Implications For National Security
Department of Defense Behind Schedule...
Return to the Y2K Risk Assessment Task Force web site
ÿ
Y2K Risk Assessment Task Force:
Chairman:
Sam Nunn, former U.S. Senator
Vice Chairmen:
Bradley D. Belt, Director, International Finance and Economic Policy
Arnaud de Borchgrave, Director, Global Organized Crime
William Garrison, Director, International Communications
The implications for national security as a result of the Year 2000 (Y2K) computing crisis are of increasing concern to Pentagon specialists.
William A. Curtis, the Pentagon's top official in charge of Y2K oversight, describes Y2K as "the first major engagement of the Information Warfare Age." And General Kenneth Minihan, the Director of the National Security Agency (NSA), calls Y2K "the El Ni¤o of the Digital Age."
U.S. Security Status
Defense Secretary William Cohen said that the United States, the world's most technologically advanced nation, will be at its most vulnerable and exposed when the crisis hits because of its reliance on technology.
What will happen to early-warning satellites, radars, and communication systems should computers fail? In 1993, the U.S. military tested its computers for Y2K glitches at the North American Air Defense Command in Colorado, and everything froze.
The Department of Defense (DoD) continues to plod along in its compliance efforts. DoD must cope with 1.5 million computers and 25,000 systems, and at its current rate of progress will not be totally compliant until 2012. Regarding the approximately 2,965 mission critical systems, Pentagon specialists find themselves four months behind schedule. While 42 percent of these systems are currently compliant, many have yet to be tested and are, therefore, not fully compliant according to Office of Management and Budget rules. Not surprisingly, there are serious doubts among Pentagon specialists that the work load will be completed in time. In fact, to catch up, entire systems are being discarded.
DoD estimates there are 360,000 weapons systems with embedded chips. Experts only recently completed the assessment phase aimed at determining mission critical weapons systems to sort out those that are date sensitive. Tomahawk missiles and their command and control systems are among those that are date sensitive. Thus, any failure in the information technology systems would severely degrade the ability of those in command to carry out their missions with Tomahawk missiles, according to Marine General A.C. Zinni, the commander of the U.S. Central Command.
Global Security Concerns
Even more distressing to Pentagon experts is how much further the U.S. is along the path to Y2K compliance than other nations. DoD analysts say only four countries-the U.S., Britain, Canada, and Australia-are preparing their military computers for the new millennium.
The interconnectivity problem is a major concern. DoD systems are connected to "Nasty surprises are inevitable... This is going to have implications in the world and in American society we cannot even comprehend today."
John Hamre, Deputy Defense Secretary
other federal agencies, NATO allies, and private industry. What happens to computers in one industrialized nation is bound to affect those in many other countries. Even one connection to an outside system with a Y2K problem could create difficulties within the Defense Department's computers. At a U.S. Army War College Symposium June 29-30 entitled "Year 2000 National Security and the Global Economy," it was made clear by military, government, and industry officials that some countries are still in denial.
Cyber War?
Information warfare (IW) experts at the Pentagon now believe the Year 2000 crisis may be exploited by our adversaries at a time when it will be impossible to distinguish between computer breakdowns and an IW attack designed to worsen an already bad situation.
Referring to classified testimony given to Congress' intelligence oversight committees, President Clinton stated last May that "intentional attacks against our critical (information) systems are already underway." According to information obtained by these committees, 23 nations already have launched electronic raids into America's most sensitive systems. Billions of dollars worth of proprietary secrets have been siphoned out of corporations engaged in highly classified work for the Defense Department.
The problem revolves around the acute labor shortage of software programmers in the Y2K "fix-it" business. With millions of hours needed to rewrite billions of lines of code to ensure that 00 is read as 2000 and not 1900, U.S. companies have been forced to outsource much of the work to consultants both here and abroad. Given the time crunch to meet an inflexible deadline, it is impossible to assure the integrity of the outsourced work and guarantee that malicious code, such as computer viruses or "trapdoors" have not been inserted. Trapdoors enable an intruder to overcome electronic "firewalls" and cruise a system with impunity.
U.S. intelligence agencies assume that foreign agencies in the business of stealing military and economic secrets, as well as transnational organized crime syndicates attempting to divert electronic payments, are assessing whether they possess the skills and capabilities to be in the Y2K fix-it business. Eight foreign nations have developed information warfare skills comparable to those in the U.S. Some 100 other countries are attempting to develop them.
Nuclear Nightmare?
Secretary Cohen's principal Y2K concern is Russia's nuclear command and control computers. Russian Defense Secretary Igor Sergeyev initially said Russia has different computers which did not have Y2K problems. But Gen. Sergeyev would not say how they differ. Most of them are known to be European and American clones.
Until Russian Prime Minister Sergei Kiriyenko issued an all-points advisory on Y2K compliance on May 27, only one third of Russia's 50 largest companies had ever heard of Y2K. Strapped for cash, Russia's Atomic Energy Ministry (MINATOM) announced on June 19 that it will wait to see what happens as the date approaches to fix any Y2K problems.
After the CIA established that the Russian military does not have a Y2K compliance program in place, DOD offered Russia and China a new joint early warning system.
At a NATO conference in Brussels in early June, Secretary Cohen offered his Russian counterpart all the help the U.S. could provide to prevent confusion, or "unthinkable calamity," when Y2K problems might blank out early warning screens, or show erroneous data, and panic officers into action.
Diffusing the Threat
The CIA tasked its intelligence officers abroad to collect and analyze information on the "social, political and economic turmoil" that may ensue from "interruptions of essential services in some fragile societies."
Heightened awareness on a worldwide scale is of the utmost importance. It is understood the Y2K crisis will not be solved by the time January 1, 2000 arrives, but ensuring that governments fully understand the potential threats the "millennium bug" can cause to national security will help.
Congress must release additional funding to cover the cost of compliance. Figures for compliance for the federal government are grossly underestimated at nearly $5 billion, as demonstrated by the $50 billion price tag for the Defense Department alone. Increased budgetary allowances to cover Y2K-related expenses is crucial and Congress should act accordingly.
The silver lining is that the Y2K crisis should serve as a catalyst for the cooperative efforts needed to prevent and respond to future information warfare and cyberterrorist attacks on U.S. information infrastructures. Unlike Y2K, the intent of such attacks is hostile, and the date unknown.
ÿ
csis.org |
