A "Half Dozen" Substantial Attacks Launched Since February Against the U.S. Government


US Cyber Law Chief Reports ’Substantial’ Cyber Attacks
by Patrick Connole

Source: Reuters

June 11, 1998

WASHINGTON (Reuters) - The head of a new U.S. cyber law enforcement agency told a Senate panel Wednesday that a ``half dozen’’ substantial attacks had been launched since February against U.S. government computer systems. Michael Vatis, the chief of the National Infrastructure Protection Center (NIPC) of the FBI, refused to elaborate, saying pending investigations prevented him. But Vatis did respond to lawmakers when asked how many of the computer attacks he had witnessed since February -- when the NIPC was created -- were considered ``substantial’’ and separate from routine computer ``hacker’’ attacks. ``I would say somewhere in the vicinity of a half dozen of what I would consider substantial, ones that we are still investigating to determine in fact whether they are significant or whether they’re really part of the noise that exists almost everyday,’’ Vatis told the Senate Judiciary Subcommittee on Technology, Terrorism and Government Information. The Senate subcommittee met to hear from administration officials about the latest steps to counter attacks on critical U.S. computer infrastructure.

California Sen. Dianne Feinstein, the ranking Democrat on the panel, asked Vatis if the half dozen or so substantial attacks involved military computers at the Department of Defense (DOD). Vatis would not respond directly, citing the probes, but stressed that DOD was always a target. ``A good percentage of the incidents we see all the time involve DOD, because DOD is such a prime target for even individual hackers who want to test their skills. They see the Department of Defense as the big banana, the final exam, the ultimate challenge to test their skills,’’ Vatis said. Senators were also briefed on last year’s DOD exercise, code-named ``Eligible Receiver,’’ which exposed U.S. vulnerabilities to cyber attack.

The NIPC was formed in response to concerns about the safety of national computer systems and charged to detect, deter, warn, respond to and investigate unlawful acts involving intrusions and other threats against vital infrastructures. Arizona Republican Sen. Jon Kyl, the subcommittee chairman, said the U.S. should gird for a cyber attack against military computers with the same urgency as the military prepared for more traditional physical attacks.

``Today, because of the networked nature of our critical infrastructures our enemies needn’t risk attacking our strong military if they can much more easily attack our soft digital underbelly,’’ Kyl said. President Clinton May 22 signed two directives designed to strengthen defenses against terrorism and other unconventional threats, and formed working groups of public and private groups to work on a coordinated strategy. Administration studies showed that an attack by a foreign government or group, or domestic terrorists, could not only harm military operations but disrupt banking and finance, create power outages, interrupt transportation nodes and crash entire communications networks.

Vatis said some of the immediate issues under discussion were efforts to determine budget requirements, create an attack detection and warning system, determine legal authority and legislative reqand devise a cohesive intelligence collection process. In late February, the Pentagon and FBI investigated a series of successful efforts by computer ``hackers’’ to obtain information from military computers. The break-ins came at the same time U.S. forces were being marshaled for a possible attack on Iraq.

Back To Contents