Visit Your Local PBS Station PBS Home PBS Home Programs A-Z TV Schedules Support PBS Shop PBS Search PBS
Cyber War!FRONTLINE
homeinterviewsvulnerabilitieswarningsdiscussionwatch online

join the discussion
share your thoughts
Dear FRONTLINE,

The government, the military, and the computer industry will have to come to grips with this problem. But a significant component of this problem occurs in your viewer's homes and on their desks at work. Although much of the hardware and software we use have security problems, many of these problems can be fixed, and the solutions are easy to apply! So before you criticize Microsoft, be sure to run your Windows Update. Install a virus checker. Be smart about passwords. This won't solve all problems, but it can go a long way.

Andreas Huster
stanford, ca


Dear FRONTLINE,

Wake up America! Hopefully your show will help to sound the alarm. We are warm and safe in our beds now, but that faint, odd sound is the sound of the barbarians at the cyber gates.

Garrett Smith
pacifica, ca


Dear FRONTLINE,

There appears to be two camps in the opinion of this episode: Those who are dismissive of the threat and those who take the threat very seriously. One side seems to be crying wolf, and the other side seem to have their heads in the sand. But it seems to me that the main argument is the same as it was in "Missle Wars:" Is the threat to the US really probable or merely possible?

Overall, I would have to agree with Richard Clarke's position because I saw a few things in the report that were very troubling. ... If the alarmists are wrong, then we may spend billions of dollars to make our infrastructure more secure and reliable. If the doubters are wrong, it could be as one person put it a "cyber Pearl Harbor." I would rather err on the side of caution.

dallas, tx


Dear FRONTLINE,

The Cyberwar discussion, like the new plagues (SARS, Ebola, etc) suggest the 21st century is the opposite of the rosy utopianism of technolibertarians like the Electronic Frontier Foundation. Security, property and life, classic social values, and social cohesion as a backup, trump excessive claims to liberty and privacy. Not recognizing this fundamental ethical priority in values is not intelligent. It is to voluntarily throw away your weapons and rigidly stick to 18th century myths, as you face the daunting risks of a starkly different epoch. Thanks for the program, it was truly a FRONTLINE early warning.

Vincent di Norcia
barrie, ontario, canada


Dear FRONTLINE,

Computers aren't stupid. It's the people who build them, program them, sell them, and use them. Oh, yes let's not forget the people who run the companies that employee those people.

Perhaps you have heard that most of the USA's software development and programming work is being shifted to India, Russia, and many other emerging nations where the cost of labor is cheaper.

Since the problem is people based, how can we trust a cheap worker in a foreign country to ensure that the piece of software code he is working on will be secure? What if it has a backdoor built into it? What if that worker is secretly a member of Al Quida or some other terrorist network?

Do we have the time to check every line of code that is written by someone else to make sure it is secure? No, we can't even get it right in our own country (Microsoft).

Will American programmers remain loyal to their employeer and review every line of code that they get back from India, while they nervously await their job to be outsourced?

Will American network administrators try half as hard to secure their networks and systems, as their country turns into a welfare nation without jobs?

It was a great program, the threat is very real, but unfortunately it won't affect anything even after the major cyber war event happens.

We're humans, you can't fix us.

Steve Wasiura
fredonia, ny


Dear FRONTLINE,

I think every free American owes Frontline a debt of gratitude so I hate to and have no right to complain, but you guys are really missing the mark on computer security. Didn't we learn anything from the Y2K hype. Anything's possible and all I've seen so far are a bunch of 'bs'ers shouting the sky is falling. One sure thing about computers is just about everybody is an expert and if you ask them they'll tell you all they know.

Humanity and social fabric is fighting a losing battle against technology. Human rights, dignity, freedom, democracy, free enterprise, affluence are all in serious jeopardy because of technology's strangle hold on the individual. We can't afford mass hysteria, ignorance, and misinformation.

You guys need a computer expert on your staff, someone who's bent towards history and the computer's effect on society. This is an issue far reaching and we need you guys, more than ever, to do a better job and not just give a bunch of self appointed experts a platform.

Bureaucratic incompetence is our most dangerous obstacle in the information age.

