Novel explores U.S.-Iraq cyberwar

Iraq has launched a cyberattack against the United States, targeting everything from critical infrastructure networks to government systems. Authorities are hamstrung by political and legal impediments, forcing a cyber vigilante to lead a rebel force against Iraq, which makes him the target of the U.S. government as well as the terrorists.

While that scenario is fictitious, it is not nearly as farfetched as it was even a few months ago, and government readers are increasingly interested in what the author of a new novel — "No Outward Sign" (Writers Club Press, November 2002) — has to say.

Bill Neugent, chief engineer for cybersecurity at Mitre Corp., has recently accepted invitations to give talks on cyberterrorism at Sandia National Laboratories and the Department of Veterans Affairs.

Neugent said that although his book is fiction, it examines the concept that industry, government and the public are essentially "naked in cyberspace," with privacy diminishing, identity theft on the rise and financial accounts highly vulnerable.

He added that although cyberterrorism is a real threat, the general public does not share the fear felt in government and industry circles where it is better understood.

"With cyberterrorism, there's not the fear and intimidation like with the sniper.... It's not that gut wrenching," Neugent said. "It's more hollow, like reading the business section and looking at the stock market."

Last month's Slammer worm, which exploited known vulnerabilities in Microsoft Corp.'s SQL Server 2000 database software to generate a high enough volume of work for servers to slow or shut down, was about 250 times faster than previous worms. Of the 75,000 machines it affected worldwide, most were infected in about 10 minutes. That speed is "jaw-dropping," and Slammer may be the first of many like it, he said.

But the news is not all bad. Neugent said the Defense Department and government networks did a good job containing Slammer and are far better protected than they were in the past, although "there's still a long way to go."

One of the most frustrating aspects of cyber protection is that even as industry continues to produce newer and better software and applications, the number of vulnerabilities associated with those doubles every year, he said.

"The dilemma is that with the stronger underpinnings, there are two times as many holes to patch," Neugent said.

The White House's recently released National Strategy to Secure Cyberspace is a step in the right direction, he said, adding that he is especially pleased that it gives the Homeland Security Department the authority to establish "government red teams" to conduct cyberattack exercises against the nation's critical infrastructure networks and then increase protection through those operations.

As a Mitre employee, Neugent said he shared many passages in his book with his customers — DOD and intelligence community officials — to ensure that nothing in the novel could be used by a terrorist or rival government against the United States.

"I erred on the side of caution because I didn't want to encourage the bad guys, but I did want to nudge the good guys into action," he said.