New Arenas: Organized Crime and Emerging Technologies
NEW ARENAS: ORGANIZED CRIME AND EMERGING TECHNOLOGIES
The concept of U.S. national security is constantly evolving and adapting to the changing global security environment. There are a variety of emerging trends and threats with which America has not had to deal before. At the same time, the domestic national security infrastructure itself is changing.
ORGANIZED CRIME AND NATIONAL SECURITY
Transnational threats to American national security include not only hostile states and terrorism but also organized crime, which is associated with a host of illicit activities. Drug trafficking, financial fraud, environmental crimes, and contraband smuggling, to name just a few, are not only threats to Americans and their communities but to U.S. business and financial interests as well as global stability and security.
Such crimes are of special concern to U.S. policy makers because in most cases there is no clear identifiable enemy to target. This is different from interstate conflicts, in which parties have well-defined targets, and wars, in which armies and rules of engagement are obvious to all sides. Any battles waged against the generic front of "drug trafficking" or "money laundering" are extremely hard to fight and require significant international cooperation.
The Nature of Organized Crime
As noted on its Web site (www.fbi.gov), the Federal Bureau of Investigation (FBI) defines organized crime as "any group having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities." Organized-crime groups have several characteristics in common. Much as it does with business, financial gain drives and sustains organized crime. Most groups carry out more than one type of crime. Although not an absolute requirement, many groups require their members to be of the same family or ethnic background in order to ensure loyalty and to pursue a common goal or scheme. Most organized-crime groups have become successful in one way or another by corrupting government officials. Another common characteristic is a hierarchical structure, with defined leadership-subordinate roles. In many cases, organized-crime groups are permanent and do not depend on the participation of one or a few individuals to exist, and the groups usually have influence over large areas of a region, country, or countries.
Organized-crime groups undertake a wide range of illicit global activities. They traffic in explosives, arms, narcotics, humans, metals, minerals, endangered flora and fauna, and Freon gas. They conduct extensive money laundering, fraud, graft, extortion, bribery, economic espionage, smuggling of embargoed goods, multinational auto theft, international prostitution, industrial and technological espionage, bank fraud, financial market manipulation, counterfeiting, corruption, and contract murder.
Of these activities, corruption is perhaps the biggest threat to states. Crime groups greatly compromise and jeopardize governments when they use corruption to achieve their aims. Organized criminals co-opt officials and leaders with a combination of bribery, graft, collusion, and/or extortion. Organized crime has successfully targeted such countries as Colombia, Italy, Thailand, Mexico, Russia, and Japan with payoffs or threats to justice officials to alter charges, change court rulings, lose evidence, or simply lose interest. By undercutting justice systems, these groups undercut society. Sometimes when organized crime targets members of police forces and armed forces, and those members do not cooperate, they become targets of hired assassins.
There is increasing interdependency among crime groups. The now largely defunct Medellin drug cartel in Colombia at one time joined with Russian and Italian mobsters to smuggle cocaine into Europe. In addition to conspiring with one another, crime groups also often fight with one another, which can be equally disruptive to the state. The Colombian and Mexican drug-smuggling rings have clashed more with each other than they have collaborated. Rival drug dealers and suppliers battle in New York, south Florida, and many European cities.
russia. Organized-crime groups originating in Russia and areas nearby are a growing concern. There are an estimated eight thousand Russian/Eastern European/Eurasian criminal groups, 150 of which are ethnic oriented. These include Chechens, Georgians, Armenians, and Russian-ethnic Koreans. At the time of the International Crime Threat Assessment (December 2000), Russian organized-crime groups were a major force in that nation's industrial and financial sectors. Automobile manufacturing, coal mining, and oil were among the industries they had penetrated. Russian organized crime groups are believed to maintain close ties to established American criminal groups and drug-trafficking organizations. They participate in complex criminal activity such as gasoline tax fraud, cyber-security breaches, bankruptcy fraud, insurance fraud, and health care industry fraud.
The international networks that underpin the drug trade are a complex network of drug producers, processors, traffickers, and street vendors, orchestrated by organized-crime groups—often more than one. For example, one network arranged for hashish originating in Pakistan to be transported to Mombasa, Kenya. There, it was added to a cargo of tea and reshipped to Haifa, Israel, by way of Durban, South Africa. Then the drugs went to a ship that took cargo to Constanza, Romania, every two weeks. From there, via Bratislava, Slovakia, it went to Italy, where it was sold. The head of the network was a Ugandan native who became a German citizen and worked for a Romanian company. When some of the perpetrators were apprehended in Constanza, they revealed the network.
Illegal drug trafficking is big business. No one knows precisely how much money is involved in the drug trade but it is probably in the hundreds of billions of dollars annually. This makes drug criminals very powerful, especially in poorer parts of the world. Governments of countries like Colombia, Peru, and Bolivia have largely been unable to significantly reduce their countries' production and export of drugs. The U.S. federal government's drug control budget for 2004 is over $12 billion, and state and local governments also spend billions of dollars fighting drugs. Drug use has mostly plateaued in the United States, but narcotics trafficking worldwide continues to grow because of increasing demand elsewhere.
Leaders of countries often view international crime, such as drug production, as domestic legal concerns. Because criminal groups are primarily concerned with making money, their political objectives, if any, may not seem significant. Leaders also can view transnational criminals, because they operate across international borders, as other countries' problems. The U.S. government has historically considered organized crime as a law enforcement issue, not a national security threat. However, the United States has become increasingly aware that international organized crime is much more than an extension of domestic crime. Highly organized illegal enterprises operate internationally, with scant regard for state boundaries. They become larger, more complex, and grow in number. They penetrate borders and operate with relative impunity in several states. Within national borders, they pollute the integrity of domestic governments. Their willingness to use violence is often more destabilizing than the activities of revolutionary or terror groups alone. In fact, there is a fine line between the two, and occasionally organized-crime groups may operate as both, or have ties to terrorist groups.
drugs and terrorism. Steven W. Casteel, assistant administrator for intelligence for the Drug Enforcement Administration (DEA), testified before Congress in May of 2003 about the many links between terrorist groups and drug smugglers—a phenomenon labeled narco-terrorism. In Afghanistan under the Taliban, drug money raised from the opium trade helped the fundamentalist Islamic government to support and protect Osama bin Laden and the al Qaeda terrorist group. In Colombia, three revolutionary groups routinely sell or trade cocaine with international crime organizations for guns and ammunition. Casteel testified that fourteen (or 39%) of the State Department's current list of thirty-six designated foreign terrorist organizations are connected in some way with the drug trade.
