This came in on one of the technical news lists I subscribe to. It doesn't mention Y2K specifically but it does involve the Center for Strategic and International Studies (CSIS) which has been particularly active in the Y2K issues. I think you'll agree these issues are not totally unrelated...

-Arnie

From: Newsletter Internetwk 
Subject: InternetWeek Newsletter - December 16, 1998




U.S. Government Report Exposes Computer Security Threat




Washington, D.C. -- Computer hackers using software widely 
available on the World Wide Web could bring down the nation's 
electrical power grid and military command and control systems, 
according to a U.S. government report released today. 



A complete overhaul of U.S. national security agencies and 
policies is needed to avert cyber attacks that could cripple the 
nation's and Corporate America's critical infrastructure, the 
report states.



The report, entitled, "CyberCrime, CyberTerrorism, and 
CyberWarfare: Averting an Electronic Waterloo," recommends several  
procedures U.S. policy makers can implement to defend the nation's 
critical infrastructures from information warfare. "Averting an 
Electronic Waterloo" is the result of a three-year effort by the 
Center For Strategic and International Studies' Global Organized 
Crime project, chaired by William Webster, former FBI and CIA 
director.



To illustrate how vulnerable the  U.S. defense and national 
security community is to an information attack, the report notes 
the results of a recent Joint Chief of Staff exercise code-named 
"Eligible Receiver." A group  of security experts, known as a "red 
team," used software widely available from hacker Web sites to 
prove that they could disable major portions of the U.S. electric 
power grid and deny computer services to the entire Pacific 
military command and control system through an information warfare
attack.



"It's unsettling to know that you could be experiencing an attack 
from almost any quarter and not know when it started or where its 
coming from," said Senator Charles Robb (D-Va.), a member of the 
Senate Select Committee on Intelligence.



"CyberCrime looks at the problem of cyber attacks on the U.S.
infrastructure -- a serious problem which, in the opinion of most
[experts], has not been adequately addressed," Webster said.



A broad-based security policy must address the total impact of the
information revolution on national security, but will not be 
effective unless government works closely with private 
corporations -- which are often on the front lines of cyber 
attacks, the report states.



Robb said the U.S. should prepare now and not wait for a 
catastrophe to occur. In fact there are already indications that 
about 20 foreign nations have already successfully penetrated U.S. 
information systems, according to the report.



CSIS task force recommends the development of a national security 
policy for the Information Revolution. The president should issue 
an executive order that requires a top-down review of all the 
organizations responsible for information security and CyberCrime. 



CSIS also recommends that the government support private-sector 
efforts to improve information security  such as the Information 
Systems Security Board proposed by the telecommunications 
industry. ISSB would be a private sector-organized group which 
would evaluate and endorse information security standards.



In the past the government has lead the private sector. But  with 
the growing cyber threat, that can't continue to happen. "The 
private sector cannot sit back and wait for government to lead," 
Robb said. By Rutrell Yasin



http://www.internetwk.com/news1298/news121598-4.htm

-- Arnie Rimmer (arnie_rimmer@usa.net), December 16, 1998

Answers

The fact that "cyberterrorism" pronouncements like this contain no reference to Y2k confirms accusations that "cyberterrorism" is being prepared as a cover story for some, if not all, Y2k problems.

"Cyberterrorism" didn't exist until Y2k became a problem.

E.

-- E. Coli (nunayo@beeswax.com), December 16, 1998.

Possibly to ease opposition to martial law, everybody hates mad bombers, right?. Martial law may be welcome in any case, compared to some possible alternatives.

Interesting that CSIS would be providing this, after its serious focus earlier this year on the potential of Y2K to rack us up. There's a slight disconnect though -- if telecommunications (or power) goes down, cyber-terrorists will be fishing in a dry lake.

-- Tom Carey (tomcarey@mindspring.com), December 16, 1998.

E.,

Both Y2K and cyberterrorism are real problems. Sure, there are reasons for the government to prefer mentioning the latter term and not the former in this context, but check your logic:

>The fact that "cyberterrorism" pronouncements like this contain no reference to Y2k confirms accusations that "cyberterrorism" is being prepared as a cover story for some, if not all, Y2k problems.

Maybe cyberterrorism is being prepared as a cover story for Y2K problems, but the absence of mention of Y2K does not confirm that! There _is_ legitimate cyberterrorism that is separate from Y2K.

>"Cyberterrorism" didn't exist until Y2k became a problem.

That's just plain false.

Denial-of-service and other categories of attack have been made on Internet sites for a long time, unconnected to Y2K. While these attacks have not usually been categorized as "cyberterrorism", that's just a matter of who's attacking, who's defending, and the scale of attack. I saw the topic of "cyberterrorism" discussed several years ago, before there was any public discussion of Y2K.

- - - - - - -

Tom,

As I say to E., cyberterrorism, regardless of its potential use as cover for Y2K problems, is a legitimate problem in its own right.

>Possibly to ease opposition to martial law, everybody hates mad bombers, right?. Martial law may be welcome in any case, compared to some possible alternatives.

:-( Unfortunately, such may be some of the unpleasant realities of life.

I recognize both that it is tempting for government to overuse martial law and that there are legitimate situations for imposition of martial law. I sincerely hope we see neither.

>Interesting that CSIS would be providing this, after its serious focus earlier this year on the potential of Y2K to rack us up.

Why shouldn't CSIS address the topic of cyberterrorism? It's legitimate, too, and there are some parallels with Y2K in terms of effects.

>There's a slight disconnect though -- if telecommunications (or power) goes down, cyber-terrorists will be fishing in a dry lake.

No disconnect. Y2K effects can disrupt cybersecurity without taking down telecom or power. IOW, Y2K disruption _can_ provide opportunities for cyberattacks.

-- No Spam Please (anon@ymous.com), December 16, 1998.

NoSpamPlease writes: No disconnect. Y2K effects can disrupt cybersecurity without taking down telecom or power.

No argument there. What I said was, if telecommunications (or power) goes down, cyber-terrorists will be fishing in a dry lake.

-- Tom Carey (tomcarey@mindspring.com), December 16, 1998.

Tom, I'm sorry -- I didn't make it clear that my comment was addressed only to the "slight disconnect" portion of your statement, not to the rest of it that I quoted.

-- No Spam Please (anon@ymous.com), December 17, 1998.

Seems I got lucky. This CSIS conference which prompted the above report was rebroadcast on CSPAN2 immediately following the rebroadcast of the Washingtonton Post/GWU conference (see CSPAN2 thread). Because I set my VCR up with a 5 hour recording window, I got BOTH on tape.

Haven't had time to watch more than the first 20 minutes, but in that time, there were SEVERAL mentions of Y2K. Not that you notice from the above report.

-Arnie

-- Arnie Rimmer (arnie_rimmer@usa.net), December 17, 1998.