scale of World War I and World War II, or even larger, such as a nuclear holocaust. in the 1983 movie WarGames. Judging by official alarums and newspaper headlines, such scenarios are all the more likely in today's wired world. There's just one problem: There is no such thing as cyberterrorism--no instance of anyone ever having been killed by a terrorist (or anyone else) using a computer. Nor is there compelling evidence that al Qaeda or any other terrorist organization has resorted to computers for any sort of serious destructive activity. What's more, outside of a Tom Clancy For the member of the Irish folk band The Clancy Brothers, see Tom Clancy (singer) and for the American Celticist, see Thomas Owen Clancy. Thomas Leo Clancy Jr. (born April 12 1947), better known as Tom Clancy novel, computer security specialists believe it is virtually impossible to use the Internet to inflict death on a large scale, and many scoff at the notion that terrorists would bother trying. "I don't lie awake Verb 1. lie awake - lie without sleeping; "She was so worried, she lay awake all night long" lie - be lying, be prostrate; be in a horizontal position; "The sick man lay in bed all day"; "the books are lying on the shelf" at night worrying about cyberattacks mining my life," says Dorothy Denning, a computer science professor at Georgetown University Georgetown University, in the Georgetown section of Washington, D.C.; Jesuit; coeducational; founded 1789 by John Carroll, chartered 1815, inc. 1844. Its law and medical schools are noteworthy, and its archives are especially rich in letters and manuscripts by and and one of the country's foremost cybersecurity experts. "Not only does [cyberterrorism] not rank alongside chemical, biological, or nuclear weapons, but it is not anywhere near as serious as other potential physical threats like car bombs or suicide bombers." Which is not to say that cybersecurity isn't a serious problem--it's just not one that involves terrorists. Interviews with terrorism and computer security experts, and current and former government and military officials, yielded near unanimous agreement that the real danger is from the criminals and other hackers who did $15 billion in damage to the global economy last year using viruses, worms, and other readily available tools. That figure is sure to balloon if more isn't done to protect vulnerable computer systems, the vast majority of which are in the private sector. Yet when it comes to imposing the tough measures on business necessary to protect against the real cyberthreats, the Bush administration has balked balk v. balked, balk·ing, balks v.intr. 1. To stop short and refuse to go on: The horse balked at the jump. 2. . Crushing BlackBerrys When ordinary people imagine cyberterrorism, they tend to think along Hollywood plot lines, doomsday scenarios in which terrorists hijack nuclear weapons, airliners, or military computers from halfway around the world. Given the colorful history of federal boon-doggles--billion-dollar weapons systems that misfire, $600 toilet seats--that's an understandable concern. But, with few exceptions, it's not one that applies to preparedness for a cyberattack. "The government is miles ahead of the private sector when it comes to cybersecurity," says Michael Cheek, director of intelligence for iDefense, a Virginia-based computer security company with government and private-sector clients. "Particularly the most sensitive military systems." Serious effort and plain good fortune have combined to bring this about. Take nuclear weapons. The biggest fallacy about their vulnerability, promoted in action thrillers like WarGames, is that they're designed for remote operation. "[The movie] is premised on the assumption that there's a modem bank hanging on the side of the computer that controls the missiles," says Martin Libicki, a defense analyst at the RAND Corporation Rand Corporation, research institution in Santa Monica, Calif.; founded 1948 and supported by federal, state, and local governments, as well as by foundations and corporations. Its principal fields of research are national security and public welfare. . "I assure you, there isn't." Rather, nuclear weapons and other sensitive military systems enjoy the most basic form of Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. : they're "air-gapped," meaning that they're not physically connected to the Internet and are therefore inaccessible to outside hackers. (Nuclear weapons also contain "permissive action links," mechanisms to prevent weapons from being armed without inputting codes carried by the president.) A retired military official was somewhat indignant at the mere suggestion: "As a general principle, we've