Ken Bushnell
olalla, wa


Dear FRONTLINE,

Bare in mind that if Ronald Reagan couldn't bring down any airplanes by firing all the air traffic controller, some yahoo with a dial-up connection isn't going to be much more successful. If Y2K didn't crash our electrical grid, why is a 'terrorist' going to be any more successful? Clarke's basic premise just doesn't hold any water.

eagan, minnesota


Dear FRONTLINE,

Excellent reporting! Excellent Website!!

The more dependent a society is on complex, interdependent and ëopení systems [techno, social ) the more vulnerable it is to cascading disruptions of all description. This is not a surprise; a commonly ignored fact of systems yet not ënewí. ... Cyber war has catastrophic potential to collapse any or all our infrastructure systems (communication, technical, utility, financial, social, civil, governmental). Imagine [shudder] cyber assaults in conjunction with either 'natural' (i.e. SARS) or 'engineered' plagues (i.e. small pox). If such a scenario can be imagined (by naive, sheltered, isolated Americans), then it is also probable that someone (nation, organization, group, cult, whacko) has already gone far beyond mere thought. No effective response possible! The vulnerabilities of the developed Western economies is too great to be adequately defended. Our categorical, moment to moment total dependency on externally sources inputs and connections is set in concrete and ultimately terminal. Combined with the collective global antimosities America has unwittingly cultivated, civilization teeters, indeed!

Thanks to FRONTLINE . . . now none can claim ëwe didnít knowí

"The truth is that our race survived ignorance; it is our scientific genius [systemic vulnerabilities] that will do us in." (Stephen Vizinczey)

Mark McMurtry
bozeman, mt


Dear FRONTLINE,

I found your show on cyber war facinatinating for several different reasons and the different slants of the e-mails in this discussion cover several of those reasons.

One of the main messages that came from the show was that the Internet is truly operated in the private sector and for the most part the Federal government has put forth the notion and stance that the private sector should be where innovation and resposibility for security on the "Net" exists and should take place.

Although I heartily agree with that message, the actions of several state governments seem to be in direct contrast to that notion. With some of the new legislation that is falling under the "Super DMCA" nomenclature several state governments such as Illinois, Colorado, Deleware and Michigan are attempting to take the federal laws meant to encourage and support private sector growth in the security of the Internet and change the meaning of those laws to completely usurp and inhibit the "private sector" work that has and is taking place at this time.

The overly broad ramifications of such ill informed legislation will have long term affects on the innovation and distribution of some of the cutting edge technology taking place in the private sector.

There is an article in Eweek that just came out about this very subject and how these erroneous and misdirected state laws are already stopping distribution of "open-source" programs such as Tom Liston's LaBrea, which is specifically designed to hinder the spread of viruses and worms such as Nimda on the Internet.

Under the guise of "helping" to secure the Internet for the users within these states these local laws are already placing severe regulation on the Internet and it's growth.

The federal governmet can take any stance it wishes with regards to not regulaing the Internet, but without following their own advice and insuring that state and local legislative bodies cannot place erroneous and harmful local regulations on the very people that are working to make sure that cyber war can be dealt with before we have any of these "major attacks" we are doomed to fail and to have to place overly broad Federal Regulation on the Internet just to counteract what the well meaning if uninformed state governmets are doing.

We continue to hear how the "Net" should not be regulated and all the while these state and local laws are being passed which accomplish that very regulation.

This could certainly be another conversation point or subject of a future Frontline show.

Tom Coleman
vancouver, washington


Dear FRONTLINE,

\ Your program on Cyber Security was good in bringing this issue to a higher level of awarness with industry and government. I have a little better perspective than many of the gentlement you interviewed in that I have designed, built, installed and operated several SCADA and EMS systems that now operate major portions of the United States power grid as well as some in overseas countries.

I am afraid that Mr. Clark and the Gentleman from Sandia go too far in their assesment that the sky is falling. I also take exception to the idea that Sandia can at will take down systems that I have worked on. It tests with them and other University and security agencies we have in the past identified vulnerabilities in power utility "business" systems and in each case these have been addressed although inadequately.

