Fed Offices Gird Against Hackers
Hearings start in Congress today on how to keep computer wizzes away from airport towers, pork-belly prices, and more.
What if hackers broke into the Social Security Administration's computers and scrambled the names and addresses of those receiving benefits? What if antinuclear protesters - or worse, a hostile nation - breached Energy Department computers and discovered the transportation route of nuclear material?
For years, Washington has put the security of top-secret Pentagon computers above that of lower-profile civilian agencies that quietly process workaday data, such as pork-belly prices, national classroom scores, and personal information on welfare recipients.
But Washington is increasingly aware that in the information age, any government entity can be the target of computer hackers, from ankle-biting amateurs to experienced experts, who use their skills for wide-ranging reasons.
The result: Federal authorities are launching a counterattack on several fronts. A national cybercop has been named to combat computer crimes.
And starting today, Congress is holding two days of hearings aimed at investigating the government's computer weaknesses, while raising awareness about the danger hackers pose.
"Threats to our federal computer systems could make flying an airplane a game of Russian roulette - and could seriously jeopardize our national security," warns Sen. Fred Thompson (R) of Tennessee who will chair the hearings in the Governmental Affairs Committee.
To better understand the mind-set of the hacker -from the teenage thrill seeker to the terrorist nation bent on breaking into government systems - the panel will hear from testimony from "Brian Oblivion" and "Space Rogue," members of LOPHT Heavy Industries, a self described "hacker think tank" in Boston.
The Senate hearings will also highlight two General Accounting Office reports set for release Wednesday examining federal weaknesses and how to best protect against attack.
A key goal of the federal effort is to head off what is described as "the big one" - an attack that would be the cyber-equivalent of an Oklahoma City bombing. While not detonating in the physical world, experts say it could wreak an equal amount of havoc.
"It is vital that you openly understand and acknowledge the pervasiveness of the existing vulnerabilities ... and the likelihood that they are getting worse," warns Peter Neumann, the principal scientist at SRI International in Menlo Park, Calif. He is the lead witness at this week's hearings.
Details are already emerging of a federal system often besieged. The Justice Department, Commerce Department, and NASA have all been breached. Sometimes the intrusions involve simply vandalizing a home page. Sometimes they are far more serious.
Already, investigators have a hint of the possibilities.
Last year, for instance, a teenage hacker shut down telephone links to the regional airport in Worcester, Mass., for six hours.
Controllers were left to guide incoming planes with one cellular phone and battery-powered radios. The boy is now serving two years' probation.
And hackers have disabled 911 emergency systems in several different areas of the country.
The evolution of the information age and ever-better skills of "bad actors," as hackers are called, creates a problem that one official says "snuck up" on the government.
"The Social Security Administration is in the business of administering benefits. In the past they haven't been in the business of building secure systems to secure their data," says Joseph Portale, director of the information security services practice at The Investigative Group International in Washington.
As the government moves to secure itself system by system, authorities admit they don't know the scope of the hacking problem against federal agencies. Nor do they know how often federal computers are infiltrated or how much data is compromised.
"One of the characteristics of this whole new area is trying to get our arms around what the threat is," says Ken Geide, director of computer protection at the newly formed National Infrastructure Protection Center.
Mr. Geide is the nation's first top cop for cyberspace. "Information systems are embedded in every service our nation has come to expect," he explains.
Part of what will put a stop to hackers, says Geide, is a change in the reluctance of infiltrated agencies to admit they were breached. Such reluctance often stems from fear of exposing the weakness to the hacker community that could encourage others.
Geide says there's a new push to encourage immediate notification of authorities once penetration is detected. With the trail still warm, investigators can better track down the hackers.