DOD preps for Y2K-related cyberattacks

Fears that Year 2000 computer failures could provide cyberterrorists or hackers an open door to critical computer systems, the Defense Department has begun to boost intelligence operations and has put technologists on alert to better defend the nation's crucial networks.

Tears that Year 2000 computer failures could provide cyberterrorists or hackers an open door to critical computer systems, the Defense Department has begun to boost intelligence operations and has put technologists on alert to better defend the nation's crucial networks.

DOD and intelligence officials are concerned that rogue nations or foreign intelligence agents may use Year 2000 failures as a smokescreen to take down or steal electronic information from sensitive DOD networks.

Officials also are concerned that the lack of Year 2000 status information on ports, airfields and telecommunications facilities worldwide may hinder plans to document military strategies for high-risk areas of the world, such as North Korea and Iraq.

A report released last week bolstered DOD's concerns. Sen. Robert Bennett (R-Utah), chairman of the Special Committee on the Year 2000 Technology Problem, released a report that warned the public that potential Year 2000 problems could give cyberterrorists access to government systems.

Sandia National Laboratories officials told the committee that "terrorists, hackers and other criminals might use Y2K-induced infrastructure failures as cover for theft, arson, bombings, etc."

To track the threat of terrorists using Year 2000 snafus to attack computers, the Pentagon has established five graduated Year 2000 alert levels that DOD will use to warn units of imminent Year 2000-related threats (see chart). The five readiness posture levels are intended to be "the minimum requirement" for all DOD organizations, according to an official Pentagon message sent this month to units throughout DOD.

Under the highest state of Year 2000 vulnerability—Y2K Posture Level One—DOD units are advised to prepare for "deliberate information operations attacks and opportunistic engagements by hostile forces."

Defense Secretary William Cohen is expected to issue the first Year 2000 posture statement after Sept. 30, according to the message.

Meanwhile, DOD's Central, European and Pacific commands have expressed concern about the lack of Year 2000-related intelligence information on key commercial ports, airfields and telecommunications facilities worldwide that the Pentagon may need to use during crises. According to a DOD message sent last month, DOD's Transportation Command, the principal agency responsible for transporting DOD personnel, supplies and equipment around the world, has identified 98 installations in 32 countries as "key to the execution" of responding to any Year 2000 crises.

"[The Central Command] needs help with commercial ports [and] airfields for which little information is readily available," the message stated. "Saudi Arabia and Kuwait are key countries," and power, water and communications systems are the main problem areas, according to the message. The message outlined similar challenges being faced by other regional commands, including U.S. forces in South Korea, and alluded to the need to expand the Pentagon's host nation telecommunications studies.

The lack of substantive information and the potential for hackers and foreign intelligence agents to exploit gaps in DOD's Year 2000 preparedness have compelled intelligence and security officials to take part in joint planning sessions.

The Joint Task Force for Computer Network Defense (JTF-CND), which organizes the defense of DOD computer networks and systems, and the FBI's National Infrastructure Protection Center, which leads the federal response to cyberattacks, are sponsoring a conference Oct. 4 and 5 called "Preparing for the Cyber War." The program will offer a classified look at intelligence, law enforcement and counterintelligence issues, as well as JTF-CND's Year 2000 operations plan.

The Information Warfare Support office in the Defense Intelligence Agency (DIA) plans to host a top-secret briefing Oct. 7 to determine how the intelligence community plans to collect and share information on malicious network activity that may take place during the Year 2000 date change.

DIA is billing the conference as "an analytic exchange" focusing on computer network attacks and computer network exploitation associated with Year 2000.

"There are no real usable charts when it comes to the new terrain of cyberspace," said Navy Cmdr. Robert Gourley, chief of the intelligence division at the JTF-CND, during the agency's recent ribbon-cutting ceremony. The presence of online terrorists and espionage agents "has given rise to the need for an on-scene intelligence capability," he said.

Steven Aftergood, an intelligence specialist working for the Project on Government Secrecy at the Federation of American Scientists, said there is no way of knowing what steps are being taken to prepare from an intelligence perspective, but "it must include intelligence collection on known and suspected cyberthreats as well as defensive measures to reduce vulnerability of vital systems and to increase redundancy" of systems.

Allen Thomson, a former CIA analyst, said the likely threat from Year 2000 is the potential disruption of logistic trains that depend on companies and countries that have not taken proper precautions. "I'd hope U.S. forces have enough beans and bullets to last a couple of weeks if the suppliers and intermediate transportation links couldn't function for a while," Thomson said.

MORE INFO

DOD Y2K Posture Levels

Level One

Highest state of Year 2000 vulnerability. Widespread failures and deliberate information operations attacks probable. Augmented emergency watch teams and strict communications restrictions may be imposed.

Level Two

Localized disruptions probable. Technical support personnel may be placed on standby. DOD-wide communications restrictions may be imposed.

Level Three

Localized disruptions from Y2K-induced failures possible. Technical staffs will be augmented. Normal communications procedures will be followed.

Level Four

Disruptions unlikely. Normal staffing will be maintained.

Level Five

No Year 2000 vulnerability. No restrictions necessary.

BY Daniel Verton
Sept. 27, 1999

More Related Links