However, the Control Systems you directed your program at and that I have been responsible for have never been breached, to even closely, the threatening extent your interviewees would like the public to believe. They have raised a number of theoretical threat issues that have not been shown to be even close to realistic. The Control Systems are tested before going into production and are tested and audited on a daily basis while in production. Ten years ago private utilities were not taking network security issues nearly as seriously as they do today.

Another example, is that none or very few of the major Control Systems refered to in your program run on MicroSoft operating systems. Only the peripheral business systems do. In addition an engineer with the experiance of Mohammed is not capable of hacking one of these major control systems just because he worked on a similar system in a water plant. That these systems can be broken into is indeed open to debate.

Realistically however, the starting point requires one to two million dollars of hardware and software and months of dedicated effort by an individual with expert experiance in Communications, Nework, Electrical, and Electronic Engineering as well as expert level knowledge of several protocols, system configuration, Computer Engineering and Programming at barely above the machine level. A support staff of highly expert engineers and technicians are also required. In many cases the companies that are operating these systems have only one or two people on staff at any one time that are remotely capable of this task.

The most likely problem scenario would be a disgruntled Grid System Operator that intentionally could take direct action through these systems while on duty using authorized access inapropriately. Personnel evaluations of operating personnel at some companies do need to be improved. But, even here the ability to effect major portions of grids is limited to a given operating region and restoration times are a matter of hours not the totally outlandish claims of six months.

There are a lot of academics that like to think they have the expertise to accomplish this task in the real world. Very seldom can they do it without the cooperation of the company whose systems they are being asked to evaluate (I would almost say never). Once these systems are evaluated there are a number of excellant tools available from companies in the US that can easily and do secure these systems against dedicated and direct attack.

I would like to highlight on example of the media and many theorists blowing this issue out of proportion. Last year it was widely reported that one major system had been hacked by a group from China. That they breached the "Business" systems network briefly before being caught is true. They did not however even get a glimmer of where the Control Systems were or the support systems that provide data for evaluation of system conditions. This company records close to 600 attacks per month and the security group there do an excellant job of responding, but once again even without them the actual systems used for Control and Decision making are kept secure.

Howard Trent
berkeley, ca


Dear FRONTLINE,

While most media reports on cyber security are full of huff and puff, your special was the most accurate and comprehensive portrayal of the state of the security of the Internet as a whole that I have ever seen. You have been able to bring together a plethora of experts who did a good job in llustrating the threat that the Internet is under. The threats you describe are real.

Slammer was possibly the biggest and scarriest worm to ever hit the Internet. The danger and harm that it could have cause with just slight modifications to its beheviour could have had long lasting effects. The fact that the worm infected a significant percentage of all hosts in just the first 15 minutes should scare most security professionals and the governments of the world.

toronto, on


Dear FRONTLINE,

Thank you Frontline for a very much needed discussion on this problem. I have been thinking about these issues for the last several years as I have been learning a great deal about current network security applications. I am glad that it has found a place to be addressed.

I have seen that most of the general public have said "why would I need to have such security (firewalls, intrusion detection, etc..)systems for my home or small business, I don't have any enemies and even so what would they "Steal from my system(s)."" Your program was a much needed platform to reach these individuals or companies for awareness.

I've seen and heard a lot of talk about Unix based systems being the answer to most of these issues but, I don't feel like they are the answer, but only part. I am talking about mainly routing and firewall devices(software and hardware). I believe that even with SSH technology to control these systems you are still vulnerable to attacks. devices and software systems that allow remote access for administration is just plain laziness'. They should be reverted to the original idea that if a person(s) cannot gain "PHYSICAL" access to these machines then they are truly secure.

Open source was and is still the best answer right now, but it will have to suffer a major evolution of change to bring it to a more secure environment. This will provably lead to a more dictated software environment. These are things that must be accepted.

I will end on saying that why doesn't the government (instead of threatening regulation) just design their own flavor of a Unix based system to conform a standard in security software. That seems more plausible than complete domination of the software environment and will also still allow an individual(s) choice. freedom

Andrew Flegal
roswell, georgia


Dear FRONTLINE,

As long as software development companies have no legal responsibility for selling dangerous goods, but do have a responsibility to their shareholders to make goods cheaply, they are almost forced to sell junk, and to have their PR people defend it with "all software is buggy" or "it's the fault of lazy system administrators".