been looking at this thing for 20 years. What cave have you been living in if you haven't considered this [threat]?" When it comes to cyberthreats, the Defense Department has been particularly vigilant to protect key systems by isolating them from the Net and even from the Pentagon's internal network. All new software must be submitted to the National Security Agency for security testing Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, . "Terrorists could not gain control of our spacecraft, nuclear weapons, or any other type of high-consequence asset," says Air Force Chief Information Officer John Gilligan This article is about John Gilligan, an Irish criminal. For other persons named John Gilligan, see John Gilligan (disambiguation). John Gilligan (born March 29, 1952) is an Irish drug smuggler who has been implicated in the murder of Veronica Guerin, the . For more than a year, Pentagon CIO CIO: see American Federation of Labor and Congress of Industrial Organizations. (Chief Information Officer) The executive officer in charge of information processing in an organization. John Stenbit has enforced a moratorium on new wireless networks, which are often easy to hack into, as well as common wireless devices such as PDAs, BlackBerrys, and even wireless or infrared copiers and faxes. The September 11 hijackings led to an outcry that airliners are particularly susceptible to cyberterrorism. Earlier this year, for instance, Sen. Charles Schumer (D-N.Y.) described "the absolute havoc and devastation that would result if cyberterrorists suddenly shut down our air traffic control system, with thousands of planes in mid-flight." In fact, cybersecurity experts give some of their highest marks to the FAA, which reasonably separates its administrative and air traffic control systems and strictly air-gaps the latter. And there's a reason the 9/11 hijackers used box-cutters instead of keyboards: It's impossible to hijack a plane remotely, which eliminates the possibility of a high-tech 9/11 scenario in which planes are used as weapons. Another source of concern is terrorist infiltration of our intelligence agencies. But here, too, the risk is slim. The CIA's classified computers are also air-gapped, as is the FBI's entire computer system. "They've been paranoid about this forever," says Libicki, adding that paranoia is a sound governing principle when it comes to cybersecurity. Such concerns are manifesting themselves in broader policy terms as well. One notable characteristic of last year's Quadrennial Defense Review
The Quadrennial Defense Review (QDR) is a report by the United States Department of Defense that analyzes strategic objectives and potential military was how strongly it focused on protecting information systems. But certain tics in the way government agencies procure technology have also--entirely by accident--helped to keep them largely free of hackers. For years, agencies eschewed off-the-shelf products and insisted instead on developing proprietary systems, unique to their branch of government--a particularly savvy form of bureaucratic self-preservation. When, say, the Department of Agriculture succeeded in convincing Congress that it needed a specially designed system, both the agency and the contractor benefited. The software company was assured the agency's long-term business, which became dependent on its product; in turn, bureaucrats developed an expertise with the software that made them difficult to replace. This, of course, fostered colossal inefficiencies--agencies often couldn't communicate with each other, minor companies developed fiefdoms in certain agencies, and if a purveyor (World-Wide Web) Purveyor - A World-Wide Web server for Windows NT and Windows 95 (when available). http://process.com/. E-mail: <info@process.com>. went bankrupt, the agency was left with no one to manage its technology. But it did provide a peculiar sort of protection: Outside a select few, no one understood these specific systems well enough to violate them. So in a sense, the famous inability of agencies like the FBI and INS INS abbr. 1. Immigration and Naturalization Service 2. International News Service Noun 1. INS to share information because of incompatible computer systems has yielded the inadvertent benefit of shielding them from attack. Ankle Biters That leaves the less-protected secondary targets--power grids, oil pipelines, dams, and water systems that don't present opportunities as nightmarish as do nuclear weapons, but nonetheless seem capable, under the wrong hands, of causing their own mass destruction. Because most of these systems are in the private Sector and are not yet regarded as national security loopholes, they tend to