Ever increasing security measures and the use of high tech gadgets have helped to make it rather troublesome to smuggle the likes of guns and bombs. During the Cold War it was easy enough to work out who the enemy was, but thanks to the Internet, says Richard Snook, UK managing director at Bull Information Systems Ltd, when it comes to information, the barricades have become decidedly murky. This new type of theft, increasingly referred to as cyberwarfare can be undertaken thousands of miles away from within the safety of the perpetrator’s own home. And according to Snook, no-one is safe: anything that’s relied upon is a potential target. Information Warfare was introduced as a major plank of US military strategy in 1993 by the then chairman of the Joint Chiefs of Staff, General Colin Powell. All four of the US armed forces now has an organization dedicated to waging war through computers, and the Department of Defense has a director of information warfare. However, even this has not been enough to protect the US government from infiltration.

Trojan horse

Bill Gates was not the only one to be surprised by the success of the Internet; most governments have fallen foul of the hacker in some capacity. The Pentagon’s computer was successfully hacked into 160 times last year and a US Air Force Captain managed to seize control of a fleet of US Navy warships from a single Internet-connected personal computer in a Boston computer center. And governments the world over are not the only popular targets. Throughout the decade financial institutions have been amongst the worst hit. Snook estimates about $750m in ransom has been paid to extortionists that planted logic bombs, Trojan horses or viruses in the Futures market alone. Computers control our power supplies, our energy and water. If control of these systems fell into the wrong hands, the ramifications could be dire. Electronic bombs don’t kill or maim. But they can alter one’s bank balance, institute measures to foreclose one’s mortgage, or publicize medical histories of polititians. A hacking attack, logic bomb or trojan horse program can achieve this without undue effort. Or worse. Trains, planes and automobiles can be programmed to crash; electricity and telephone cables to fail and cities to gridlock. According to Air Commodore Rick Holt, director for information and communication services at the UK’s Ministry of Defense and responsible for the security policy across the armed forces, information warfare is envolved across the whole spectrum of war. Everyday actions are increasingly becoming software driven. We are close to esablishing a digital battlefield, says Holt, and the technology is gradually filtering its way down the civilian circuit. He said the UK was very conscious of the cyber-warfare issue and was working to pull together a strategy. By comparison, the US has embraced the theme. Holt believes the US military purposely devised the new cyber terminology in order to secure a steady flow of cash from Capitol Hill. While the UK may appear to be more reserved in their attitudes towards possible cyber destruction, even in Bosnia he said, British soldiers were well-versed in information warfare methods.

By Louise Williams

There is a need for political approval before the UK can initiate offensive action, as opposed its current defensive position, but Holt is adamant that the UK’s policy must remain independent from the US. While the military establishment decides how it will combat the problem, electronic espionage is encompassing an ever growing percentage of the population. Almost all of the cases that come before Keith Robson, head of information systems at the Serious Fraud Office, have some element of computer-based evidence involved. In 1991 he established a forensic computing team at the Office. As yet the team has yet to come into contact with a logic bomb, but Robson doubts it will have to wait much longer. He also fears what effect the arrival of an uncrackable encryption would have on his department, and lamented that the technology was moving almost too fast to track. Robson is frustrated with the UK’s outmoded legislation. Under Section 69 the law states that a computer must be operating properly when files are taken as evidence. He reasoned lawyers could effectively argue either side of the case and win – for the right fee. It will take some time before a precedent is set, but the good news was, he said, that the technicalities that surround computer evidence were not being challanged in court quite so much. What he wants to see is the mystery taken away from computerized evidence. According to Robson, Complexity is the enemy, and the less confusion there is for the jury, the more likely it is that he will get his conviction. The overshadowing problem that surrounds cyber-warfare remains the lack of understanding and legislation. And governments are clearly worried that they may lose contol. The US government unsuccessfully attempted to introduce key escrow, a cryptography system that gave the government access to the keys. The massive hostility in the US provoked a rethink and the scheme was farmed out to be deliberated over by the National Research Cou ncil as part of an independent study. Some see this as a stalling technique, but no-one is satisfied with the indecision.

Key recovery

What is clear is that some type of emergency key recovery system is needed, perhaps on a voluntary basis, but a satisfactory technique has yet to be found. The UK government appear to be heading in a different direction, although there has so far be en no definitive action. The system it advocates is a policy of encryption services for telecommunications using Trusted Third Parties. Use of government-licensed parties, which would generate and hold user keys, would be mandatory. Effectively this would mean that one machine would hold thousands of encryption keys hooked up to the Internet. A fairly attractive target to a hacker. Brian Gladman, European technical director at Trusted Information Systems Ltd and formerly with the Ministry of Defense and advisor to NATO forces in Europe, said there’s not a seccure enough system in the entire world to entrust with such sensitive information. According to Gladman, the UK government has received very little resistance to its proposal – less than a handful of complaints. A Third Party system would put ourselves and our businesses at risk, he said and we’ve only got ourselves to blame for our general apathy. The UK government may tell us that such a system is safe – but would it use a similar system itself? If the Pentagon’s security can be breached 160 times, one starts to wonder.