Original URL: http://www.theregister.co.uk/2006/10/11/dd_cyberterror_history/

Cyberterror sim scares pants off of Wired smarty

Electronic Pearl Harbor's enduring echo...

By George Smith, Dick Destiny

Posted in Media, 11th October 2006 13:11 GMT

Momentary horse-laugh of the day goes to Chris Suellentrop, an editor at Slate, writing in Wired about becoming a convert to the decrepit church of cyberterror in "Sim City: Terrortown:"

As someone who fancies himself a smarty-pants Washington writer, I had been convinced by the smarty-pants Washington elite that the threat of cyberterrorism – terror attacks carried out online instead of, you know, with bombs – is a hoax. I even commissioned and edited an article that said as much for Slate, the online magazine for the smarty-pants set. The theory goes something like this: Technology companies, desperate for profit after the dotcom bust, concocted the idea of cyberterrorism in the wake of September 11 to gobble money from the federal homeland security trough. But we all know that nobody's life is in peril if Osama bin Laden orchestrates a multifront attack on Orbitz, CheapTickets, and Expedia.com.

No surprise, Suellentrop is not such a smarty-pants. In defining cyberterror, he misses the boat by a good many years. Which is a little surprising, because Wired actually covered the beat on-line much of the time prior to 9/11.

In any case, Suellentrop credits cyberterror mania to "technology companies" post 9/11.

In fact, the town-criers on the cyberterror danger were government officials, the most famous of whom was Richard Clarke, who had this column, Legacy of Miscalculation. Reprinted everywhere that was Republican red, it led to a cover story at the NYC altie-newsweekly, The Village Voice.

And companies jumped on that bandwagon years after the American government had flogged it into the ground. In the wake of 9/11, when it looked like the feds were going to throw money at everyone who could cry "terror" even feebly, many tried for some of the gravy. There is little indication in 2006 they reaped a bonanza for their efforts.

Another long-time critic of cyberterror was Rob Rosenberger, an old colleague of mine from VMyths. He wrote an entertaining audiobook about Clarke's tenure as US Czar against Cyberterror.

What Suellentrop also obviously doesn't know was that the meme of cyberterror had a very rich history, dating from the time it went under the phrase, "electronic Pearl Harbor," or EPH.

Punch it into Google like this and three of the first four entries belong to me.

And as GlobalSecurity.Org official expert, the CATO Institute actually flew me into DC from Pasadena in 2003 to be the 'con' in a seminar on cyberterror, but by that time the serious national level debate on the subject was pretty much over.

But the most comprehensive sampling of quote/cant on "electronic Pearl Harbor," or cyberterror, if you will, comes from the homepage of the Crypt Newsletter, an on-line publication I edited off servers at Northern Illinois University, during the Nineties. It's here and I stopped adding to it around the turn of the Millenium when the burble on the subject became deadeningly shopworn.

Notice - this was all well before 9/11.

Crypt Newsletter had been on-line since 1993 or '94 and I stopped maintaining it about five years ago. It will go off-line sometime in 2007 when the prof who maintains the computers at soci.niu.edu goes into semi-retirement.

Some quotes from 2000 and earlier, on cyberterror, from the archive:

"...Y2K will illustrate what a attack could do... Anybody who says after January 1, 2000 that this [threat of cyber attack] is all just made up I think is an idiot." - James Adams, author of the book The Next World War and head of iDefense, a company that provides intelligence on cyberterror, appearing in USC's Networker magazine, 1998-99. Adams' business was launched for the sake of defending the nation against cyberterror. The business went into bankruptcy in the following years and Adams was ejected from its leadership.

Or how about this one from November 4, 1999:

"We expect that (terrorists) will attempt to use Y2K as a cover for putting some kind of attack into a vulnerable place... That is, when a Y2K solution goes in, they will fly underneath that with an attack of their own that will shut the system down..." said Utah Republican Senator Bob Bennett at a National Press Club event.

This comes from 1999, too:

Then a National Infrastructure Protection Center analyst was deployed to furnish another hypothetical - emphasis on "hype" - scenario for which no evidence is provided: Osama bin Laden could instigate a computerized equivalent of the World Trade Center bombing. [That's the first WTC bombing.]:

"Alan B. Carroll, an FBI agent... urged those at the conference to imagine a computer or communications version of the World Trade Center bombing - a disaster that brings down, say, computer or telephone networks on which society depends... 'Referring to the alleged terrorist Osama bin Laden... Carroll said that 'given the resources of this man, you can imagine the kind of damage he could do.'"

The NIPC no long really exists. It would end up being broken into pieces, I think, part of it going to the Dept. of Homeland Security, part to the FBI.

And this from 1999, from the Washington Times column edited by Bill Gertz. One author is produced, flogging a book on cyberterror and the People's Liberation Army:

"William Triplett, co-author of a new book on the PLA," said: "All of this offensive-warfare talk, when China is not threatened by anyone, shows that the dragon is at the point where it doesn't have to hide its claws."

According to Triplett, "China could launch a devastating computer-run sabotage operation by attacking US oil refineries, many of which are grouped closely together in areas of Texas, New Jersey and California."

"A [Chinese] computer attacker could penetrate the electronic 'gate' that controls refinery operations and cause fires or toxic chemical spills..."

During cyberterror's glory years, a revolving caste of bad actors - bands of criminals, programmers or nation-states - would go in and out of fashion as designated theoretical adversary. In addition to the evergreen miscellaneous collections of arch-hackers, the French, Russians, Indian offshore programmers, occasionally North Korea, and once or twice, even Saddam Hussein were favored. But China was always the most popular.

Also from 1999, Congressman Curt Weldon, on National Public Radio's "All Things Considered:"

"[Curt] Weldon says a successful hacker could disrupt civilian life, striking hospitals or train systems," said the NPR interviewer.

WELDON: "It's not a matter of if America has an electronic Pearl Harbor, but when."

1999 again, in Reuters:

"Hacker Threatens To Leave Country In The Dark" was the headline of an un-bylined story issued by the news agency on Sept. 29:

"A computer hacker has threatened to break into the computers of Belgian electricity generator Electrabel Wednesday afternoon and halt the power supply to the entire country," proclaimed the news service in a 500-word squib.

"Tomorrow I will leave Belgium without power, and that is not so difficult," an anonymous hacker crowed to a Belgian newspaper.

"Wednesday I will get into Electrabel's computers between 1:30 and 3:30 in the afternoon and shut down all the electricity."

The Belgian electric company, Electrabel, "said it was taking the threat seriously but felt that the hacker had little chance of succeeding."

"There is very little chance that Belgium could be without power," said a corporate spokersperson.

No national blackout was subsequently reported.

But the great grand-dad of "electronic Pearl Harbor" and cyberterror, although there are indications he later reneged on the claim, was Richard Clarke. Prior to 9/11, few Americans knew who Richard Clarke was but observers of the cyberterror meme knew him very well. He owned the entire property - lock, stock and barrel, taking it off the much less well-known John Hamre, an assistant secretary of defense during the Clinton administration.

And Clarke's best proclamations, echoed down through the years, were published in Signal magazine, the magazine of the Armed Forces Communications and Electronics Association.

In its August '99 issue, Clarke said there was "a very real possibility of an electronic Pearl Harbor."

"Without computer-controlled networks, there is no water coming out of your tap; there is no electricity lighting your room; there is no food being transported to your grocery store; there is no money coming out of your bank; there is no 911 system responding to emergencies; and there is no Army, Navy and Air Force defending the country... All of these functions, and many more, now can only happen if networks are secure and functional.

"A systematic [attack] could come from a terrorist group, a criminal cartel or a foreign nation... and we do know of foreign nations that are interested in our information infrastructure and are developing offensive capabilities that would allow them to take down sectors of our information infrastructure..."

Signal went on to describe a national disaster caused by cyberterrorists, embellished by Clarke.

"One possible scenario would feature a demand leveled by a foreign government or terrorist group," wrote the magazine. "When the US government refuses to comply, this adversary demonstrates its capabilities by reducing a region of the United States to chaos. 'I think the capability to do that probably exists in the hands of several nations,' Clarke stated. 'I think it could exist in the near future in the hands of criminal and terrorist organizations.'"

"Envision all of these things happening simultaneously -electricity going out in several major cities; telephones failing in some regions; 911 service being down in several metropolitan areas. If all of that were to happen simultaneously, it could create a great deal of disruption, hurt the economy..."

But back at his Slate essay, Suellentrop writes that he was invited to take part in a computerized cyberterror game in which cyberterrorists attack a town. It was pimped, or I should say - designed, by Dartmouth's Institute for Security Technology Studies.

Now, with a name like that, you might think it's an academic operation which broadly addresses national security problems and technology.

But if you go out to its website, it's just like the dreary old Nineties collections of faculty members and miscellaneous experts, in which virtually anyone will do who is ready to keep working the cyberterror angle with courses, lectures and monographs that drill into your head the menace of cyberterror.

With nothing new here, it would be expected that any simulation the institute would put together would be one designed to show its participants how deadly cyberterror is, no wiggle-room allowed.

In any case, what Suellentrop doesn't seem to realize, at least he gives no inkling in his writing, is that all such simulations, when run for journalists or officials, are rigged so the participants can't win.

Such things are role-playing games, and if you take part in one, your role is to be the patsy, one of the designated players allowed to go "Oh my!" as the simulation's world comes crashing down around you.

Dick Destiny won't go into it, but it hasn't seen one yet where the object wasn't to simply to create an escalating disaster that flummoxed players, no matter what they did. They never take into account the natural resilience and expertise which may exist within the citizenry.

By the standards of old-timey electronic Pearl Harbor/cyberterror scenarios, Suellentrop's simulation was unimaginative. Hackers mess with the 9/11 system, which goes back to the Nineties and the most famous fed cyberterror simulation, Eligible Receiver.

Cyberterrorists then deface a government web page! Wow! No one thinks to say to the refs, "So what, who's waiting with bated breath to read it?" Or, "If you a tree falls in cyberspace and no one is around to hear it, does it make a sound?"

Electronic highway signs are made to display a message that indicates a bioterror attack is underway. By experience, no such highway signs exist in Pasadena. Some can be found on the multiple highways surrounding southern California, but I'm far from sure such a message would have much impact on the tremendous volume of motorists rushing by.

More buttons were pushed and a hospital was worked over. Always, people die.

"I'm talking about people shutting down a city's electricity... shutting down 911 systems, shutting down telephone networks and transportation systems," said Richard Clarke to the New York Times in 1999. "You black out a city, people die. Black out lots of cities, lots of people die."

Quaint.

Read the adventures of the smarty-pants - at the famous tech comic book, Wired. ®

This article was originally published at Dick Destiny.

George Smith is a Senior Fellow at GlobalSecurity.org, a defense affairs think tank and public information group. At Dick Destiny, he blogs his way through chemical, biological and nuclear terror hysteria, often by way of the contents of neighborhood hardware stores.