Communists, Blofeld et al plan cyber Pearl Harbor for US

Head White House spook swatter makes lurid budget pitch


Analysis Don't look now, but the cyber 'missile gap' might be turning into an issue. Speaking at Microsoft's Safenet 2000 conference on Friday, top White House security official Richard Clarke painted a grim picture of foreign powers setting up cyber warfare squads intent on unleashing an electronic Pearl Harbor on the USA.

And they're at it already - Clarke, who is National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the White House National Security Council, told the select invited audience that these "information warfare squadrons" are now mapping US networks, looking for vulnerabilities. They could even be doing more than that, he hinted darkly.

Here come the Zeroes...
Shortly, the US really will have a new President, and people like Clarke are going to have to bring him up to speed: "The new President," he says, "will get an intelligence briefing that will tell him that crackers, criminals, and foreign powers are building sophisticated cyber attack capability and doing reconnaissance on our networks today. So whatever he does about cyber security, the new President better move fast."

Yes, that's right folks, Clarke has an expensive plan and wants a budget for it. Back in the 60s large quantities of dollars were secured on the basis of a missile gap that didn't exist, and now whoever turns out to be Prez is going to have the willies scared out of him about communist terrorist SMERSH spook squads led by Blofeld the instant he turns up for the intelligence briefing. We wouldn't be in the slightest bit surprised if another 30 years down the line these turn out to be largely imaginary too.

Clarke's pitch is slightly impaired by how difficult it is today to grasp who the states with the crack cyber squads could be, and we suspect this may be why he doesn't seem to have made it in his actual speech.

The Evil Empire is no more, and if you're trying to define things that could conceivably fall into the category of enemies, you're struggling to get much beyond Cuba and North Korea, neither of which is entirely credible as a state-of-the-art tooled-up cyber-warrior.

But who knows, maybe their lack of IT equipment is in itself a threat to the Free World, given that it confers a certain immunity to Echelon; carbon paper could be the V-weapon de nos jours.

Uninvent the Internet

Colourful, budget-getting presentation aside, the underlying axes Clarke has to grind are fairly clear. As far as the Internet is concerned: "Security was not a design criterion. Those who wish to do us ill in cyberspace can do so easily. They can steal information, invade our privacy, rob our money, extort concessions, and may even be able to disrupt and shut down major infrastructure such as electric power grids, telecommunications networks, and Defense command control systems."

To some extent, this is true, but as The Reg's saintly cyberspace guru Thomas C Greene repeatedly points out, it's generally people leaving doors open that makes hacking so damnably easy.

Clarke however sees security vulnerabilities that need an expensive Big Fix, and his proposed one seems strangely familiar. "We have a chance now to make security features inherent rather than appendages... our focus must be the new network." He proposes more secure switches, operating systems (a tip of the hat to the host here), and traffic management protocols. This should be done "as part of a private-public partnership."

It's legacy stuff anyway

Significantly he differentiates between the "legacy" network and the "new" network before getting on to his proposal - for an ever-expanding new network where security is inherent and absolute. Perforce, the current Internet must be what he terms the "legacy" one.

He splits them on the basis of "the current area of anonymity on one side and a secure zone for critical infrastructure on the other." In the latter privacy and security can be achieved, "but only if we end anonymity" (and can't you just hear those axes grinding away?).

The axes get louder. "What I envision is a secure critical infrastructure zone within cyberspace where messages could travel on fiber and switches exclusively serving authenticated messages. To secure that zone from attacking Trojan horses, there may have to be portals and customs inspectors. Participants may have to mutually design a form of scanning for known viruses, just as we consent to have our carry-on scanned before we are allowed to enter airspace. Such scanning can, I believe, be designed consistent with the highest standards of protection of privacy rights."

Remember this guy will have the President's ear, and - particularly if it's the one with the short attention span - will have terrorised him with visions of global secret conspiracies led by sinister men stroking fluffy white cats.

"I propose that Government and Industry in partnership, and with privacy rights advocates fully involved, examine whether such a secure area can be built in cyberspace." Industry will no doubt confirm that it can be, before you can say "lucrative defense contract."

The Brainiac Darpanet

He sees the network as first covering the US Department of Defense, which by a miraculous coincidence appears to have been falling seriously in love with his Redmond hosts over the past couple of years. And of course there's an exquisite irony to it all, because this will be what you might call the Brainiac Darpanet. From that humble (but lucrative for the IT industry) beginning, "the walls might be moved out to include banking and finance or electric power generation and distribution. Our goal would be to make this critical infrastructure zone of cyberspace immune to disruption from outside."

Entry to the secure zone would be voluntary for businesses, but presumably outfits wanting to engage in electronic commerce with other outfits (like the DoD) inside it would have to join them on the other side of the wire and the watch towers. Whatever, this "voluntary" zone "should be designed, built, and operated largely by the private sector."

Those of you with memories stretching back a tad over five years may remember quite a few outfits first rejecting the Internet in favour of something more secure they'd run up themselves, and then falling back on 'build a better Internet' plans which didn't work. Microsoft and AT&T were in this camp (AT&T for a lot longer than Microsoft), it didn't work, but here we go again, if we get Clarke's meaning properly.

But here, as Clarke signs off, comes what sounds like another axe. "The Federal Government, in my personal opinion, needs someone truly in charge of cyber security and with some power and budgetary clout, a Chief Information Infrastructure Officer. Such an official should be confirmed by the Congress and have authority to create and enforce standards of computer security for essential government systems. This official should also play an important role in the private-public partnership."

Now, who on earth might be able to do that job? Hasn't this guy got a long enough job title already? ®


Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021