be less secure than government and military systems. In addition, companies increasingly use the Internet to manage such processes as oil-pipeline flow and water levels in dams by means of "supervisory control and data acquisition (application) Supervisory Control and Data Acquisition - (SCADA) Systems are used in industry to monitor and control plant status and provide logging facilities. SCADA systems are highly configurable, and usually interface to the plant via PLCs. " systems, or SCADA (Supervisory Control And Data Acquisition) A process control application that collects data from sensors and machines on the shop floor or in remote locations and sends them to a central computer for management and control. which confers remote access. Most experts see possible vulnerability here, and though terrorists have never attempted to exploit it, media accounts often sensationalize sen·sa·tion·al·ize tr.v. sen·sa·tion·al·ized, sen·sa·tion·al·iz·ing, sen·sa·tion·al·iz·es To cast and present in a manner intended to arouse strong interest, especially through inclusion of exaggerated or lurid details: the likelihood that they will. To illustrate the supposed ease with which our enemies could subvert a dam, The Washington Post's June story on al Qaeda cyberterrorism related an anecdote about a 12-year-old who hacked into the SCADA system at Arizona's Theodore Roosevelt Dam Theodore Roosevelt Dam is a dam on the Salt River located Northeast of Phoenix, Arizona. The dam is 357 feet high and was built between 1905 and 1911. The Dam is named after Theodore Roosevelt. The dam has a hydroelectric generating capacity of 36,000 kW. in 1998, and was, the article intimated, within mere keystrokes of unleashing millions of gallons of water upon helpless downstream communities. But a subsequent investigation by the tech-news site CNet.com revealed the tale to be largely apocryphal--the incident occurred in 1994, the hacker was 27, and, most importantly Adv. 1. most importantly - above and beyond all other consideration; "above all, you must be independent" above all, most especially , investigators concluded that he couldn't have gained control of the dam and that no lives or property were ever at risk. Most hackers break in simply for sport. To the extent that these hacks occur, they're mainly Web site defacements, which are a nuisance, but leave the intruder no closer to exploiting the system in any deadly way. Security experts dismiss such hackers as "ankle biters" and roll their eyes at prognostications of doom. Of course, it's conceivable that a computer-literate terrorist truly intent on wreaking havoc could hack into computers at a dam or power company. But once inside, it would be far more difficult for him to cause significant damage than most people realize. "It's not the difficulty of doing it," says RAND's Libicki. "It's the difficulty of doing it and having any real consequence." "No one explains precisely the how, whys, and wherefores of these apocalyptic scenarios," says George Smith George Smith may refer to: U.S. politics
Few besides a company's own employees possess the specific technical know-how required to run a specialized SCADA system. The most commonly cited example of SCADA exploitation bears this out. Two years ago, an Australian man used an Internet connection to release a million gallons of raw sewage along Queensland's Sunshine Coast There are several places around the globe that use the name Sunshine Coast. They are collections of coastal towns and/or cities that have banded together, usually for tourist promotional reasons. This list contains only those regions that use the English version of the name. after being turned down for a government job. When police arrested him, they discovered that he'd worked for the company that designed the sewage treatment Sewage treatment Unit processes used to separate, modify, remove, and destroy objectionable, hazardous, and pathogenic substances carried by wastewater in solution or suspension in order to render the water fit and safe for intended uses. plant's control software. This is true of most serious cybersecurity breaches--they tend to come from insiders. It was Robert Hanssen's familiarity with the FBI's computer system that allowed him to exploit it despite its security. In both cases, the perpetrators weren't terrorists but rogue employees with specialized knowledge difficult, if not impossible, for outsiders to acquire--a security concern, but not one attributable to cyberterrorism. Terrorists might, in theory, try to recruit insiders. But even if they succeeded, the degree of damage they could cause would still be limited. Most worst-case scenarios (particularly those put forth by government) presuppose pre·sup·pose tr.v. pre·sup·posed, pre·sup·pos·ing, pre·sup·pos·es 1. To believe or suppose in advance. 