what's on now:
The Net starts here.
Australians feel secure in their defence forces' strength, so all is calm on the home front. An EFTPOS system supporting major retailers malfunctions for a day, then the hiccup is fixed.
More military victories overseas. A major bank's ATM network collapses for three days, a fault labeled a "temporary glitch'' that is soon repaired.
Then the stock exchange website is attacked by hackers who also crack into government's computer system and freeze payments, manipulate databases and wipe crucial information. Its system is flooded by thousands of e-mails sent via a computer server in Spain.
A key electricity supply node at Yass is cracked into and collapsed, leaving Sydney and Canberra completely reliant on the Hunter Valley coal-fired system for power.
The army pre-emptively commandeers slabs of the civilian telephone infrastructure for its purposes, and panic ensues.
Welcome to the world of cyberwarfare.
Australia's hypothetical military adversary may have hired technical whiz kids with computer systems to bring down Australia's key infrastructure and incite terror undermining the war effort. These teenage computer progidies may also be scrambling battlefield commands to starve Australian troops of information.
In his paper, Information Warfare in the Information Age, United States Air Force Captain Daniel Magsig defines information cyberwarfare as: "Actions taken to achieve information superiority in support of national military strategy by affecting adversaries' — information systems."
Federal Attorney-General Daryl Williams last week said cyberwarfare was "no less significant" in effect than a terrorist attack.
Although the Defence Science and Technology Organisation opened a Canberra laboratory in 1996 using 250 scientists to develop information warfare strategies, Williams last week listed communications, utilities, banking, transport, energy, national defence and emergency IT systems as key points still requiring protection.
"The costs of a deliberate and concerted attack on our telecommunications, energy, banking and finance or air traffic control systems would be immense in both social and financial terms," he said.
"The computer hacker and cyber terrorist, sometimes operating alone and equipped only with a personal computer and a modem, can inflict the kind of damage that was previously the realm of organised, well-resourced groups,'' Williams said.
As a result of the threat, and "salutory lessons" of recent infrastructure collapses in Victoria's gas and Auckland's power grids, the Federal Government announced an industry consultative forum to exchange information with government on sources of potential cyber-attack and systems weaknesses.
"The forum will also assist in developing a private sector response capability to potential threats,'' Williams said.
Hiring IT hackers to be your cyberwarriors is far cheaper for aggressors than deploying troops. It's more anonymous and requires less pre-emptive kneading of public opinion. Crackers — criminal hackers — can be harder to trace and eliminate than soldiers.
There is no tell-tale massing of troops, cyber-attackers can work jointly from several nations, and for any state sponsoring cyberterrorists, hackers are also expendable targets.
Early this year cyberattacks forced an Irish Internet service provider to shut down. It had been hosting a "virtual Internet nation" for supporters of East Timorese independence.
But did the cyber-attacks come from Indonesia? We may never know.
Such battles are familiar to Winn Schwartau, author of Cybershock and producer of the website www.infowar.com. He says bytes will join bullets as ammunition on future battlefields split between physical battles and wars conducted in cyberspace.
Cyberwarfare, he says, can be a leveler of mismatched enemies, making a mockery of millions of dollars poured into defending coastlines and arming troops.
Shwartau says a sub-Saharan developing nation could compensate for inferior traditional weapons by using computers to cripple IT system guiding its adversary's weaponry, or simply attack critical nodes in their civilian infrastructure.
"And you can't hurt a sub-Saharan economy with information warfare if they have no infrastructure to attack. Or if you're dealing with a non-nation state terrorist adversary in that country, how do you respond if there is no declaration of war in a literal sense?" Schwartau says.
"Or you're a big Australian bank under cyberattack, and through forensic investigations you determine it is some bad guys working from a foreign country, so you go to your local law enforcement facility, and they say, 'We can't do anything, don't worry, it will go away'.
"When you have a lack of political will to do something, no law enforcement capabilities or desire from military to enforce the law, you only have the rule of self-help,'' he says.
The threat of information warfare to private and public bodies in a cybersphere owned and controlled by no nation-state is quickly and radically redefining what war is, and it may encourage retalitory corporate vigilanties.
Dr Adam Cobb, an Australian expert on cyberwarfare, says countering the threat requires information sharing between public and private sectors "on an unprecedented scale," although private business may hesitate on handing over sensitive information.
In his 1998 study, Thinking About the Unthinkable: Australian Vulnerabilities to High Tech Risks, Cobb paints a grim picture of Australia's vulnerability to cyber-attack.
The report says, for example, that six area headquarters for New South Wales' power grid are all controlled from one central centre in a Sydney suburb.
