25 June 1998: Link to text of Tenet's full remarks

25 June 1998
Thanks to DN

June 24, 1998
CIA Head Forsees Better Hackers
Filed at 5:43 p.m. EDT
By The Associated Press

WASHINGTON (AP) -- Intrusion into government computers will become
increasingly more sophisticated and better organized and is likely to
involve hostile nations, CIA Director George Tenet told lawmakers Wednesday. 

"Potential attackers range from national intelligence and military
organizations, terrorists, criminals, industrial competitors, hackers and
disgruntled or disloyal insiders," Tenet told the Senate Governmental
Affairs Committee. "We know with specificity of several nations that are
working on developing an information warfare capability." 

While Tenet did not identify the countries, committee Chairman Fred
Thompson, R-Tenn., who received a classified briefing on Tuesday, named some
of them. Citing published reports, Thompson said China, Russia, Libya, Iraq
and Iran and at least seven other countries are developing information
warfare programs. 

The challenge facing U.S. intelligence will be to detect attacks on U.S.
computers and information systems by organized or individual hackers. In
some cases, Tenet said, disruptive intrusions orchestrated by hostile states
may be disguised as amateurish efforts by individual hackers. 

"Our electric power grids and our telecommunications networks will be
targets of the first order," Tenet said. "An adversary capable of
implanting the right virus or accessing the right terminal can cause massive

The shift of the computer hacker problem from individuals and terrorist
groups to governments is only beginning, Tenet said, but he added, "Down
the line we are going to encounter more and it will be more organized." 

Tenet cited one case, without naming it, of a foreign government targeting
the United States for intrusion into information systems. 

Sen. Joseph Lieberman, D-Conn., asked if the U.S. government is taking steps
to develop its own offensive hacking capability to disrupt adversaries and
to serve as a deterrent for computer-based attacks. 

"We're not asleep at the switch in this regard," Tenet replied. 

Air Force Lt. Gen. Kenneth Minihan, head of the National Security Agency,
said it was not going too far to think in terms of an "electronic Pearl
Harbor," a well-organized assault on the United States based on strikes
aimed at electronic information systems. 

The most sensitive information centers, such as CIA and Pentagon classified
files, are heavily guarded against such intrusion and, in most cases, are
fenced off from Internet-type transfers. The problems are more likely to
arise in less well-guarded areas such as financial networks or industrial
control centers. 

"They're not going to attack our strengths," Minihan said. 

A key area of vulnerability within the intelligence community, Tenet said,
is the possibility of a disloyal or disgruntled employee wreaking havoc with
CIA computers. Another scenario stems from the difficulty the CIA is
encountering finding enough software specialists to grapple with the "Year
2000" problem, caused by computers not being programmed to recognize the
shift in the calendar from 1999 to 2000. 

Most of the contractors available to help the agency, Tenet said, would use
foreigners, affording "an easy opportunity to come in and see how your
system works and what your vulnerabilities are." 

The running debate over the availability of increasingly sophisticated
encryption technology, which scrambles messages and data from unauthorized
intrusion, also poses a worry, Tenet said. 

Unless the computer industry and the government find a legislative
compromise, the government could fall victim to hackers able to hide their
own actions in impenetrable encryption codes. It may take a major
computer-hacker incident to create the political pressure needed to allow
the government the "recovery" power to access encrypted databases. 

"There is a train wreck waiting to happen unless we deal with the recovery
aspect of the encryption debate," Tenet said.