USA Today - 11/13/98
The first radio signals from Sputnik 41 years ago helped redefine American national security, just as the so-called Year 2000
computer bug is underscoring the latest risks to a nation built on technology.
"The Year 2000 problem could be an event equivalent to the launching of Sputnik, (which) raised the awareness about the
vulnerabilities of the United States," says Marvin Langston, deputy chief information officer for the Department of Defense.
The Year 2000 problem, or Y2K as it is commonly known, has riveted attention on what may happen when computers fail to
recognize the year 2000, disrupting internal clocks and causing system shutdowns and crashes.
Governments and corporations here and abroad are allowing unprecedented access to computers as programmers look to fix the
Year 2000 bug. That's raising concerns about potential security compromises, industrial espionage, even sabotage. And as in the
days following Sputnik, analysts see a need for more domestic talent to keep U.S. technology on the cutting edge.
A serious re-evaluation of security issues has been under way since last year, when a presidential panel warned that the nation's
economy and vital services were vulnerable to hacker-style attacks.
"In the millennium bug, we have developed a technology equivalent to natural forces. If it is anywhere, it is everywhere," says G.K.
Jayaram, chairman of Transformation Systems of Princeton, N.J. "Nowhere at any time in human history has there existed such a
problem."
Opening 'trap doors'
One of Jayaram's clients is Provident Bank of Cincinnati, which boasts that it is "among the nation's 100 largest banks, with 72
financial centers and over $6.7 billion in total assets."
It also has about 8.5 million lines of computer code, which Jayaram's firm upgraded for Y2K using a staff of 30 people in Cincinnati
and 40 in Chennai, India, linked by satellite.
While Jayram's firm has a solid international reputation, the increasingly common practice of using overseas workers to handle U.S.
computer systems concerns some people.
"We are looking, as an intelligence priority, very carefully for people who may present a threat in this area," says Richard Clarke, a
senior National Security Council official.
"When systems are modified to be Y2K-compliant, the question remains: Do you know what was changed?" says Sam Varnado of
Sandia National Labs, which is working on system security with the federal government and private industry.
It's a simple matter for a programmer handling computer source code to install, undetected, a secret entrance, or "trap door," which
can be used to gain access to a system to read sensitive information, copy records, alter files or transfer money.
"We have seen multiple times where Y2K activity has resulted in trap doors being placed in commercial systems," says Duane
Andrews, executive vice president with SAIC.
"It's a very serious matter," says John Sarazen, director of SynComm Group, a technology consulting firm. "An unprecedented
amount of code is being opened up right now as part of Year 2000."
Foreign code-busters
Outside the USA, programmers in India, Pakistan, Ireland and the Philippines are doing most of the world's Y2K upgrades. And
each of those nations has issues with the United States or a thriving underground of anti-American terrorist groups.
Given the chilly relations between the United States and India since it and Pakistan conducted nuclear weapons tests earlier this
year, concerns are heightened by the amount of computer work done in those countries.
"Y2K remediation provides all kinds of opportunities for someone with hostile intent to understand how your computer network
works, how your business works, what your vulnerabilities are," CIA Director George Tenet testified before the Senate Special
Committee on Year 2000 in June, even before the nuclear weapons flap. "So we're watching it very, very carefully."
The Philippines was a base of operations for subordinates of Osama bin Ladin, the notorious exiled Saudi millionaire charged with
masterminding the bombing of U.S. embassies in East Africa this summer. He reportedly is highly computer-savvy.
Jayaram dismisses concerns about Indians as a threat.
"We have built in layers of safeguards, and there is an audit team from the client overseeing every step of the operation," he says.
"So even if there was a programmer who wanted to sabotage something, it would be most difficult."
While reliable estimates say less than 10% of U.S. commercial source code is being treated by foreign companies, many top U.S.
trading partner are turning to those countries in a rush to make deadlines.
And, Sarazen cautions, "It's a misperception that only foreign government's will crack our systems. Domestic, commercial
espionage is a thriving business.'
Shortage of expertise
While the USA is the world's primary consumer of computer goods, it is no longer leading the world in turning out computer
scientists.
"We're not cranking out as many technical people as we used to as a percentage of all graduates," Langston says. "And because
we're in a very technically driven world, we are setting ourselves up nationally for vulnerability (when) we have to go offshore for
technical talent."
India has exploited the U.S. shortfall, turning out more than 50,000 computer scientists in the past year, compared with 26,000 in
the USA. India has become second only to the USA in software production, with exports of $1.8 billion this year, up from $10 million
a decade ago. And it hopes to capture between 5% and 10% of what will be spent globally on Y2K.
Computerized security
Many of these problems "are going to be with us for a very long time," says Mike Vattis, chief of the National Information Protection
Center, a task force based at the FBI. "People are just now awakening to these issues."
But questions are growing about how far government can go in trying to safeguard national security while allowing relatively free
access to data.
Civil libertarians warn that some freedoms and rights may be challenged in the process of redefining national security. A presidential
commission last year proposed a regulation, which it later withdrew, requiring administrators of private computer systems to pass
an FBI background check.
"Even when an agency is charged with observing privacy and other rights, those interests eventually lose out when that agency has
a directive to protect national security," says Marc Rotenberg of the Electronic Privacy Information Center.
Says former senator Sam Nunn, chairman of a research panel at the Center for Strategic & International Studies, "Many of the
problems we are seeing have been with us for a long while, but this (Y2K) problem is exacerbating the situation."
By M.J. Zuckerman, USA TODAY |
