25 June 1998: Link to text of Tenet's full remarks
25 June 1998
Thanks to DN
June 24, 1998 CIA Head Forsees Better Hackers Filed at 5:43 p.m. EDT By The Associated Press WASHINGTON (AP) -- Intrusion into government computers will become increasingly more sophisticated and better organized and is likely to involve hostile nations, CIA Director George Tenet told lawmakers Wednesday. "Potential attackers range from national intelligence and military organizations, terrorists, criminals, industrial competitors, hackers and disgruntled or disloyal insiders," Tenet told the Senate Governmental Affairs Committee. "We know with specificity of several nations that are working on developing an information warfare capability." While Tenet did not identify the countries, committee Chairman Fred Thompson, R-Tenn., who received a classified briefing on Tuesday, named some of them. Citing published reports, Thompson said China, Russia, Libya, Iraq and Iran and at least seven other countries are developing information warfare programs. The challenge facing U.S. intelligence will be to detect attacks on U.S. computers and information systems by organized or individual hackers. In some cases, Tenet said, disruptive intrusions orchestrated by hostile states may be disguised as amateurish efforts by individual hackers. "Our electric power grids and our telecommunications networks will be targets of the first order," Tenet said. "An adversary capable of implanting the right virus or accessing the right terminal can cause massive damage." The shift of the computer hacker problem from individuals and terrorist groups to governments is only beginning, Tenet said, but he added, "Down the line we are going to encounter more and it will be more organized." Tenet cited one case, without naming it, of a foreign government targeting the United States for intrusion into information systems. Sen. Joseph Lieberman, D-Conn., asked if the U.S. government is taking steps to develop its own offensive hacking capability to disrupt adversaries and to serve as a deterrent for computer-based attacks. "We're not asleep at the switch in this regard," Tenet replied. Air Force Lt. Gen. Kenneth Minihan, head of the National Security Agency, said it was not going too far to think in terms of an "electronic Pearl Harbor," a well-organized assault on the United States based on strikes aimed at electronic information systems. The most sensitive information centers, such as CIA and Pentagon classified files, are heavily guarded against such intrusion and, in most cases, are fenced off from Internet-type transfers. The problems are more likely to arise in less well-guarded areas such as financial networks or industrial control centers. "They're not going to attack our strengths," Minihan said. A key area of vulnerability within the intelligence community, Tenet said, is the possibility of a disloyal or disgruntled employee wreaking havoc with CIA computers. Another scenario stems from the difficulty the CIA is encountering finding enough software specialists to grapple with the "Year 2000" problem, caused by computers not being programmed to recognize the shift in the calendar from 1999 to 2000. Most of the contractors available to help the agency, Tenet said, would use foreigners, affording "an easy opportunity to come in and see how your system works and what your vulnerabilities are." The running debate over the availability of increasingly sophisticated encryption technology, which scrambles messages and data from unauthorized intrusion, also poses a worry, Tenet said. Unless the computer industry and the government find a legislative compromise, the government could fall victim to hackers able to hide their own actions in impenetrable encryption codes. It may take a major computer-hacker incident to create the political pressure needed to allow the government the "recovery" power to access encrypted databases. "There is a train wreck waiting to happen unless we deal with the recovery aspect of the encryption debate," Tenet said.