Countering money-laundering efforts has taken on increased importance in the wake of the September 11, 2001, terrorist attacks on America. Money laundered through legitimate companies and nonprofit organizations has been tracked to various terrorist activities. In January 2001 the U.S. Treasury Department issued a new money-laundering guidance system. The system primarily calls for private businesses and citizens to be more aware of their banking practices and to "apply enhanced scrutiny to their private banking and similar high dollar value accounts and transactions where such accounts or transactions may involve the proceeds of corruption by senior foreign political figures, their immediate family or close associates."
This issue gained increasing importance in late 2002, when money was believed to have been laundered for terrorist organizations through the bank of a Saudi Arabian princess. The 2003 National Money Laundering Strategy (Washington, DC: U.S. Department of the Treasury, 2003) reported that since 2001 "over 315 terrorist related entities have been designated and over $136 million in assets frozen." In November of 2003 the prominent Muslim leader Abdul Rahman al-Amoudi was accused of laundering money through front groups he operated, including the American Muslim Council and the American Muslim Foundation, and sending the money to the Hamas and al Qaeda terrorist groups. In July 2004 seven officers of a Texas-based Muslim charity called the Holy Land Foundation for Relief and Development were charged with providing $12.4 million to Hamas. Efforts to further tighten regulation of financial and charitable institutions around the world are a top priority for the administration of President George W. Bush. The United States is not alone in this effort. Many other nations have also taken strong measures to stop international criminal organizations and terrorists from misusing their own banking institutions. (See Table 11.1.)
The United Nations and Organized Crime
In November 2000 the United Nations Convention against Transnational Organized Crime and its Protocols was enacted. The convention is aimed at creating greater international cooperation against criminal organizations operating across national boundaries. Member states that ratify the convention agree to mutual legal assistance, extradition, law-enforcement cooperation, and technical assistance and training. Among the specific crimes addressed in the convention are money laundering and the smuggling of migrants.
The U.S. Response to Transnational Crime
The United States has adopted widely publicized policies for countering transnational threats such as terrorism and organized crime. These include Presidential Directive 62, signed in May 1998, which establishes a systematic approach to counterterrorism. An International Crime Control Strategy has also been created. Each year, a U.S. National Drug Control Strategy is adopted. Other legislative steps undertaken by the U.S. Congress to counter various transnational threats include: the 2001 USA Patriot Act ("Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism"), the Civil Asset Forfeiture Reform Act of 2000, the Money Laundering and Financial Crimes Strategy Act of 1998, and the Controlled Substances Trafficking Prohibition Act of 1998. The challenge now is to implement these strategies effectively.
In response to international crime, the FBI has three distinct strategies: first, provide an active overseas presence to establish relationships with foreign law enforcement agencies; second, train foreign law enforcement officers in both basic and advanced investigative techniques and principles to promote cooperation; and third, build an institution to help promote the rule of law in newly democratic republics, which will protect U.S. interests and citizens in these countries and bring stability to their regions.
INFORMATION TECHNOLOGY (IT) AND NATIONAL SECURITY
Many functions of national security, including the use of computers and communications to thwart or attack an enemy, are evolving rapidly. With each new improvement in information technology (IT), information warfare (IW) and computer security become more important issues for security planners. Federal, state, and local agencies involved in national security rely extensively on computer systems and electronic data. All computer systems, however, contain weaknesses and vulnerabilities that put critical operations and security assets at risk of compromise or disruption.
In 1998 an infrastructure-protection strategy was outlined in Presidential Decision Directive 63 to safeguard government and privately controlled systems from computer-based attacks. In December 2003, President George W. Bush issued Homeland Security Presidential Directive 7 (HSPD-7), which superseded Presidential Decision Directive 63 and established a national policy for the federal government to identify and prioritize critical infrastructure and key resources and to protect them from terrorist attack. The National Strategy for Homeland Security (Washington, DC: Department of Homeland Security, July 2002) identified the critical infrastructure sectors in need of protection from terrorist attack. (See Table 11.2.)
As part of the ongoing effort to implement HSPD-7, the Department of Homeland Security in February 2004 announced the creation of the Protected Critical Infrastructure Information (PCII) Program. This program enables private businesses voluntarily to submit confidential details of their critical infrastructure to the federal government. The government will identify potential security risks and thereby reduce their vulnerability to terrorist attack. Any widespread vulnerability issues discovered can be handled quickly at a national level through the centralized program. Critical infrastructure is defined as systems that, if disrupted, would threaten our national security, public health, and safety. They include utilities and hospitals. Since an estimated 85% of the nation's critical infrastructure is privately owned, the PCII Program is designed to create a system to improve cooperation between the public and private sectors on infrastructure security issues.