2. To require or involve necessarily as an antecedent condition. See Synonyms at presume. that no human beings are keeping watch to intervene if something goes wrong. But especially in the case of electrical power grids, oil and gas utilities, and communications companies, this is simply untrue. Such systems get hit all the time by hurricanes, floods, or tornadoes, and company employees are well rehearsed in handling the fallout. This is equally true when the trouble stems from human action. Two years ago in California, energy companies like Enron and El Paso El Paso (ĕl pă`sō), city (1990 pop. 515,342), seat of El Paso co., extreme W Tex., on the Rio Grande opposite Juárez, Mex.; inc. 1873. Corp. conspired to cause power shortages that led to brownouts and blackouts--the same effects cyberterrorists would wreak. As Smith points out, "There were no newspaper reports of people dying as a result of the blackouts. No one lost their mind." The state suffered only minor (if demoralizing de·mor·al·ize tr.v. de·mor·al·ized, de·mor·al·iz·ing, de·mor·al·iz·es 1. To undermine the confidence or morale of; dishearten: an inconsistent policy that demoralized the staff. ) inconvenience. But perhaps the best indicator of what is realistic came last July when the U.S. Naval War College contracted with a research group to simulate a massive attack on the nation's information infrastructure. Government hackers and security analysts gathered in Newport, R.I., for a war game dubbed "Digital Pearl Harbor." The result? The hackers failed to crash the Internet, though they did cause serious sporadic damage. But, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. a CNet.com report, officials concluded that terrorists hoping to stage such an attack "would require a syndicate with significant resources, including $200 million, country-level intelligence and five years of preparation time." Hack Attack (jargon) hack attack - (Possibly by analogy with "Big Mac Attack" from advertisements for the McDonald's fast-food chain; the variant "big hack attack" is reported) Nearly synonymous with hacking run, though the latter more strongly implies an all-nighter. Despite all the media alarm about terrorists poised on the verge On the Verge (or The Geography of Yearning) is a play written by Eric Overmyer. It makes extensive use of esoteric language and pop culture references from the late nineteenth century to 1955. of cyberattack, intelligence suggests that they're doing no more than emailing and surfing for potential targets. When U.S. troops recovered al Qaeda laptops in Afghanistan, officials were surprised to find its members more technologically adept than previously believed. They discovered structural and engineering software, electronic models of a dam, and information on computerized water systems, nuclear power plants, and U.S. and European stadiums. But nothing suggested they were planning cyberattacks, only that they were using the Internet to communicate and coordinate physical attacks. "There doesn't seem to be any evidence that the people we know as terrorists like to do cyberterrorism," says Libicki. Indeed, in a July report to the Senate Governmental Affairs Committee detailing the threats detected to critical infrastructure, the General Accounting Office noted "to date none of the traditional terrorist groups such as al Qaeda have used the Internet to launch a known assault on the U.S.'s infrastructure." It is much easier, and almost certainly much deadlier, to strike the old-fashioned way. Government computers have been targeted by politically minded hackers, but these attacks are hardly life threatening. They're typified by last October's penetration of a Defense Department Web site dedicated to "Operation Enduring Freedom" and, somewhat incongruously, a Web server operated by the National Oceanic and Atmospheric Association. The organization responsible was called the "al Qaeda Alliance Online" and was comprised of groups with names like GForce Pakistan and the Pakistani Hackerz Club--names that connote con·note tr.v. con·not·ed, con·not·ing, con·notes 1. To suggest or imply in addition to literal meaning: "The term 'liberal arts' connotes a certain elevation above utilitarian concerns" a certain adolescent worship of hip-hop that's a clue to the participants' relative lack of menace; none turned out to have actual terrorist ties. In both cases, the attackers replaced the government sites' home pages with photos and anti-American text--but that's all they did. Robbed of this context, as is usually the case with reports of politically motivated cyberattacks, such manifestations are often presumed to be much more serious terrorist threats than is warranted. "When somebody defaces a Web site, it's roughly equivalent to spray painting something rude on the outside of a building," says James Lewis James Lewis can refer to:
