Via NY Transfer News Collective * All the News that Doesn't Fit excerpt from ... INTELLIGENCE ISSN 1245-2122 N. 43, New Series, 9 September 1996 Publishing since 1980 Editor Olivier Schmidt (email intelligence-adi@wanadoo.fr; web http://www.blythe.org/Intelligence; tel/fax 33 1 40 51 85 19; post ADI, 16 rue des Ecoles, 75005 Paris, France) Copyright ADI 1996, reproduction in any form forbidden without explicit authorization from the ADI. A one year subscription (23 issues with full index) is US $315. FRONTPAGE USA: POOR MANAGEMENT & INADEQUATE TECH AS "CYBERTERROR" In mid-July, President Bill Clinton issued an executive order creating the Infrastructure Protection Task Force (IPTF) which is "to detect, prevent, halt or confine" terrorist assaults, especially "cyberterrorism". So when the lights go out or your computer crashes, you'll know where to call. This follows CIA director John Deutch's early-July Senate testimony that cyberspace attacks were one of the top threats to U.S. national security. Rand Corporation's Robert Anderson added, before the same Senate subcommittee, that a cyber attack against the U.S. civil sector would produce significant and enduring consequences ... just like every major power outage that occurs every summer in the U.S. when it's hot and everybody turns on the air conditioning or when major airport radar systems crash from overload or employee errors. Mr. Deutch wants a cyberwar center at the National Security Agency (NSA) when what's really needed is better design and management of known technologies and well-programmed introduction of newer technologies. But that costs money and, under budget restrictions and intense economic competition, it's reliability and management which are cut first. The U.S. Army knows something about the problem with its 3,700 different computer systems. The Army wanted to modernize and render compatible under the belabored Sustaining Base Information Services (SBIS) program which, after three years and $158 million, still hasn't produced one single replacement system. The SBIS experience, which has discovered still- functioning equipment designed and produced more than 20 years ago, has faltered on the major stumbling block of "inadequate software technology, industry incompetence, flawed procurement process and naive expectations", according to one specialist. The defense of the United States is far more likely to "crash" due to these concrete problems than to hypothetical "cyberterrorists" from "rogue nations" with less than a few hundred computer-literate persons and little or no access to the Internet. This fact is not lost to U.S. defense specialists who, when setting up the Information Warfare Team at the U.S. Air Force Rome Laboratory in New York state, to address this "major national security threat" put to work on the subject ... six persons. Their list of five areas of research -- that makes one and 1/5 research areas per person -- reads like a normal computer security manual: integrity and availability, risk analysis and management, recovery, indications and warning, and intrusion. According to Vanderbilt University professor and Internet specialist, Donna L. Hoffman, "there are no dead bodies in the street" but there is definitely a federal government push to rein in the free-wheeling Internet which is usually used to explore weaknesses in federal and private sector information systems. But up to now, such "attacks" have largely been by U.S. hackers (see pp. 18 & 19 in this issue) and sometimes by citizens or intelligence services of other "computer literate" G-7 countries (see below). The "cyberterrorists" haven't yet shown their grisly faces. As for often-cited example of cyberterrorists "taking out" the U.S. power grid, according to an Internet note by an electric power engineer with 20 years experience, Tracy Pettit, anyone with a little pocket money and elementary knowledge of electricity can "buy a power broker's license and a copy of NetScape to surf the net and ... deduce the major power bottlenecks in power grids". Usually located in remote or rural areas, the equipment associated with power grid bottlenecks could be "taken out" by most local right-wing militiamen who would be difficult to qualify as "cyberterrorists". The use of modern information technologies requires a far less adversarial approach, as recommended in a study, "The Unintended Consequences of Information Age Technologies", published this summer by the Institute for National Strategic Studies of the U.S. National Defense University in Fort McNair near Washington. A more evolutionary design and acquisition strategy is needed with tests that provide constructive feedback instead of rigid pass/fail answers. Despite this well-argued recommendation, the federal government is forging ahead with