In another step meant to assist businesses in protecting their critical infrastructure, the Department of Homeland Security has also set up Information Sharing and Analysis Centers. Each center shares preventative measures, security information, and potential threats within a particular field, such as public health, information and telecommunications, banking and finance, and the food industry. The center for banking and finance, for example, has available that industry's first database of electronic security threats, vulnerabilities, incidents, and solutions.
|Efforts to combat money laundering worldwide, 2003|
|Actions by governments||Criminalized drug money laundering||Criminalized beyond drugs||Record large transactions||Maintain records over time||Report suspicious transactions (NMP)||Financial intelligence unit||System for identifying/forfeiting assets||Arrangements for asset sharing||Cooperates with international law enforcement||International transportation of currency||Mutual legal assistance||Non-bank financial institutions||Disclosure protection "safe harbor"||States party to 1988 UN convention||Criminalized financing of terrorism||Internaizedtional terrorism financing connection|
|Antigua & Barbuda||Y||Y||N||Y||M||Y||Y||Y||Y||Y||Y||Y||Y||Y||Y||Y|
|Bosnia & Herzegovina||Y||Y||N||Y||M||N||Y||N||N||N||N||N||N||Y||N||Y|
|British Virgin Islands||Y||Y||Y||Y||M||Y||Y||Y||Y||Y||Y||Y||Y||Y||Y||N|
|Congo (Dem. Republic)||N||N||Y||N||N||N||N||N||N||N||N||N||N||N||N||N|
|Isle of Man||Y||Y||Y||Y||M||Y||Y||Y||Y||Y||Y||Y||Y||Y||Y||N|
|Korea (Republic of)||Y||Y||N||Y||M||Y||Y||N||Y||Y||Y||Y||Y||Y||N||N|
|Papua New Guinea||N||N||N||N||N||N||N||N||N||N||N||N||N||N||N||Y|
|source: "Comparative Table," in International Narcotics Control Strategy Report 2003, Bureau for International Narcotics and Law Enforcement, Affairs, March 2004, http://www.state.gov/g/inl/rls/nrcrpt/2003/vol2/html/29928.htm (accessed September 23, 2004)|
|Sao Tome & Principe||N||N||N||N||N||N||N||N||N||N||N||N||N||Y||N||N|
|St Kitts &Nevis||Y||Y||Y||Y||M||N||Y||Y||Y||Y||Y||Y||Y||Y||Y||Y|
|Trinidad & Tobago||Y||Y||Y||Y||M||N||Y||Y||Y||Y||Y||Y||Y||Y||N||N|
|Turks & Caicos||Y||Y||Y||Y||M||N||Y||Y||Y||N||Y||Y||Y||Y||Y||N|
|United Arab Emirates||Y||Y||Y||Y||M||Y||Y||N||Y||Y||Y||Y||Y||Y||N||N|
|Critical infrastructure sector identified by the National Strategy for Homeland Security and Homeland Security Presidential Directive 7 (HSPD-7), 2004|
|source "Table 18. Critical Infrastructure Sectors Identified by the National Strategy for Homeland Security and HSPD-7," in Technology Assessment: Cybersecurity for Critical Infrastructure Protection, General Accounting Office, May 2004, http://www.gao.gov/new.items/d04321.pdf (accessed September 23, 2004)|
|Agriculture||Provides for the fundamental need for food. The infrastructure includes supply chains for feed and crop production.||Department of Agriculture|
|Banking and finance||Provides the financial infrastructure of the nation. This sector consists of commercial banks, insurance companies, mutual funds, government-sponsored enterprises, pension funds, and other financial institutions that carry out transactions includingclearing and settlement.||Department of the Treasury|
|Chemicals and hazardous materials||Transforms natural raw materials into commonly used products benefiting society's health, safety, and productivity. The chemical industry represents a $450 billion enterprise and produces more than 70,000 products that are essential to automobiles, pharmaceuticals, food supply, electronics, water treatment, health, construction and other necessities.||Department of Homeland Security|
|Defense industrial base||Supplies the military with the means to protect the nation by producing weapons, aircraft, and ships and providing essential services, including information technology and supply and maintenance.||Department of Defense|
|Emergency services||Saves lives and property from accidents and disaster. This sector includes fire, rescue, emergency medical services, and law enforcement organizations.||Department of Homeland Security|
|Energy||Provides the electric power used by all sectors, including critical infrastructures, and the refining, storage, and distribution of oil and gas. The sector is divided into electricity and oil and natural gas.||Department of Energy|
|Food||Carries out the post-harvesting of the food supply, including processing and retail sales.||Department of Agriculture and Department of Health and Human Services|
|Government||Ensures national security and freedom and administers key public functions.||Department of Homeland Security|
|Information technology and telecommunications||Provides communications and process to meet the needs of businesses and government.||Department of Homeland Security|
|Postal and shipping||Delivers private and commercial letters, packages, and bulk assets. The U.S. Postal Service and other carriers provide the services of this sector.||Department of Homeland Security|
|Public health and healthcare||Mitigates the risk of disasters and attacks and also provides recovery assistance if an attack occurs. The sector consists of health departments, clinics, and hospitals.||Department of Health and Human Services|
|Transportation||Enables movement of people and assets that are vital to our economy, mobility, and security with the use of aviation, ships, rail, pipelines, highways, trucks, buses, and mass transit.||Department of Homeland Security|
|Drinking water and water treatment systems||Sanitizes the water supply with the use of about 170,000 public water systems. These systems depend on reservoirs, dams, wells, treatment facilities, pumping stations, and transmission lines.||Environmental Protection Agency|
The Growth of IT: Processor/Chip Development
The fundamental driving force of the information revolution continues to be the rapid and consistent rate at which silicon-based devices, such as computer chips and microprocessors, are developing. Since 1981 processor speeds for personal computers have risen several hundredfold. Personal computers experienced similar increases in memory, hard-drive storage systems, and modem speeds. Bandwidths—communications line capacities—have also increased. Increased bandwidths have enabled leaps in the speed and convenience of common software functions such as scrolling text and transferring graphics. In addition, this type of technology has become more and more accessible to the general public, making life convenient but also creating dangerous tools.
These increased capabilities have transformed the way the U.S. government and military use technology and the way in which enemies of the United States are able to access information and potentially cause the country harm. In addition, the spread of technology has created an increasing interconnectivity between computer systems, which, though useful for many purposes, also creates substantial risks. According to the U.S. General Accounting Office (GAO) report Critical Infrastructure Protection: Federal Efforts Require a More Coordinated and Comprehensive Approach for Protecting Information Systems (July 22, 2002), the interconnectivity of government computer systems allows individuals or groups to launch attacks across a span of these systems or computers, making it easy to disguise identity, location, and intent. In turn, this can make it difficult to find the attackers. Potential risks include the compromise of confidential material, disruption of communications and computer-assisted operations, and corruption of the integrity of data. Table 11.3 lists some of the computer-related threats to the U.S. government that the GAO has observed.
