WHY TERRORIST AND ROGUES HAVE AN ADVANTAGE IN IW

Bill Clinton used to say that no Russian missiles are targeted at the United States. But there is every reason to believe that there are, or soon will be, North Korean missiles targeted at this country—missiles capable of delivering nuclear or chemical and biological warheads. In a few years, and without much warning, Iranian and Iraqi missiles could also be targeted at us and our allies. What can the U.S. do to stop such missiles once they are launched? Not a thing.

None of this was clear in 1998; it is undeniable now. The question is whether the U.S. government will build a missile defense system to protect their cities, military bases, and oil fields—and to block the kind of nuclear blackmail suggested by China’s threat, during the Taiwan Strait crisis of 1996, to bomb Los Angeles.

A full warning came from a report in 1998 of the commission on missile threats headed by former Defense Secretary Donald Rumsfeld. This was a bipartisan commission, with members who have often disagreed on weapons issues. The panel had access to all U.S. intelligence sources, and its conclusion was unanimous: Rogue states could “inflict major destruction on the United States.” within five years of deciding to do so, and with little or no notice to us.

This contradicted the Clinton administration line that the United States. would have plenty of notice of a missile attack. That conclusion was based on a 1995 national intelligence estimate that said there would be no threat to the 48 contiguous states for the next 15 years.

The Rumsfeld report at first seemed to do little to change the views of President Clinton’s top defense advisers. Five weeks after the report was released, Gen. Henry Shelton, the chairman of the Joint Chiefs of Staff, wrote that “the intelligence community can provide the necessary warning” of hostile missile development and added, “We view this as an unlikely development.” A week after that, North Korea launched a 3,000-kilometer range, two-stage Taepo Dong 1 missile over Japan. The launch indicates that North Korea has made progress in building the Taepo Dong 2, whose 10,000-kilometer range includes not only Alaska and Hawaii but also much of the continental United States. No matter: All but four Senate Democrats blocked action on a bill sponsored by Thad Cochran, a Republican from Mississippi, and Daniel Inouye, a Democrat from Hawaii, that would have forced the administration to deploy a missile defense system as soon as technologically feasible.

A New World

The case against rapid deployment rests on three arguments: (1) the threat isn’t real, (2) the technology is impossible, and (3) it is more important to maintain the antiballistic missile treaty signed with the Soviet Union in 1972, which bars most missile defense systems. The Rumsfeld report demolished Argument 1. Argument 2 is still raised by some who note that the United States has spent large sums on missile defense since Ronald Reagan proposed it in 1983, with disappointing results. But stopping a few rogue-state missiles with the computers of 2002 is much easier than stopping hundreds of Soviet missiles with the computers of 1983. As for Argument 3, the strategic environment in which the ABM treaty was adopted no longer exists. The argument for the treaty was that a missile defense system might provoke a Soviet or American first strike. However, the proximate missile threats now come from states that might risk such a strike.

In “For Your Eyes Only,” James Bond’s irrepressible quartermaster, Major Boothroyd (a.k.a. Q) demonstrates his latest toy: a rather lethal umbrella. Using a faceless mannequin, one of Q’s assistants illustrates how the umbrella looks and acts like it should until struck by water (as umbrellas are wont to do from time to time). Suddenly, sharp metal hooks extend all along the edge of the umbrella as it swiftly closes upon the victim’s neck. The motion is quick and precise, but one can’t help but imagine the far messier spectacle if a human being were caught under it in a rainstorm.

Unfortunately, the fictional version of MI6 portrayed in the James Bond films is not the only place one can find a deadly device masquerading as protection against the elements. In September 1978, the Bulgarian secret service shot a Bulgarian exile, Georgi Markov, with just such a device. Disguised as an umbrella, the surreptitious gun inserted a small pellet into Markov’s thigh. The pellet contained only a few hundred millionths of a gram of the deadly poison ricin (supplied by the KGB), but it was enough. Markov died four days later in a London hospital. Another Bulgarian defector, Vladimir Kostov, was similarly attacked in Paris the month before. Kostov was shot in the back and suffered a high fever, but survived. He sought medical treatment after hearing of Markov’s death and doctors removed from his back a small pellet identical to the one used to kill Markov.

Not satisfied with leaving such methods solely in the hands of the secret agent-types, the Aum Shinrikyo cult tried a simpler version during their chemical and biological escapades. In their infamous sarin gas attack on the Tokyo subway, Aum operatives chose the decidedly low-tech dissemination method of dropping bags of liquid sarin on the floor, puncturing them with the sharpened ends of their umbrellas, and then beating a hasty retreat as the nasty stuff spilled out onto the ground. Despite their primitive dissemination methods, Aum managed to murder 12 people, injure over a thousand, terrorize several thousand more, and spark a national weapons of mass destruction (WMD) counterterrorism industry in the United States.

Analysts have long commented on the copycat nature of terrorists and terrorist groups. Once a new method of attack (from car bombings to airplane hijackings to planes being used as bombs to hostage-taking for ransom money) has met with success, other terrorist groups are bound to emulate it. Given such a phenomenon among terrorists, is the United States witnessing any evidence of an increase in the use of umbrellas in terrorist operations—especially those involving chemical and biological weapons? Should the United States be calling for an international embargo on umbrella sales to Afghanistan to prevent Osama bin Laden and his al-Qaida organization from acquiring such dangerous, dual-use technology? Probably yes. For one thing, Aum has now inspired many follow-up attacks than many analysts had predicted shortly after their March 1995 attack. Although the jury is still out, Aum may have been unique. Even the Minnesota Patriots Council, which developed ricin because they believed it to be used by the CIA and the KGB, never conceived of using it in the same manner as the Bulgarian secret service. Rather than use an umbrella, the MPC experimented with using hand lotion as a means of dissemination.