authoritarian measures intended to control modern communications technologies. On 25 July, the House approved funding for the FBI's "Digital Telephony" bill which would fund wiretaps without public oversight. And a major political battle is shaping up this fall over cryptography (see p. 20 in this issue). Under public pressure, the Clinton administration, on 12 July, proposed a series of new encryption initiatives but public specialists and the computer industry remain skeptical because the government still wants to impose key escrow programs. There are now two bills in Congress calling for deregulation of export controls on encryption software. With the first "live cybercast" on 25 July of Senate hearings on encryption, the cat may be out of the bag and the administration will probably have a very difficult time fighting against grassroot "cyber democracy". "Netizens" or "cyber citizens" heard FBI director Louis J. Freeh state that "there is only one solution to this national and international public safety threat posed by conventional encryption -- that is, key escrow encryption". Indeed, a few days later, the G-7 met and agreed to "accelerate consultations on encryption" although other members didn't follow Mr. Freeh's recommendations. But Mr. Freeh's point was made on 18 August when someone -- hacker, disgruntled employee or provocateur -- penetrated the Department of Justice's home page and "trashed it". However, Internet users are much more worried by the current "spam" epidemic of destructive email advertising on the Internet, a problem which the FBI doesn't seem to be addressing. * Also in this issue... FRONTPAGE U.S.A. - POOR MANAGEMENT & INADEQUATE TECH AS "CYBERTERROR" p.1 TECHNOLOGY AND TECHNIQUES SECURITY RESOURCES ON MISSING AND EXPLOITED CHILDREN p.2 EAVESDROPPING ON GSM DIGITAL CELL PHONES p.3 COMPUTER CRIME COUNTERMEASURES, GUIDES AND "TOOL KITS" p.4 MAPS - Chicago Fights Crime with Maps. p.5 OLYMPICS - Almost IBM's "Waterloo". p.6 NAMES - CIABASE & NAMEBASE Updates. p.7 DATA BASES - Washington's Fall Harvest. p.8 EAVESDROPPING - Practical Primer. p.9 TERRORISM - List of Major Conventions. p.10 DRUGS - Enforcing the Enforcers. p.11 STEALTH - Tamara Hard to Sell Anywhere. p.12 SELF-DESTRUCT - More "Bombs" in Gaza. p.13 PEOPLE DANILO BLANDON - U.S.A./NICARAGUA p.14 JOSE MARIA SISON - NETHERLANDS/PHILIPPINES p.15 SADIQ SADAH - IRAQ/GREAT BRITAIN p.16 KHALID IBN MAHFOUZ - SAUDI ARABIA p.17 U.S.A. - Kevin Lee Poulsen. p.18 U.S.A. - Ed Cummings. p.19 U.S.A. - Peter Junger. p.20 GREAT BRITAIN - Richard Tilt. p.21 NORTHERN IRELAND - HUGH TORNEY. p.22 GERMANY - Bruno Breguet. p.23 GERMANY - Berge Balanian. p.24 SLOVAKIA - Oskar Fegyveres. p.25 POLAND/U.S.A. - Ryszard Kuklinski. p.26 BULGARIA - Mikhail Dobrev. p.27 RUSSIA/SWEDEN - Hans Peter Nordstrem. p.28 RUSSIA - Anatolii Kuznetsov. p.29 PERU - Vladimiro Montesinos. p.30 PALESTINE - Amin Abdel Salaam. p.31 AGENDA COMING EVENTS FROM NOW TO 31 OCTOBER 1996 p.32 INTELLIGENCE AROUND THE WORLD U.S.A. - FIRING MISSILES AT CIVILIAN AIRLINERS p.33 No Smoke, No Drink, But Intelligence at Legion Fete. p.34 The CIA's "Niche" Recruiting Campaign. p.35 FBI Everywhere, Even in the "Backyard". p.36 Barron's FBI-KGB Story. p.37 NRO "Openly" Selling Its Wares. p.38 GREAT BRITAIN - GUN CONTROL OPTIONS COMING UP p.39 PUBLIC BALANCING OF THE TORY'S SECRET BOOKS p.40 NORTHERN IRELAND - LOYALIST POLITICAL & MILITARY UNITY SHATTERS p.41 FRANCE - NO SUMMER "TIME OUT" IN INTERNECINE WARFARE p.42 NETHERLANDS - Executive Order Changes Spies' Names. p.43 GERMANY - HAM-HANDED TACTICS GALVANIZES WORLD AUTONOMOUS LEFT p.44 PROSECUTORS STILL GOING AFTER MARKUS WOLF p.45 WESTERN EUROPE - Sheep Call in the COMSEC Wolf. p.46 POLAND - "Getting the Works" in Security & Intelligence. p.47 SLOVAKIA - JUSTICE VERY SLOWLY GRINDS DOWN MECIAR & LEXA p.48 BULGARIA - CIA Visit Followed by Results. p.49 RUSSIA - Plots Galore. p.50 MEXICO - The "Mordita" Bites Back at Cops. p.51 COLOMBIA - Latin Heroin Replaces Asian. p.52 HAITI - Cooler Heads Get Down to Intelligence Exchange. p.53 GUATEMALA - Intelligence Oversight Board Report on CIA. p.54 ARGENTINA - Progress on Anti-Jewish Bombings. p.55 PALESTINE - U.S. Intelligence Cooperation On Track. p.56 Eleventh Security Force Created. p.57 IRAQ - SADDAM WINS ANOTHER ONE BY LOSING p.58 SAUDI ARABIA - A "Hot" Western Intelligence Academy. p.59 CAMBODIA - Kidnapped Brit Military Expert Causes Concern. p.60 HONG KONG - A QUIET RETREAT AFTER INTELLIGENCE EVACUATION p.61 ================================================================= NY Transfer News Collective * A Service of Blythe Systems Since 1985 - Information for the Rest of Us 339 Lafayette St., New York, NY 10012 http://www.blythe.org e-mail: nyt@blythe.org =================================================================