The Gloom Boom Yet Washington hypes cyberterrorism incessantly. "Cyberterrorism and cyberattacks are sexy right now. It's novel, original, it captures people's imagination," says Georgetown's Denning. Indeed, a peculiar sort of one-upmanship has developed when describing the severity of the threat. The most popular term, "electronic Pearl Harbor," was coined in 1991 by an alarmist a·larm·ist n. A person who needlessly alarms or attempts to alarm others, as by inventing or spreading false or exaggerated rumors of impending danger or catastrophe. tech writer named Winn Schwartau to hype a novel. For a while, in the mid-1990s, "electronic Chernobyl" was in vogue. Earlier this year, Sen. Charles Schumer (D-N.Y.) warned of a looming "digital Armageddon." And the Center for Strategic and International Studies, a Washington think tank, has christened its own term, "digital Waterloo." Why all this brooding over so relatively minor a threat? Ignorance is one reason. Cyberterrorism merges two spheres--terrorism and technology--that most lawmakers and senior administration officials don't fully understand and therefore tend to fear, making them likelier to accede to accede to verb 1. agree to, accept, grant, endorse, consent to, give in to, surrender to, yield to, concede to, acquiesce in, assent to, comply with, concur to 2. any measure, if only out of self-preservation. Just as tellingly, many are eager to exploit this ignorance. Numerous technology companies, still reeling from the collapse of the tech bubble, have recast themselves as innovators crucial to national security and boosted their Washington presence in an effort to attract federal dollars. As Ohio State University Ohio State University, main campus at Columbus; land-grant and state supported; coeducational; chartered 1870, opened 1873 as Ohio Agricultural and Mechanical College, renamed 1878. There are also campuses at Lima, Mansfield, Marion, and Newark. law professor Peter Swire explained to Mother Jones, "Many companies that rode the dot-com boom See dot-com bubble. need to find big new sources of income. One is direct sales to the federal government; another is federal mandates. If we have a big federal push for new security spending, that could prop up the sagging market." But lately, a third motive has merged: Stoking fears of cyberterrorism helps maintain the level of public anxiety about terrorism generally, which in turn makes it easier for the administration to pass its agenda. Profit of Doom At the center of all this hype is Richard Clarke, special adviser to the president for cyberspace security, a veteran of four administrations, and terrorism czar to Bill Clinton. Even though he was a senior Clinton official, Clarke's legendary bureaucratic skills saw him through the transition; and when replaced by Gen. Wayne Downing after September 11, Clarke created for himself the position of cybersecurity czar and continued heralding the threat of cyberattack. Understanding that in Washington attention leads to resources and power, Clarke quickly raised the issue's profile. "Dick has an ability to scare the bejesus be·je·sus n. Slang Used as an intensive: The bear scared the bejesus out of us. [Alteration of by Jesus.] out of everybody and to make the bureaucracy jump," says a former colleague. The Bush administration has requested a 64 percent increase in cybersecurity funds for next year. Last month, I paid Clarke a visit in his office a few blocks west of the White House to talk about the threat and discovered that even he is beginning to wilt under the false pretense false pretense n. Law False representation of fact or circumstance, calculated to mislead. Noun 1. false pretense of cyberterrorism. As I was led back to meet him, his assistant made an odd request: "Mr. Clarke doesn't like to talk about the source of the threat, he'd rather focus on the vulnerability." And indeed, the man who figured most prominently in hyping the issue seemed particularly ill at ease discussing it. Clarke is in the curious bind of an expert on terrorism charged to protect the nation against a form of the disease that has yet to appear. But he is smart enough to understand that one very real cybersecurity threat is unfolding: the damage, largely economic, being done by hackers and criminals. Last year, 52,000 cyberattacks were reported, up from 21,000 the year before. Yet Clarke's greatest leverage is misperception mis·per·ceive