Contact: Phil Hearn
One of America's leading experts on computer security says the nation's technology infrastructure is extremely vulnerable to information warfare launched through cyberspace.
Matthew A. Bishop, an associate professor of computer science at the University of California-Davis, told students at Mississippi State such attacks could jeopardize computer systems controlling power grids, dams, airline flights, and Wall Street trading--possibly wreaking widespread havoc and threatening national security.
"Contrary to what many people think, the U.S. (computer) infrastructure has not been carefully planned or well designed," said Bishop, author of a comprehensive textbook in the field. "The planning is basically, 'Let's move these two things together and see what happens.'
"We've seen things like the recent power blackout in the Northeast," he said. "The newspapers said it was due to power failure of the lines, but that's the sort of attack people could launch."
Bishop was guest lecturer last week for MSU computer science and engineering majors in a class taught by associate professor Ray Vaughn.
"One of the common beliefs about information warfare is that it's a great leveler," added Bishop, among key players in solving the Internet Worm crisis of 1988 that brought down the Internet. "A single individual can do as much as a nation state. This is because the more advanced you get, the more fragile the information infrastructure gets."
He cited a cyberspace attack against Ebay's Web site several years ago that reportedly cost the company a lot of time and money before the problems were solved.
"Imagine if you could do that to Wall Street," he said. "All of a sudden, there would be a lot of trouble with the nation's economy, because Wall Street is largely run by computers. What would happen if Wall Street was flooded by such an attack?"
Bishop said the only difference between conventional warfare and information warfare is that the latter has "just advanced things to a new level." Information warriors of today, he explained, have taken the strategies and tactics handed down over the centuries by such military experts as China's Sun Tzu and Prussia's Carl Von Clausewitz, and adapted them for attacks through cyberspace.
"The best book I've ever read on how to attack a system is Sun Tzu," he said. "If you read it and map it into the existing computer infrastructures, computer groups and computer organizations, it's practically a cook book.
"The ideas of striking fast, deceiving the enemy, doing the unexpected, looking for where the enemy is weakest and attacking him there--that's exactly how you attack systems. The mechanisms used to implement those tactics have changed, but the tactics themselves haven't changed."
Bishop was invited to the Starkville campus by Vaughn, a retired Army colonel and Mississippi State faculty member since 1997 who has guided the university's emergence as a national leader in the field of computer security research.
Vaughn, a Hattiesburg native, directs the Center for Computer Security Research, one of only 50 college-based programs nationwide with official certification from the National Security Agency.