The terrorists that struck the United States on September 11, 2001, made use of easily obtained technology, such as e-mail and cell phones, to orchestrate the attacks. By using public computers, such as those in Internet cafés and public libraries, and cell phones, potential attackers can decrease law enforcement and intelligence agencies' ability to find or stop them.
|Threats to critical infrastructure, 2004|
|source: "Table 6. Threats to Critical Infrastructure," in Technology Assessment: Cybersecurity for Critical Infrastructure Protection, General Accounting Office, May 2004, http://www.gao.gov/new.items/d04321.pdf (accessed September 23,2004)|
|Criminal groups||International corporate spies and organized crime organizations pose a threat to the United States through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop hacker talent.|
|Hackers||Hackers sometimes crack into networks for the thrill of the challenge or for bragging rights in the hacker community. While remote cracking once required a fair amount of skill or computer knowledge, hackers can now download attack scripts from the Internet and launch them against victim sites. Thus, while attack tools have become more sophisticated, they have also become easier to use. According to the Central Intelligence Agency (CIA), the large majority of hackers do not have the requisite tradecraft to threaten difficult targets such as critical U.S.networks. Nevertheless, the worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage.|
|Hacktivists||Hacktivism refers to politically motivated attacks on publicly accessible Web pages or e-mail servers. These groups and individuals over loade-mail servers and hack into Web sites to send a political message. Most international hacktivist groups appear bent on propaganda rather than damage to critical infrastructures.|
|Insider threat||The disgruntled organization insider is a principal source of computer crimes. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a victim system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat also includes outsourcing vendors.|
|National governments and foreign intelligence services||Several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power—impacts that could affect the daily lives of U.S. citizens across the country. The threat from national cyber warfare programs is unique because they pose a threat along the entire spectrum of objectives that might harm U.S. interests. According to the CIA, only government-sponsored programs are developing capabilities with the prospect of causing widespread, long-duration damage to U.S.critical infrastructures.|
|Terrorists||Terrorists seek to destroy, incapacitate, or exploit critical infrastructures to threaten national security, cause mass casualties, weaken the U.S.economy, and damage public morale and confidence. However, traditional terrorist adversaries of the United States are less developed in their computer network capabilities than other adversaries. Terrorists likely pose a limited cyber threat. The CIA believes terrorists will stay focused on traditional attack methods, but it anticipates growing cyber threats as a more technically competent generation enters the ranks.|
|Virus writers||Virus writers are posing an increasingly serious threat. Several destructive computer viruses and worms have harmed files and hard drives, including the Melissa Macro Virus, the Explore.Zip worm, the CIH (Chernobyl) Virus, Nimda, Code Red, Slammer, and Blaster.|
The Expanding Scope of Information Warfare (IW) against the U.S. Government
The scope of IW can be defined by the "players" and three dimensions of their interactions: their nature, level, and arena (means of interaction). Nation-states or combinations of nation-states are not the only players. Nonstate actors (including political, ethnic, and religious groups; organized crime; international and transnational organizations; and even individuals, empowered by laptops and fast Internet connections) are able to launch information attacks and develop information strategies to achieve their desired ends. They can pose information threats, engage in information attacks, and develop digital warfare strategies, such as the introduction of digital "viruses" and "worms," to achieve their ends. (A digital virus is usually passed from computer to computer via e-mail in attachments sent to unsuspecting people. Digital worms are a type of computer attack that propagates through networks without user intervention.) Some examples of particularly problematic attacks are shown in Table 11.4.
Attacks on information systems are a fact of life in the information age. Only a small portion of these attacks result in significant loss or damage—the vast majority do not. These are the computer equivalents of crimes such as trespassing, public nuisance, minor vandalism, and petty theft. Yet large companies and the government are at risk from attacks against their computer systems and networks, as well as espionage committed with IT.
classifying threats. As with any national security concern, the first task of those who would undertake information warfare defense (IWD) is to identify and classify threats. Some planners refer to such threats within a spectrum known as "the threat space." The consequences of failing to counter attacks in the range of threats on one end of the spectrum are isolated and limited, but on the other end are potentially catastrophic consequences. Planners divide the threat space into three main areas, or regions: (1) everyday—troublesome challenges that exact a price in vigilance but do not pose a threat to national security; (2) potentially strategic—may or may not have national security implications; and (3) strategic—have definite national security implications.
In the category of everyday threats are attacks on commercial targets, which include information-age versions of fraud, theft, and white-collar crimes, combined with some transformations of violent crime into virtual form. Some of these attacks can amount to bank robbery, when money is transferred out of accounts. However, attacks by competing commercial organizations typically do not target money but rather vital information, also known as trade secrets. Still, theft of trade secrets has the potential for more serious consequences than isolated thefts or embezzlement. Such attacks may constitute "economic spying" or commercial espionage and can become a potential strategic threat (part of the middle area of the threat space) when foreign companies target key industries.
