CIA reveals cyberterrorists targeting U.S.

Speaking publicly about information warfare threats for the first time, the director of the CIA said last week that several foreign governments are developing information warfare programs and that terrorist groups are watching how the United States responds to hacker attacks on government systems as a way to plan their own cyberattacks.

Testifying before the Senate Committee on Governmental Affairs, George Tenet emphasized that evidence indicates only one instance of an active, state-sponsored cyberattack on a U.S. government computer system. Tenet did not elaborate on the attack.

However, the threat from organized attacks is real, he said, because Iran, Iraq and Libya have enhanced their computer capabilities and are acquiring more information technology tools.

"Foreign nations have begun to include information warfare in their war college curricula with respect to both defensive and offensive applications," Tenet said. "Many of the countries whose information warfare efforts we follow realize that in a conventional military confrontation against the United States, they cannot prevail. These countries recognize that cyberattacks— possibly launched from outside the United States— represent the kind of asymmetric option they need to level the playing field during an armed crisis against the United States."

Tenet said a group that calls itself the Internet Black Tigers took responsibility for attacks last August on the e-mail systems of Sri Lankan diplomatic posts around the world, including those in the United States. In addition, Italian sympathizers of the Mexican Zapatista rebels have crashed World Wide Web pages belonging to Mexican financial institutions.

The intelligence community must be positioned to warn the government about cyberattacks, but information warfare defies conventional intelligence methods, Tenet said. "In the first place, those who would attack us, generally, are tough intelligence targets," Tenet said. "Second, they will use cheap, easily available technology techniques. Patterns will be difficult to spot. When attacks are detected, the source of the attack will be disguised."

Barry Collin, a senior researcher with the Institute for Security and Intelligence, said some of the countries Tenet referred to are known nuclear powers, including China, which teaches in its national defense university that the next victor of war will be an information warrior. Others, he noted, are smaller countries that have skipped the 20th century nuclear age and moved directly from the tanks and bullets of the 19th century to the information warfare of the 21st century.

"The availability of information...is so inexpensive, so ubiquitous that a lot of countries are making it a part of their [military] programs," Collin said. "Until now it has been sporadic.... Now it has become a forefront program for most countries."

In addition, the Year 2000 date-conversion problem in the United States and abroad is making systems more vulnerable, said Lt. Gen. Kenneth Minihan, director of the National Security Agency. Most other countries have not put a high priority on date-conversion efforts and are looking to the United States for a quick-fix solution. The Year 2000 problems in other countries threaten the physical and economic security of the United States, especially if Year 2000 problems affect nuclear command and control system "scopes" that provide situational awareness for nuclear officials.

"If that scope were displaying inconsistencies...you might think you're being attacked when in fact your software isn't working," Minihan said.