tr.v. mis·per·ceived, mis·per·ceiv·ing, mis·per·ceives To perceive incorrectly; misunderstand. mis about the true source of this threat. In his careful way, he tried to guide our conversation away from terrorism and toward cybersecurity. "To date," he readily conceded, "we've never seen any of the officially designated terrorist groups engage in a cyberattack against us." But he stressed that little noticed in the aftermath of September 11 was a large-scale cyber-attack seven days later--the Nimda virus--that proved extremely costly to private industry. "Nimda hit a lot of businesses that thought they had done a good job securing themselves," Clarke explained. "And a lot of CEOs got really pissed because they thought they had spent a lot of time and money doing cybersecurity for the company and--bang!--they got hammered, knocked offline, their records got destroyed, and it cost millions of dollars per company." The $15 billion in damage caused by cyberattacks last year is derived mostly from worms, viruses, denial-of-service attacks, and theft, all of which capitalized on the generally lax cybersecurity in the private-sector businesses that comprise about 85 percent of the Internet. Many vulnerabilities are imported through the use of products by private companies, such as Microsoft, that supply software. There is no regulatory mechanism to ensure that they meet security standards; and as Clarke notes, "there's no legal liability if you are the software manufacturer and sell somebody something that doesn't work." He also pointed out that a typical company devotes one-quarter of 1 percent of its information technology budget to cybersecurity, "slightly less than they spend on coffee." By contrast, the Bush administration's FY 2003 budget would spend 8 percent, or 32 times higher a proportion. Yet even this considerable outlay doesn't guarantee that the government's systems are secure. The same poorly written and configured software that plagues private industry also hampers government computers--the federal government is, after all, Microsoft's largest customer. John Gilligan, the Air Force CIO and one of the fiercest advocates of stronger safety standards Safety standards are standards designed to ensure the safety of products, activities or processes, etc. They may be advisory or compulsory and are normally laid down by an advisory or regulatory body that may be either voluntary or statutory. in government, says that 80 percent of successful penetrations of federal computer systems can be attributed to software full of bugs, trapdoors, and "Easter eggs"--programming errors and quirks inserted into the code (see box) that could leave software vulnerable to hackers. What's more, as federal agencies move away from proprietary systems toward universal software, this becomes a greater problem not just in terms of security, but also of cost. "The assessment I make is that we're fast approaching the point at which we're spending more money to find, patch, and correct vulnerabilities than we paid for the software," says Gilligan. Bad for Business The danger of hyping a threat like cyberterrorism is that once the exaggeration becomes clear, the public will grow cynical toward warnings about real threats. The Chicken Little approach might be excusable were the Bush administration hyping cyberterrorism in order to build political momentum for dealing with the true problem posed by hackers and shoddy software. There is a precedent for this sort of thing. In the midst Adv. 1. in the midst - the middle or central part or point; "in the midst of the forest"; "could he walk out in the midst of his piece?" midmost of all the anxiety about the Y2K bug Y2K bug or Year 2000 bug or millennium bug Potential problem in computers and computer networks at the beginning of the year 2000. Until the 1990s, most computer programs used only the last two digits to designate the year, the first two digits being , the federal government and the SEC came up with a novel way to ensure that private companies were ready: They required businesses to disclose their preparations to shareholders, setting goals and letting market forces do the rest. There were high hopes, then, for the Bush administration's National Strategy to Secure Cyberspace--the culmination of a year's effort to address the country's post-9/11 cybersecurity problems. Clarke's team circulated early drafts that contained what most experts considered to be solid measures for shoring up Noun 1. shoring up - the act of propping up with shores propping up, shoring supporting, support - the act of bearing the weight of or strengthening; "he leaned against the wall for support" security in government, business, and