|Types of cyber attacks, 2004|
|Type of attack||Description|
|source: "Table 9. Types of Cyber Attacks," in Technology Assessment: Cybersecurity for Critical Infrastructure Protection, General Accounting Office, May 2004, http://www.gao.gov/new.items/d04321.pdf (accessed September 23, 2004)|
|Denial of service||A method of attack that denies system access to legitimate users without actually having to compromise the targeted system. From a single source, the attack overwhelms the target computer with messages and blocks legitimate traffic. It can prevent one system from being able to exchange data with other systems or prevent the system from using the Internet.|
|Distributed denial of service||A variant of the denial-of-service attack that uses a coordinated attack from a distributed system of computers rather than a single source. It often makes use of worms to spread to multiple computers that can then attack the target.|
|Exploit tools||Publicly available and sophisticated tools that intruders of various skill levels can use to determine vulnerabilities and gain entry into targeted systems.|
|Logic bombs||A form of sabotage in which a programmer inserts code that causes the program to perform a destructive action when some triggering event occurs, such as terminating the programmer's employment.|
|Sniffer||Synonymous with packet sniffer. A program that intercepts routed data and examines each packet in search of specified information, such as passwords transmitted in clear text.|
|Trojan horse||A computer program that conceals harmful code. A Trojan horse usually masquerades as a useful program that a user would wish to execute.|
|Virus||A program that "infects" computer files, usually executable programs, by inserting a copy of itself into the file. These copies are usually executed when the infected file is loaded into memory, allowing the virus to infect other files. Unlike the computer worm, a virus requires human involvement (usually unwitting) to propagate.|
|War-dialing||Simple programs that dial consecutive phone numbers looking for modems.|
|War-driving||A method of gaining entry into wireless computer networks using a laptop, antennas, and a wireless network adaptor that involves patrolling locations to gain unauthorized access.|
|Worms||An independent computer program that reproduces by copying itself from one system to another across a network. Unlike computer viruses, worms do not require human involvement to propagate.|
The second area of the threat space is potentially strategic threats, attacks on the country's national or international physical/monetary infrastructures. These include attacks on systems and services related to public safety, energy, finance, and communications. Hackers mount the vast majority of these attacks. Their motives run the gamut from financial to entertainment to sociopathy to terroristic.
Only a small number of such lone-perpetrator attacks are likely to have strategic consequences, although they can clearly result in significant data loss, interrupted services, and stolen assets. It is conceivable that a hacker attack could somehow mushroom into a national security concern, though unlikely. A well-planned and coordinated infrastructure attack would be another matter, however, and would probably qualify as digital warfare, with strategic consequences.
The strategic category of the threat space contains a relatively small number of threats that must be defended against with great vigor. These would include attacks against U.S. systems that control and safeguard weapons of mass destruction and the country's minimum essential emergency communication network. Other systems and/or networks in this category would be associated with the National Command Authority; command, control, communications, and intelligence; and intelligence, especially information regarding sources and methods.
Information attackers have their choice of the time, place, medium, and method of attack. The technology edge also goes to the attacker—it is difficult to perfect defenses at an affordable cost. Defense planners know that IW is a learning environment, with attackers learning from undetected attacks, whether successful or not, and both sides learning from detected attacks, whether successful or not.
In 1988 the Defense Advanced Research Projects Agency, a Department of Defense (DOD) agency, established a Computer Emergency Response Team (CERT) to address the computer security concerns of research users. Based on incidents reported to CERT, an estimated 90% of IW attacks are perpetrated using readily available tools and techniques. Only one attack in twenty is noticed by the victim. Corresponding results of a Defense Information Systems Agency study show that only one in twenty IW attacks may even be reported, and similar findings have been reported by others.
Despite the lack of reporting, in a small number of cases IT technology used against major corporations and the U.S. government can cause major financial and national security costs. According to CERT (in the GAO report Critical Infrastructure Protection), the number of cyber attacks against critical infrastructure has risen remarkably since the terrorist attacks of September 11, 2001. In the first six months of 2002 alone, information-security incidents rose to almost 45,000, with all incidents for the entire year of 2001 numbering about 55,000. In 2003 over 137,000 incidents were reported. (See Figure 11.1.)
computer crimes and the government. By the 1990s computer-assisted crime became a major part of white-collar crime, and it has had an impact on the way the government works. Computer crime is faceless and
bloodless, and the financial gain can be huge. The National Institute of Justice defines different types of computer criminal activity as:
- Computer abuse—A broad range of intentional acts that may or may not be specifically prohibited by criminal statutes. Any intentional act involving knowledge of computer use or technology … if one or more perpetrators made or could have made gain and/or one or more victims suffered or could have suffered loss.
- Computer fraud—Any crime in which a person uses the computer either directly or as a vehicle for deliberate misrepresentation or deception, usually to cover up embezzlement or theft of money, goods, services, or information.
- Computer crime—Any violation of a computer-crime law.
A common computer crime involves tampering with accounting and banking records, especially through electronic funds transfers. These electronic funds transfers, or wire transfers, are cash-management systems that allow the customer electronic access to an account, automatic teller machines, and internal banking procedures, including online teller terminals and computerized check products. Money could potentially be taken from the U.S. government through these methods.
Computers and associated technology (printers, modems, computer bulletin boards, e-mail) are used for credit card fraud, counterfeiting, bank embezzlement, theft of secret documents, vandalism, and other illegal activities. The 2004 E-Crime Watch Survey (CSO magazine/U.S. Secret Service/CERT Coordination Center, May 25, 2004) estimated a loss from computer crimes of $666 million for 2003. This estimate includes the cost of time lost because of computer operations being shut down. That figure may be an underestimate because many victims try to hide the crime. The government and businesses may not want to admit that their computer security has been breached and their confidential files and accounts are vulnerable. No centralized databank exists for computer-crime statistics, and computer crimes are often written up under other categories, such as fraud and embezzlement.
In 1986 Congress passed the Computer Fraud and Abuse Act (PL 99-474), which makes it illegal to carry out fraud on a computer. The Computer Abuse Amendments of 1994 (PL 103-322) make it a federal crime "through means of a computer used in interstate commerce or communications … [to] damage, or cause damage to, a computer, computer system, network, information, data, or program … with reckless dis-regard" for the consequences of those actions to the computer owner. This law refers to someone who maliciously destroys or changes computer records or knowingly distributes a virus that shuts down a computer system.
The 2004 Computer Crime and Security Survey was conducted by the Computer Security Institute in San Francisco, California, with the participation of the FBI's San Francisco Computer Intrusion Squad. According to the survey results, of 481 computer security practitioners, government agencies, major U.S. corporations, financial and medical institutions, and universities, 53% had detected computer-security breaches in the previous twelve months. Over $141 million was reported lost because of computersecurity breaches, down from $201 million in 2003.