All software is not equally buggy or fragile. There are known techniques to make it more secure - just ask Boeing's commercial airliner division, or high-speed train or weapons system manufacturers, for instance. Robust, bulletproof, idiotproof, software *can* be written - if you really want to.

Tom Moran
saratoga, ca


Dear FRONTLINE,

Re: Your Homage to Richard Clarke (CyberWars) I worked for Clarke a decade ago. Your expose demonstrates both his strengths and the reasons he couldn't accomplish his objectives. Clarke is Smarter Than Everyone, and he lets no one forget it. He distinguishes himself through individual intellectual achievement which is always right on. Unfortunately, he doesn't possess the skills needed to have the Powers That Be take action. He's totally incapable of coalition building, which is how you get things done in Washington, where power and money are diffused among several Federal agencies, and is particularly effective with the private sector. Clarke actually mistrusts people with those capabilities. A truly effective bureaucrat must make political leaders adopt his or her ideas as their own, and must be willing to let them take credit for them. Clarke was often stymied by people who didn't trust his motives and despised his unwillingness to be a team player.

In CyberWars Clarke once again demonstrated he is a lone wolf bent on trampling the egos of people who can actually implement his ideas. If he were truly interested in saving America from cyber disaster, he would hook up with one or several an industry associations to begin working on consensus solutions to our vulnerabilities. It's a pain to have to be courteous to business executives, and the result may not be 100 per cent. But at least with consensus you have a high percentage of implementation of whatever solutions are created.

bend, or


Dear FRONTLINE,

This program was very disturbing. I remember shows in the past stating that a major terrorist attack was not a matter of 'if' but 'when'. Well, here we go again.

It was mentioned on the show that damage from a cyber attack would be financial rather than physical but I could imagine the worst destruction being societal. A large city without power or services for weeks or months could result in a breakdown of law and order and destroy the trust in government itself. This would be the ultimate triumph for Al Qaeda, the destruction of America as a society.

This almost makes me want to read the "Unabomber's Manifesto". That crazy Kaczynski guy may have had a point.

Randy Cartwright
la caÒada, ca


Dear FRONTLINE,

I have been one of your most interested and loyal viewers, but was greatly disappointed by tonight's broadcast of Cyber Wars. Several things bothered me. I was appalled at the biased selection of "experts," all of whom had some vested interest in the promotion of cyber security agencies or related cyber security companies. There was nobody from outside this closed circle of the Military-Industrial Complex to question thegrandios assertions made or to provide perspective on whatwas being said.

More disturbing still was portrayal of the supposed cyber enemy, represented as a faceless, motiveless, demonic evil lurking everywhere and nowhere. The unseen, unknowable enemy is always at the core of conspiracy theories. And, while I do not wish to imply that your sources are paranoid, I think you have a responsibility as Frontline reporters and editors to make them give us an detailed account of the persons involved in the so-called attacks, including their motives. Without a factual asssessment of these persons or persons, their motivations and their capacities, we have no real way of knowing whether they are annoying hackers or determined enemies.

I am sorry to say that through this program Frontline has spread fear rather than understanding...

I hope you will revisit the subject using standards of proof more consisent with your usual standards of reporting.

John Gillis
princeton, new jersey

more

Ý

Ý

homeÝ:introductionÝ:ÝinterviewsÝ:Ýexperts' answersÝ:ÝfaqsÝ:ÝvulnerabilitiesÝ:Ýwarnings?
discussionÝ:Ýreadings & linksÝ:ÝmapsÝ:Ýproducer's chat
tapes & transcriptsÝ:Ýpress reactionÝ:ÝcreditsÝ:Ýprivacy policy
FRONTLINEÝ:ÝwgbhÝ:Ýpbsi

posted apr. 24, 2003

background photograph copyright © photodisc
web site copyright 1995-2005 wgbh educational foundation

Ý

Ý