home computers. But the business community got word that the plan contained tough (read: potentially costly) prescriptions, and petitioned the White House, which gutted them. When a draft of the plan was rolled out in mid-September, Bill Conner, president of the computer security firm Entrust, told The Washington Post, "It looks as though a Ph.D. wrote the government items, but it reads like someone a year out of grade school wrote the rest of the plan." It's hard to imagine a worse outcome for all involved, even private industry. By knuckling under to the business community's anti-regulatory impulses, Bush produced a weak plan that ultimately leaves the problem of cybersecurity to persist. It proposes no regulations, no legislation, and stops well short of even the Y2K See Y2K problem and Y2K compliant. Y2K - Year 2000 approach, prompting most security experts to dismiss it out of hand. What it does do instead is continue the stream of officially sanctioned scaremongering about cyberattack, much to the delight of software companies. IT security remains one of the few bright spots in the depressed tech market and thus that important sector of the market is perfectly satisfied with the status quo [Latin, The existing state of things at any given date.] Status quo ante bellum means the state of things before the war. The status quo to be preserved by a preliminary injunction is the last actual, peaceable, uncontested status which preceded the pending controversy. . But as the Nimda virus proved, even companies that pay for security software (and oppose government standards) don't realize just how poorly it protects them. So in effect, the Bush administration has created the conditions for what amounts to war profiteering--frightening businesses into investing in security, but refusing to force the changes necessary to make software safe and effective. The way the Bush White House has exaggerated the likelihood of cyberterrorism is familiar to anyone who's followed its style of government. This is an administration that will frequently proclaim a threat (the Saddam/al Qaeda connection, for instance) in order to forward its broader agenda, only to move on nonchalantly non·cha·lant adj. Seeming to be coolly unconcerned or indifferent. See Synonyms at cool. [French, from Old French, present participle of nonchaloir, to be unconcerned : non-, when evidence proves elusive or nonexistent non·ex·is·tence n. 1. The condition of not existing. 2. Something that does not exist. non . But in this case, by moving on, Bush leaves unaddressed something that really is a problem--just not one that suits the administration's interests. Forced to choose between increasing security and pleasing his business base, the president has chosen the latter. Hyping a threat that doesn't exist while shrinking from one that does is no way to protect the country. RELATED ARTICLE There is, for instance, an entire videogame secretly embedded, in Microsoft Excel (tool) Microsoft Excel - A spreadsheet program from Microsoft, part of their Microsoft Office suite of productivity tools for Microsoft Windows and Macintosh. Excel is probably the most widely used spreadsheet in the world. Latest version: Excel 97, as of 1997-01-14. 2000. "Spy Hunter For other uses, see Spy Hunter (disambiguation). Spy Hunter is a 1983 arcade game developed and released by Bally Midway. It was incredibly successful initially, and it has remained popular for many years. ," a shoot-'em-up driving game, in which race cars zoom down a highway, maneuvering around oil slicks and other obstacles, can be opened with a few keystrokes. To find the game: Under File menu, click "Save as Web Page," then "Selection: Sheet" and "Publish." Next, choose "Add Interactivity" and save to an .htm page on your drive. Load the .htm page with Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. . You should see Excel in the center of the page. Scroll down to row 2000, and tab across so that WC is the active column. Hold down "Shift" and press the space bar to highlight the WC cell. Then simultaneously depress Shift + Crtl + Alt and click the four-color "Office" logo in the upper-left-hand corner. If you have the original Excel 2000, the game will appear. Use the arrow keys Arrow keys are buttons on a computer keyboard that move the cursor in a specified direction. They are typically located at the bottom of the keyboard to the side of the numeric keypad, usually arranged in an inverted-T layout but also found in diamond shapes. to drive, spacebar to fire, "O" to drop oil slicks, and "H" for your headlights when it gets dark. JOSHUA GREEN is an editor of The Washington Monthly. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion