US Cyber Law Chief Reports ’Substantial’ Cyber Attacks
Source: Reuters
June 11, 1998
WASHINGTON (Reuters) - The head of a new U.S. cyber law
enforcement agency told a Senate panel Wednesday that a ``half dozen’’
substantial attacks had been launched since February against U.S.
government computer systems. Michael Vatis, the chief of the National
Infrastructure Protection Center (NIPC) of the FBI, refused to
elaborate, saying pending investigations prevented him. But Vatis did
respond to lawmakers when asked how many of the computer attacks he
had witnessed since February -- when the NIPC was created -- were
considered ``substantial’’ and separate from routine computer
``hacker’’ attacks. ``I would say somewhere in the vicinity of a half
dozen of what I would consider substantial, ones that we are still
investigating to determine in fact whether they are significant or
whether they’re really part of the noise that exists almost
everyday,’’ Vatis told the Senate Judiciary Subcommittee on
Technology, Terrorism and Government Information. The Senate
subcommittee met to hear from administration officials about the
latest steps to counter attacks on critical U.S. computer
infrastructure.
California Sen. Dianne Feinstein, the ranking Democrat
on the panel, asked Vatis if the half dozen or so substantial attacks
involved military computers at the Department of Defense (DOD). Vatis
would not respond directly, citing the probes, but stressed that DOD
was always a target. ``A good percentage of the incidents we see all
the time involve DOD, because DOD is such a prime target for even
individual hackers who want to test their skills. They see the
Department of
Defense as the big banana, the final exam, the ultimate challenge to
test their skills,’’ Vatis said. Senators were also briefed on last
year’s DOD exercise, code-named ``Eligible Receiver,’’ which exposed
U.S. vulnerabilities to cyber attack.
The NIPC was formed in response to concerns about the
safety of national computer systems and charged to detect, deter,
warn, respond to and investigate unlawful acts involving intrusions
and other threats against vital infrastructures. Arizona Republican
Sen. Jon Kyl, the subcommittee chairman, said the U.S. should gird for
a cyber attack against military computers with the same urgency as the
military prepared for more traditional physical attacks.
``Today, because of the networked nature of our critical
infrastructures our enemies needn’t risk attacking our strong military
if they can much more easily attack our soft digital underbelly,’’ Kyl
said. President Clinton May 22 signed two directives designed to
strengthen defenses against terrorism and other unconventional
threats, and formed working groups of public and private groups to
work on a coordinated strategy. Administration studies showed that an
attack by a foreign government or group, or domestic terrorists, could
not only harm military operations but disrupt banking and finance,
create power outages, interrupt transportation nodes and crash entire
communications networks.
Vatis said some of the immediate issues under discussion
were efforts to determine budget requirements, create an attack
detection and warning system, determine legal authority and
legislative reqand devise a cohesive intelligence collection process.
In late February, the Pentagon and FBI investigated a series of
successful efforts by computer ``hackers’’ to obtain information from
military computers. The break-ins came at the same time U.S. forces
were being marshaled
for a possible attack on Iraq.
by Patrick Connole