According to the survey, the most serious financial losses ($26 million) resulted from denial of service. Still, despite the significant amount of financial losses, only 20% of respondents stated that they reported the computer intrusions to law enforcement. This low level of reporting may have to do with an unwillingness to reveal how vulnerable the company is to computer-security breaches or that valuable proprietary information stolen.
Survey respondents reported various types of attacks on, or unauthorized uses of, their computer systems. Some 59% of respondents stated they had detected employee abuse of Internet access privileges, such as downloading pornography or pirating software. Almost 80% reported the detection of computer viruses. Ten percent of respondents reported the theft of proprietary information, and less than 5% reported financial fraud.
For the government, one type of computer crime involves the sabotage or threatened sabotage of its computer systems and networks. It is almost impossible to determine how often this happens because few incidents are reported. In the computer age, several new scenarios of sabotage involving employee threats have come into being. A disgruntled employee might want to take revenge on the government. A systems administrator responsible for running computer systems might feel unappreciated. A discontented employee might create a "logic bomb" that explodes a month after he or she has left and destroys most or all of the computer records, bringing operations to a halt.
Although infrequent, charges have sometimes been brought against those who destroy a company's computer system. In February 1998 the U.S. Department of Justice (DOJ) brought charges against a former chief computer network program designer of a high-tech company that did considerable work for the National Aeronautics and Space Administration (NASA) and the U.S. Navy. The designer had worked for the company for eleven years. After he was terminated, it was alleged that in retaliation he "intentionally caused irreparable damage to Omega's computer system by activating a 'bomb' that permanently deleted all of the company's sophisticated software programs." The loss cost the company at least $10 million in sales and contracts. Such crimes committed directly against government agencies could have the potential for even greater damage.
computer hacking: easy enough for kids? Illegal accessing of a computer, known as hacking, is a crime juveniles frequently commit. When it is followed by manipulation of the information of private, corporate, or government databases and networks, it can be costly. Another means of computer hacking involves creation of a "virus" program. The virus resides inside another program and is activated by a predetermined code to create havoc in the host computer. Virus programs can be transmitted either through the sharing of disks and programs or through e-mail.
Cases of juvenile hacking have been around for at least two decades and have included teens getting into more than sixty computer networks, including the Memorial Sloan-Kettering Cancer Center and the Los Alamos National Laboratory in 1983; several juvenile hackers accessing AT&T's computer network in 1987; and teens hacking into computer networks and Web sites for NASA, the Korean Atomic Research Institute, America Online, the U.S. Senate, the White House, the U.S. Army, and the DOJ in the 1990s.
In 1998 the U.S. Secret Service filed the first criminal case against a juvenile for a computer crime. In 1997 computer hacking by the unnamed perpetrator shut down the airport in Worcester, Massachusetts, for six hours. The airport is integrated into the Federal Aviation Administration's traffic system by telephone lines. The suspect got into the communication system and disabled it by sending a series of computer commands that changed the data carried on the system. As a result, the airport could not function. (No accidents occurred during that time.) According to the DOJ, the juvenile pled guilty in return for two years' probation, a fine, and community service. U.S. Attorney Donald K. Stern, lead attorney for the prosecution, observed: "Computer and telephone networks are at the heart of vital services provided by the government and private industry, and our critical infrastructure. They are not toys for the entertainment of teenagers. Hacking a computer or telephone network can create a tremendous risk to the public and we will prosecute juvenile hackers in appropriate cases."
On September 21, 2000, a sixteen-year-old from Miami pled guilty and was sentenced to six months' detention for illegally intercepting electronic communications on military computer networks. The juvenile admitted that he was responsible for August and October 1999 computer intrusions into a military computer network used by the Defense Threat Reduction Agency (DTRA), an arm of the DOD. The DTRA is responsible for reducing threats against the United States from nuclear, biological, chemical, conventional, and special weapons.
On December 6, 2000, eighteen-year-old Canadian Robert Russell Sanford pled guilty to six felony charges of breach of computer security and one felony charge of aggravated theft in connection with cyber attacks on U.S. Postal Service computers. Sanford was placed on five years' probation but could have been sentenced to up to twenty years in prison. Sanford was also ordered to pay over $45,000 in restitution fines for the cyber attacks.
the vulnerability of the u.s. department of defense (dod). In 1998 hackers broke into unclassified Pentagon networks and altered personnel and payroll data. Two teenaged Americans and a twenty-one-year-old Israeli later pled guilty to the incidents. According to Military and Cyber-Defense: Reactions to the Threat (Center for Defense Information, Washington, DC, November 8, 2002), Department of Defense computer systems were being attacked 250,000 times a year in the mid-1990s. In response to this threat, measures were taken to increase the cyber security of military computer systems, including the ability to identify intruders before they reach a Department of Defense computer system at all. The numbers of cyber attacks had dropped by 2001, when only 14,500 probes were made by hackers; only 70 of these attempts were able to breach security measures and get in. In 2003, the Guidelines for FBI National Security Investigations and Foreign Intelligence Collection (http://www.usdoj.gov/olp/nsiguidelines.pdf) was revised to specifically authorize the FBI to investigate "foreign computer intrusion" from hackers employed by foreign governments to disrupt or destroy American military computer systems.
it espionage. In a computerized global economy, where any advantage given to the competition can mean success or failure for a company, trade secrets, copyrighted information, patents, and trademarks become important. The collapse of a large corporation because of the loss of such information could have widespread effects on the U.S. and world economies. In addition, companies that create military supplies, weapons, and the like for the government may have information that could be deadly in the wrong hands. Although most major companies have developed sophisticated security systems to protect their secrets, the American Society for Industrial Security and PriceWaterhouseCoopers Trends in Proprietary Information Loss Survey (http://www.asisonline.org/newsroom/surveys/spi2.pdf) estimated that potential losses to American businesses from thefts of proprietary information were $59 billion in 2002.
The theft of classified corporate information has become a major issue for national governments worldwide. Many governments have begun to use their national intelligence organizations to protect local companies from espionage by foreign companies or governments. In the United States the Central Intelligence Agency has tried to convince Congress that the agency could be useful in protecting American companies from foreign industrial spies. The Economic Espionage Act of 1996 (PL 104-294) made it a federal crime to steal trade secrets for another country.
other threats. Most of the crimes listed above were committed with readily available tools. Of most concern to the U.S. government are attacks that might move beyond these easily available tools and techniques to cause significant damage and disruption to the U.S. information infrastructure, compromising the integrity of vital information. Analysts have been able to identify groups, domestic and global, with the motivation and opportunity to launch such attacks. Given the present vulnerabilities of many U.S. computer systems, a well-planned, coordinated strategic IW attack could have major consequences. Such an attack, or the threat of such an attack, could thwart U.S. foreign policy objectives, degrade military performance, result in significant economic loss, and undermine citizens' confidence in government. In light of such threats, the U.S. government is taking a proactive approach to defense.
Finding Solutions: Protecting the United States
Because both attackers and defenders make adjustments after every IW attempt they make or perceive, defense against such threats is not a one-time effort but a continuous activity. Collection and analysis of information about attacks is vital if defenders are to stay on par with the attackers. Defenders must be proactive and anticipate future methods of attack so that timely defenses can be developed.
Over the years, several executive orders, presidential directives, and acts have focused on, or mentioned activities related to, protecting cyber-critical infrastructure. Since the attacks of September 11, 2001, the USA Patriot Act and the Aviation and Transportation Security Act have been enacted. To deal specifically with cyber attacks against the nation's computer systems, The National Strategy to Secure Cyberspace (Washington, DC: White House, February 2003) called for government and the private sector to work together to secure cyberspace: "The purpose of this document is to engage and empower Americans to secure the portions of cyberspace that they own, operate, or control, or with which they interact." As part of that effort, in January 2004 the Department of Homeland Security announced the creation of the National Cyber Alert System, designed to alert Americans with timely and actionable information to better secure their computer systems from potential attack. Under this system, interested computer users can subscribe to several e-mail alert options:
- Cyber Security Tips: Targeted at nontechnical home and corporate computer users, the biweekly tips provide information on best computer security practices and "how-to" information.
- Cyber Security Bulletins: Targeted at technical audiences, bulletins provide biweekly summaries of security issues, new vulnerabilities, potential impact, patches and work-arounds, as well as actions required to mitigate risk.
- Cyber Security Alerts: Available in two forms—regular for nontechnical users and advanced for technical users—Cyber Security Alerts provide real-time information about security issues, vulnerabilities, and exploits currently occurring. Alerts encourage all users to take rapid action.
Other methods of protection using new and emerging technology include facial recognition software and bio-metric fingerprinting systems, both of which might be used to identify suspect criminal aliens at ports of entry or in other places. In 2001 alone three government agencies (the State Department, DOJ, and DOD) had received over $10.6 million by June to research such facial recognition technology. In the spring of 2004 the National Institute of Standards and Technology tested eighteen commercially available biometric fingerprinting systems. After a two-month testing period, Government Security News (August 2004) reported that the best systems available are 99.9% accurate in identifying individuals based on a scanned copy of their fingerprints.
Experts at the National Defense University have developed a defense-in-depth strategy against IW attacks to deal with the previously mentioned threat levels. The strategy suggests three successively stronger defensive levels corresponding to everyday threats, potentially strategic threats, and strategic threats. Basic to this thinking is that more sophisticated threats will come from fewer sources. The first two lines of defense are designed to identify and separate the most skilled, resourceful, and persistent adversaries. The last line of defense is meant to fully repel them. Intelligence and monitoring efforts are concentrated on a smaller population, increasing the chances of a successful defense. Layered on top of these lines of defense are "information first" and "security first" approaches: For everyday threats, the goal is to protect against access to information; for more strategic threats, the goal is to keep hackers out by restricting access and/or connectivity.
using iw to protect the united states. U.S. national security strategies now recognize and use IW as an instrument of national power either independent of or complementary to U.S. military operations. American IW against an adversary usually bears a resemblance to classic methods of competition, conflict, and warfare but also uses more recent methods. It can run the gamut from propaganda campaigns (including media war) to attacks (both physical and nonphysical) against commanders, their information sources, and their means of communicating with their forces.
The Persian Gulf War of 1991 has become known as America's first information war. In that war, the power of IT was used to leverage information, significantly improving all aspects of warfare, including logistics, command, control, communications, computers, intelligence, surveillance, and reconnaissance. The victory of the United States and its allies in the Gulf War deterred potential adversaries from taking on the United States in the same manner as Iraq and fostered much thinking about new strategies for countering conventional forces. Thus, IW has become a strategy for our time: Potential adversaries want to engage in it, as the United States does, to achieve some of the objectives of conventional warfare.
IWD embodies actions taken to defend against information attacks, especially those against decision makers, their information, and their communications. These attacks can be launched during peacetime at nonmilitary targets by nonmilitary groups, both foreign and domestic. National security planners attempt to defend against many different kinds of information attacks, with a focus on attacks against the U.S. information infrastructure.
IW has some potential characteristics that traditional military planners strive for, including low-cost precision and stealth. IW can threaten the ability of a state's military to interpose itself between its population and "enemies of the state," causing what defense planners term a "loss of sanctuary"—just what the United States strives to achieve with its air, sea, and missile defense systems. Sanctuary can be defined as a working space, or buffer, between the population and territorial intrusions by alien enemies.
Information attacks can be very effective in destroying the image of sanctuary. Repeated attacks create a perception of vulnerability and loss of control and can cause a loss of public confidence in the state. These impacts can far exceed any actual damage. This makes the problem of IW challenging.
How will the United States respond to information attacks? As of 2004 there was no consensus. Yet, given that IW can be an instrument of power for niche competitors and nonstate actors, it needs to be taken seriously.
