Feeds

US govt views Y2K rollover with fatalism

It's all going horribly wrong -- shucks...

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

It was with calm fatalism that the US Senate Y2K Committee listened to discouraging expert testimony last week. No one in the room doubted for a moment the Millennium Bug will initiate a major, worldwide cock-up yielding, at best, an opportunity for Alpha Geeks everywhere to learn from inevitable and widespread system failures. "Since [my involvement with] Y2K, I've become aware in ways I never had before of just how vulnerable the United States is to some kind of breakdown," Committee chairman Sen. Robert Bennett (R -- Utah) said with a wry smile. Clearly he knows something we don't. The witnesses -- none of whom contradicted the Senator -- offered little comfort. The bad news is self-evident. The good news is, well, not terribly good. The Y2K rollover will, with luck, at least provide "essential lessons" and a golden opportunity to "observe the impact of cyber failure", America's Critical Infrastructure Assurance Office (CIAO) director John Tritac remarked, with something bordering on an eccentric scientist's joyful anticipation of some fascinating calamity. The sexy topics for this hearing were cyberterrorism and information warfare. The cast of witnesses included Michael Vadis, director of FBI's National Infrastructure Protection Center (NIPC); John Koskinen, chairman of the President's Information Coordination Center (ICC); and Richard Schaeffer, director of infrastructure and information assurance for the Department of Defence (DOD). Their theme, endlessly repeated, was that Y2K stuff-ups are going to provide an unfortunate layer of cover for terrorists and hostile military organisations belonging to various tribes without the law, enabling them to visit secret plagues upon information systems graciously maintained by decent Christian peoples. To hear them go on about it, one might imagine that the Internet is in reality a late incarnation of the Carolingian Empire. Barbarians at the Gate No one is saying whether the digital barbarians really are at the gate, or who they are if so. But regardless of how one may interpret the Good vs Evil melodrama, NIPC's Vadis claims it will be extremely difficult to distinguish between a malicious information attack and a Y2K breakdown when the rollover arrives. And he should know. With an interesting mix of hubris and humility he predicted that foreign militaries might try to "equalise their disadvantage in conventional warfare with the United States by going after our soft underbelly -- our dependence on information technology", and try to "take out" essential infrastructure services such as energy, transportation and banking. With that eventuality in mind, the Clinton administration has called for the creation of the Information Coordination Center (ICC), to be established and administered by presidential advisor John Koskinen. The ICC, Koskinen envisages, will serve as an information clearinghouse, speedily organizing and relaying real-time insights into global Y2K fiascoes to military, government, and essential private-sector service providers the world over. The ICC will perform "global situational monitoring" and relay news and advice through its several information centers, or virtual "help desks" as Koskinen calls them, which will be organised according to specific categories of industry. If there should be a problem with a traffic control system, for example, the manager would be routed to the ICC "help desk" manned by the US Department of Transportation; if an electric power grid goes down, the utility would be routed to the ICC desk maintained by the Department of Energy, and so on. Nuclear Attack No one mentioned the ultimate horror, an attack or a critical breakdown involving nuclear power facilities, but the terrible implication lurked throughout the discussion. Indeed, much of Koskinen's testimony centered on potential "energy" problems, though neither he nor anyone else dared utter the N-word. Even technocrats can be superstitious, after all. ICC will come into being on 30 December 1999, and "sunset" in March 2000, so long as Congress approves its US $40-50 million budget. Things look good so far. "As an appropriator," chairman Bennett said, "I must ask whether spending $40 to $50 million for such a brief period is wise." But Bennett is realistic: "If we spend $40 million for a weekend, and it does help us avoid a significant Y2K disaster, then it will be $40 million well spent," he observed. Clearly the ICC budget is a shoo in. Cyberwarfare Conspicuously absent from the hearing was Richard Clarke, national coordinator for infrastructure protection and counter-terrorism for the White House National Security Council (NSC). He had long been expected; but late the night before, White House lawyers acting on behalf of the NSC found a pretext to prevent him testifying. The obvious goal here was to prevent him being grilled on NSC's draft document regarding the Federal Intrusion Detection Network (FIDNet), leaked a day earlier. He had not been "confirmed" by the Senate, the Clinton legal team discovered at the eleventh hour, and no doubt with much relief and delight. Committee co-chair Sen. Christopher Dodd (D -- Conn) was ready with a shopping list of inconvenient questions for Clarke, which he lobbed here and there at the other witnesses who had no such handy escape, and most significantly at NIPC's Vadis, who repeatedly refused to answer some of the Senator's questions. Sandbagged by the Clintonites: it wasn't Vadis but Clarke who, by rights, ought to have been squirming in the hot seat, flagrantly refusing to answer, and sounding creepy because of it. Dodd asked Vadis if there exists any "hard evidence" that hostile military organizations are cyber-attacking the US. "I wouldn't want to answer in this forum," Vadis replied. Dodd pressed him again: "I'm not going to ask for specifics; I'm just asking if there's hard evidence of that occurring." Again Vadis brushed him off, appealing to the public nature of the hearing. "Well, you raised the issue," Dodd observed with mild sarcasm. He concluded that Vadis' "reluctance to answer" offered a strong indication that such evidence must exist. Vadis did not contradict him. Anyone alarmed by all this doomsday talk might still delay the purchase of a petrol generator and the digging of a bomb shelter. Of all the witnesses, DOD's Schaeffer remained the one most optimistic and most easily confident in Christendom's state of preparation to meet the Forces of Darkness on 1 January. Since it is to his outfit that responsibility for handling the gravest misadventures will fall, we think it reasonable to judge the relative state of peril according to his rather sunny demeanour. If Scheaffer's not going to fret, why should we? Of course, we don't know the man personally; he could just be a gifted actor, and inwardly trembling with dread. Hmmm, perhaps we'll keep an eye out for deals on a petrol generator after all... ® See also US net snooping plans debunked

Combat fraud and increase customer satisfaction

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.