Forget the Golden Gate Bridge. Forget the Space Needle and the White House. Forget the FBI Building, the Washington Monument and the Brooklyn Bridge. These buildings are safer from terrorists than we think. Rather than smoke and fire, a future terrorist attack is likely to be executed in the realm of intellectual property — the anarchistic orgy we refer to as the Internet.
So sorely regulated that no one even has a decent idea of what’s there, the Internet is a terrorist attack waiting to happen. Thanks to Microsoft and the mere nature of the beast, it has such gaping security holes that anyone with a few minutes on their hands and a rudimentary knowledge of the Web’s underpinnings could have a significantly destructive effect in a few hours.
Our economy is in a less-than-ideal state, yet the Internet is a hugely lucrative marketplace — $3.8 million worth of online sales were done in the United States during the week ending Nov. 18, according to comScore Media Metrix. These factors are fortuitous in the eyes of someone wishing to launch an Internet attack — any disruption of Internet commerce, especially in the all-important holiday season, could cause irreversible damage to our already weak economy.
The pluralistic, largely unregulated nature of the Internet presents myriad possibilities for disruption. A hacker could take a relatively hands-off approach and merely overwhelm servers with bogus data that would keep legitimate users from accessing the server; we’ve seen this sort of attack before, but not on a very large scale. Even so, it’s taken several days to bring things back to normal after such an attack — days in which the Web site loses a significant amount of business.
A more creative hacker could modify cookies — small snippets of code installed on individual users’ computers for tracking and info purposes — for their own malicious purposes. Or an e-commerce Web site’s code could be modified to collect credit card numbers and send them to the hacker’s computer. After the large-scale identity theft that could follow the latter sort of attack, it would take years to rebuild consumer’s confidence in the safety of shopping online — remember how long it took to build such confidence when e-commerce first began?
Such an attack allows for a great degree of cowardice and geographical freedom. An anti-American Web nerd could launch an attack from literally any corner of the earth — thus avoiding the surveillance that American computers are put under. Also, in any country but the United States, he would most likely find a similar group of like-minded individuals to help him (and possibly have a celebratory LAN party with him when the deed is done).
Indeed, an Internet attack wouldn’t directly cause any loss of life, but the monetary loss would be staggering, the brunt of which would fall on the U.S. Forrester projects that e-commerce will be a $64.8 billion market in 2003; that’s a $64.8 billion weakness.
Additionally, it would take quite a while to identify the problem, debug code, assess damage, and bring things back to normal. And as I mentioned earlier and which was illustrated in the case of Sept. 11, shaken nerves and raw fear can take forever to disappear.
In light of this threat, America is faced with the questions, How much Internet surveillance is needed, and how much is too much?
Here enters the problem of jurisdiction. The Internet reaches all corners of the earth, but the United States dominates it, and we’re the ones who’d presumably be targeted in a terrorist attack. So do we police the world’s Internet users from our soil even though our laws don’t apply to them, or do we create an international organization to police everyone in the name of protecting America? Both options are morally and legally shaky; for the record, it looks like we’re leaning toward the former option.
Recently a National Infrastructure Advisory Committee was created which, according to its press release, “”will make recommendations regarding the security of the cyber and information systems of the United States’ national security and economic critical infrastructures. The committee will also examine ways that partnerships between the public and private sectors can be enhanced to improve cyber security.”” The committee is staffed by 24 people from major sectors of the economy and is headed by Richard K. Davidson of the Union Pacific Corporation.
The White House can create committee after committee and draft legislation until it turns blue in the face, but the Internet will never, by its very nature, be a fortress — or anything even approaching a fortress.
Thus, protection against such an attack cannot come from the Internet itself; it must come from the U.S. economy. If our economy was as strong as it can and should be, a terrorist cell of computer nerds would have less reason to launch an Internet-based attack because the effects of even the best-placed attack would be minimal.
For an analogous situation, think of a bridge: Bridges, by their very nature, are easy to attack. Blowing up a bridge destroys millions of dollars worth of engineering, but the biggest problem created by such an attack is the disruption of transportation. If the destroyed bridge was the sole artery between one place and another, its destruction would have a huge effect on mobility; but if the transportation system was strengthened and diversified, the destruction of any single bridge wouldn’t have such a crucial effect. Same with an Internet attack — if the American economy is strong enough, no single attack, even through such a vulnerable portal as the Internet, would have a big enough effect for it to be considered a success from a terrorist’s point of view.
In short, the government ignores the sad state of the economy, and focuses attention on forming groups such as the National Infrastructure Advisory Committee, at its own peril. Doing whatever we can to improve the economy is the most ethically and legally sound measure we can take against the possibility of an Internet terrorist attack — and any sort of future attack, for that matter. For the moment, though, our weak economy and the nature of the Internet poses a great threat to national security.