Some software engineers and others believe the country is not as vulnerable to information attacks as has been claimed. They point to overlaps and duplications that would make it very hard to completely disrupt a given set of services or functions.
Battlefield Systems Technology
new technology and its limits. The roots of information-based battlefield and computer warfare go back several decades, along with technical and signals intelligence collection by satellites and sensors. Digital information of many kinds is of increasing importance in battlefield warfare, including command and control, mission planning, simulation, intelligence, and psychological operations. Indeed, every aspect of physical war and of gauging the threat of war is being transformed by the ever-quickening speed and ever-lessening cost of collecting, processing, and transmitting information.
The most important new battle technologies of modern warfare are precision-guided munitions, long-range airborne and space-based sensors, tandem global positioning systems (GPS), and inertial navigation systems (INS). With these new technologies, almost any target or source of information that can be located and identified can be engaged and disabled.
Because of this, a military offense must spend more time seeking targets than it previously did, and a military defense must spend more time and resources hiding them. Hiding can be done by getting them to mimic background or civilian objects and masking their "signatures"—the distinctive visual, radar, or spectroscopic profiles that, when recognized by a weapons system, enable it to identify the object as the target and destroy it. Traditional principles of battle warfare, such as firepower and maneuvering, lessen a bit in importance with these new technologies.
global positioning systems (gps). National security specialists know that it will be difficult to maintain the current American advantage in IW in coming decades. Relevant technologies increasingly spring from the commercial marketplace, not the military, often becoming available without restriction to prospective enemies. Sophisticated, well-funded opponents may be able to buy or lease an array of advanced communications and control technologies from around the world: for example, GPS, surveillance, communications, direct broadcast, internetworking, cryptography, and air-based imaging systems. The costs of such purchases will likely decrease, as will the costs of IW in general.
GPS, in particular, is rapidly becoming commercially and universally available, with devices costing just a few hundred dollars able to receive signals. For example, accurate GPS data can enable rocket attacks against U.S. forces deployed in smaller contingents. In addition, GPS, coupled with surveillance data and other equipment, can place nearly any fixed facility at risk, including most U.S. logistics dumps, barracks, and command headquarters. These cannot be well hidden and thus can be identified and located if someone knows their general vicinity. If the facilities are public, a terrorist could target it with a portable GPS device on-site.
Overhead surveillance can locate fixed facilities with an accuracy of within a meter or two. With the fall of the Soviet Union, a vigorous market developed in such Russ-ian imagery. In the next few decades, the sale of satellites with similar capabilities will permit many countries to acquire and transmit such imagery nearly in real time.
It is conceivable that in a time of crisis, the American military could degrade GPS signals worldwide so that U.S. forces could determine locations far more closely than their adversaries. However, as a practical matter, three factors make this option difficult to implement. First, the U.S. government has promoted the use of GPS for civilian purposes, most notably commercial aviation. Only a major and prolonged crisis could justify the global degradation of information upon which others rely for their safety. Second, GPS may be complemented by other navigation systems, or what specialists call "communications constellations." Third, the development of differential GPS means that if a set of fixed points near a target can be located with precision, the target itself can be located with similar precision. So-called differential correction systems have also come online throughout North America, Europe, and East Asia. Their accuracy often exceeds that of military systems without differential correction.
unmanned aerial vehicles (uavs). Additional information-gathering capability comes from the use of digital video cameras on unmanned aerial vehicles (UAVs). UAVs, also known as drones, do the battlefield and reconnaissance tasks formerly assigned to manned aircraft, but without a pilot aboard. Instead, they are piloted remotely from the ground by radio links. The advantages are that human life is not placed in harm's way and the vehicle can be designed without having to safeguard and support an onboard human pilot.
Since the mid-1990s commercially available digital-imaging systems mounted on UAVs have been able to collect high-resolution imagery fifty miles to each side of themselves with real-time data links to ground locations. Although the initial resolution of such systems was imprecise, higher-resolution digital cameras are becoming more widely available. In addition, digital cellular telephony is already available through several technologies. Within several years, such technology may be widely available globally and have bandwidth high enough to transmit imagery directly.
blocking communications and hiding troop movements. In UAV and satellite imaging American forces might attempt to deny an enemy communications capability by blocking access to third-party satellites. Such an attempt, however, could present several political obstacles. Commercial satellites have a variety of corporate owners in different countries, and not every satellite owner would necessarily cooperate with U.S. forces. If cooperation were incomplete, an opponent's access to satellite links would not be entirely blocked. Jamming signals to and from geosynchronous satellites also usually requires being in their line of sight; thus, it is probably not feasible for the United States to jam all signals to and from them.
Global low-earth-orbit cellular systems would make it even more unlikely that the United States could block an adversary's communications that were handled by a third party. System managers could refuse to transmit signals into or out of a region, but doing so would limit or eliminate local service and service to nonbelligerent neighboring states. It would be hard to shut down a system used by a terrorist group operating inside a friendly country or to interrupt a more primitive system they were using, based on, say, a citizen's band (CB) radio. Similarly, in any attempt to disrupt another nation's air traffic control network, it would be difficult not to interfere with international air traffic control operations in the general vicinity.
Increasing global satellite connectivity also decreases the chance for military activity to go undetected. Daylight infantry movements can now be kept secret only to the extent an area is not electronically connected to the out-side world. But as even the most remote sites become ever more tied to the global communications network, such movements are more likely to be noticed—and counteracted. The predicted marriage between digital video cameras and digital cellular means that many more military movements will potentially be liable to detection.
The communications and information revolutions have tended to knit the world together. More than ever, to disrupt an enemy's communications is to disrupt those of one's friends. Increasing global communications connectivity—thanks to new technologies such as advanced semi-conductors, advanced computers, fiber optics, cellular technology, satellite technology, and advanced networking (including the Internet)—has empowered individuals, governments, and armies, making U.S. national security tasks in this area much more difficult and complex.