Study: IT increases terrorist threat

A study released last week by a senior group of national security experts concluded that the spread of advanced cyberweapons and weapons of mass destruction will enable terrorists and other groups to target large populations of U.S. citizens.

According to the report - conducted by the U.S. Commission on National Security in the 21st Century, a senior panel of national security experts tasked by Defense Secretary William Cohen to chart future threats facing the United States - the increase in nontraditional threats stemming from information technologies and chemical and biological weapons will make Americans "much less secure" at home "than they now believe themselves to be."

Not only will the Defense Department face more sophisticated adversaries on the battlefield, but average citizens will be at risk from "well-planned cyberattacks on the air traffic control system" and other attacks involving chemical or biological weapons, the report concluded.

"Americans will likely die on American soil [and] possibly in large numbers," the report stated. In addition, "many other countries will learn to launch satellites, to communicate and spy, and disaffected groups will develop techniques of denial and deception in an attempt to thwart U.S. intelligence efforts," according to the report, called "New World Coming: American Security in the 21st Century."

In an official statement on the report, Cohen said the initial report sets the stage for the commission's next report, which will focus on identifying solutions and will be released in the spring. "To the extent future challenges and current systems are incompatible, the commission will recommend changes and draft a plan to implement them," Cohen said. "In a way, this report poses the questions to be addressed - the next two phases offer answers."

The study comes at a critical time in the budget process for DOD, as it continues to wrestle with pressing needs to raise salaries, improve the quality of life of service members and replace aging equipment. Although the House last week passed a $289 billion Defense authorization bill, which provides $8.3 billion more than the Clinton administration's original budget request, competing priorities have shifted the focus away from the type of research and development needed to combat the future threats outlined in the commission report.

However, a section of the House Defense appropriations bill calls for $150 million in funding to improve DOD computer security. "This motion asks the Congress to think about the kind of threats that we will face in the future, not the kind of threats we have faced in the past," said Rep. David Obey (D-Wis.). The House and Senate still must agree on the bill and its provisions in conference.

Meanwhile, a study due out this week by the Government Electronics and Information Technology Association (GEIA) predicts real growth in the Defense budget for the first time in 10 years and confirms the decline in R&D funding.

The study, which GEIA plans to release Sept. 22 at its 35th annual 10-Year Defense & NASA Electronics Forecast Conference, places projected future Defense spending at $290 billion annually - the highest level since 1993. However, R&D funding - a key factor in DOD's ability to respond rapidly to emerging high-tech threats - will continue to decline by $3.6 billion during the next five years, according to GEIA's analysis.

Governmentwide expenditures for IT are expected to reach $35 billion during the next five years, and the Defense industry is helping to push that spending along, GEIA officials said. "For the first time in years, it is the Defense agencies that are the drivers of the growth," said Mary Freeman, a member of the GEIA's 10-Year Forecast Committee.

In fact, out of the DOD's $280 billion in projected budget authority for fiscal 2000 alone, IT spending will account for about $7 billion, said Richard Wieland, chairman of the 10-Year Forecast Committee. "This is the biggest budget dollar forecast we've seen in the last seven years."

Michael Kush, chairman of GEIA's defense team, said much of the growth in DOD's IT spending habits also can be attributed to the fact that IT is considered a weapon system similar to tanks and fighter jets. "IT has become part of the force structure," said Kush, adding that the rising importance of information security is a major driver behind the trend.

Jude Franklin, chairman of GEIA's Enabling Technologies Committee, called the decline in science and technology research "sinful," adding that there remains a pervasive need throughout DOD for new technologies that can provide consistent battlefield understanding. "If we don't maintain a healthy increase in funding, we're not going to be able to do the things in the future that have given us our lead today," Franklin said.

On the Other Hand...

When asked about the conclusions of the commission study, a source close to the commission's proceedings said about 90 percent to 95 percent of DOD's current R&D has nothing to do with the threats outlined in the commission report. In addition, many of the report's conclusions seemed implausible, the source said. "If you're asking about a clear and present danger, it doesn't fit the criteria," according to the source.

However, Tim Bass, chief executive officer of The Silk Road Group and a longtime information security consultant for the Air Force, said a lot of the operational and tactical aspects to computer network defense can be accomplished without high-tech tools or expensive research and development. According to Bass, simple configuration management changes and process re-engineering offer examples of low-cost, high-payoff solutions on which DOD can rely.

"On the other hand, from a strategic [perspective], there is a considerable amount of necessary R&D in basic cybersciences that requires government funding," Bass said. "Developing cyberspace command and control systems and the underlying technologies are one example of a large shortfall in our knowledge infrastructure."