Canberra is also dependent on the integrity of one substation, and "few sections within even the Department of Defence ƒ have an alternate energy supply to the city grids''.
Australia's gas supply runs through computer-controlled pipelines, and Sydney and Adelaide depend on hundreds of kilometres of largely isolated pipelines from South Australia's Moomba gasfield.
"The growing complexity and interdependence, especially in the energy and communications infrastructures, create an increased possibility that a rather minor and routine disturbance could cascade into a regional outage,'' Cobb says.
"Technical complexity may also permit interdependencies and vulnerabilities to go unrecognised until a major failure occurs.''
Of telecommunications networks, Cobb notes: "All major cities in the Telstra network depend upon between two and five central exchanges connecting the city, and (connecting) the city to the outside world.'' Similarly, Australia's marine international telecommunications links are routed through two connecting stations in Paddington and Oxford Falls in Sydney.
Cobb says the Reserve Bank of Australia's primary and back-up IT systems — which he labels as "fairly basic'' — still rely on uninterrupted power flow to Sydney, itself is open to cyber-attack.
Without being able to chanel information through the RBA computers, which then send it to a clearing-house in Brussels each day, Australia's banks could not clear transactions with one another.
"Australia's domestic banking system could not survive more than a few days if this delicate system was disrupted,'' Cobb says.
But despite Cobb's warnings, Schwartau says only "a few thousand experts" worldwide understand the destructive and psychological capabilities of information warfare.
One such expert is Dr Nicholas Chantler, former head of IT with Australia's army and consultant to Melbourne online security company, Senetas.
He told a NATO security conference in October that Australia was "slightly behind America, but up with Canada and the United Kingdom" on its grasp of information warfare.
Chantler says Australia's technological progress is a "force multiplier" on the physical battlefield, but that our role in East Timor shows we could "never beat an enemy on the battlefield alone".
He says Australia must keep the brightest IT brains ever mindful of securing systems and countering threats from cyberspace. If private enterprise salaries drain the talent from public service, he says, a type of conscription of IT experts to protect key infrastructure could be considered in times of need.
Those in America who understand cyberwarfare are worried. Schwartau says a recent test of a "multi-million dollar" weapons program in the United States found authorities could not detect and then respond to cyber-attack in less than 62 hours.
But you're lucky if you find your attackers at all — after hackers penetrated US air force computing facilities in New York in 1994, IT experts traced the attackers' cyber-tracks across three continents before losing their trail in Britain.
After studies estimated corporate cyberwarfare cost America up to $200 billion annually, America's Defense Department hired teams of hackers to try to break into crucial systems to test security.
In one such organised attack in 1997, 35 hackers pretending to be North Korean nationals and using equipment available from 1900 websites gained access to 36 of 40,000 key national networks. These 36 systems included those controlling power grids for Los Angeles, New York, Washington and Chicago.
Some Australian experts say increased awareness of vital computer networks' weaknesses after work conducted for Y2K readiness could make them more prone to cyberterrorism, and Cobb says the Sydney Olympics would also provide a "key opening'' for terrorist groups.
As a response to cyberwarfare, the US Government announced in November it would pay for some students' IT education courses if they worked for the government on IT security for four years.
A report presented to the American Congress recently found that country's defence computing systems were attacked 250,000 times in 1995, and about 65 per cent of attacks were successful. But it estimated a mere 4 per cent of attacks were discovered.
Professor Bill Caelli, head of the School of Data Communications at the Queensland University of Technology, says an unprecedented level of co-ordination is required between government and corporate bodies to counter cyberwarfare threats to public and private infrastructure.
"We talk about great military secrets or great government secrets. But don't we also have great Telstra secrets, great health care secrets, great BHP secrets, too?''
| go to top |
Father and son team takes on Telstra
An Internet company has launched a court action against Telstra after vital phone lines to its suburban office were disconnected in a dispute over billing.
Fears GST costs will surpass Y2K
Complying with the tax system could cost business $24 billion.
Y2 looks OK for Computershare
Awareness of the Y2K date rollover for share registry software provider Computershare extends back more than 10 years.
Silly buggers, not bugs, the real problem
Human behavior, not Y2K, may be a major contributing factor to the millennium bug's impact in Australia.
Sit up and be noticed, VC leader tips
Australian listed IT companies with Nasdaq ambitions have been told to target investment bankers with strong US ties.
Bytes replace bullets in the new wired warfare
Teenagers sitting behind computers may be the key to winning battles in the changing face of warfare.
Copyright © 2000 John Fairfax Holdings Ltd.
All rights reserved.