For another, an umbrella (even one involving a chemical or biological weapon) simply does not offer the same level of destruction, the same “bang for the buck” as other terrorist methods. Not even the Weather Underground, whose name would seem to imply an interest in such methods, showed any evidence of ever considering using umbrellas in any of their attacks. Instead, they chose the symbolic bombing of the imperialist power structure. So the answer is yes, the standard terrorist arsenal is now the gun, the bomb, the plane bomb, box cutters and even the umbrella or anything else they can get their hands on. As all of us witnessed on 9-11, Osama bin Laden did try such a method of attack, and it brought a whole new meaning to his “umbrella terrorist network.”

Army officials are worried that sophisticated hackers and other cybercriminals, including military adversaries, may soon have the ability to hack their way into and take control of major military weapon systems such as tanks and ships. The potential exists for hackers to infiltrate the computer systems used in tanks and other armored vehicles. Unlike in the past, today’s modern tanks and ships are almost entirely dependent on computers, software, and data communications links for functions such as navigation, targeting, and command and control.

Although the Pentagon has always had computer security issues to deal with, they’ve never had computers in tanks and armored personnel carriers before. In fact, the Defense Department has already tested and proven that hackers have the ability to infiltrate the command and control systems of major weapons, including Navy warships. According to a training CD-ROM on information assurance, published by the Defense Information Systems Agency, an Air Force officer sitting in a hotel room in Boston used a laptop computer to hack into a Navy ship at sea and implant false navigation data into the ship’s steering system.

Yes, this actually happened. The CD-ROM instructs military personnel taking the course. Fortunately, this was only a controlled test to see what could be done. In reality, only people’s imagination and ability limit the type of crime and its objective.

Although there are well-known security gaps in the commercial systems that the Army plans to use on the battlefield, hacking into tanks and other weapons may prove to be too difficult for an enemy engaged in battle. The problem for the enemy is that computer security vulnerabilities will almost certainly prove fleeting and unpredictable. Such tactics would be nearly impossible to employ beyond the random harassment level.

It is imperative for the United States to study what it means to be a superpower in the Information Age. In addition to the two dozen countries known to be pursuing technologies that would enable them to produce weapons of mass destruction, threats to the nation’s critical infrastructure from cyberattacks are also high on the present administration’s list of things to prepare for.

Other countries are forming cells of professionals dedicated to finding ways to interrupt the U.S.’s information infrastructure. If you can shut down the U.S.’s financial system; if you could shut down the transportation system; if you could cause the collapse of energy production and distribution system just by typing on a computer and causing those links to this globalization to break down, then you’re able to wage successful warfare, and the United States has to be able to defend against that. The United States is presently taking on those defense measures.

U.S. Government Agencies Shape Cyberwarning Strategy against Terrorists and Rogues

Under pressure from Congress to better coordinate the government’s response to computer viruses and other cyberattacks by terrorists and rogue states, the National Security Council (NSC) has developed a plan outlining roles and responsibilities for federal cybersecurity organizations. Under the plan, the National Infrastructure Protection Center (NIPC), working with the General Services Administration’s Federal Computer Incident Response Capability Office, will take the lead in alerting agencies to cyberattacks and will coordinate any immediate response.

The memo identifies the organizations and agencies to be involved in various kinds of attacks and defines the criteria for NIPC to call a meeting of the full cybersecurity community. The NSC will step in whenever a security response requires a broad policy decision, according to the plan.

This institutionalizes how the United States will share information both at an operations level and a policy level when cyberincidents occur. Many observers have called for coordination among organizations such as NIPC, the Critical Infrastructure Assurance Office (CIAO), and NSC itself.

NIPC, based at the FBI, was established in 1998 to serve as the government’s central organization to assess cyberthreats, issue warnings, and coordinate responses. The CIAO was set up to help agencies develop and coordinate security policies and plans.

The proliferation of organizations with overlapping oversight and assistance responsibilities is a source of potential confusion among agency personnel and may be an inefficient use of scarce technical resources. The calls for coordination became louder after the “I Love You” virus affected almost every federal e-mail server and taxed many agencies’ resources. The lack of formal coordination and communication led to many more agencies being affected by the incident than necessary, according to GAO.

Although the many warning and response organizations work together, the NSC memo lays out a standard process for coordination. In the past, that type of coordination happened on an ad hoc basis. Now, as laid out in the memo, the process is set so that it can last into the next administration in 2005.

Some of the formal mechanisms that existed were frankly ineffective in the tasks they were meant to do. For circumstances that are extraordinary, the U.S. now has a process where the NIPC will coordinate the operational response, and the National Security Council will head the policy response.

It was nearly Christmas (1998) when Dionne Smith received an alarming letter that dampened her holiday spirit—to say the least. The anonymous note warned Smith, 31, an employee of a Los Angeles parking company, that by opening the envelope she had just exposed herself to the biotoxin anthrax, livestock bacteria that can be fatal if inhaled. The 1998 Christmas incident was a horrible and frightening experience—which was one of approximately 220 nuclear, biological (see sidebar, “Bioterrorists On The Green”), and chemical scares (including some 140 anthrax false alarms) in this country alone.

Will the next terrorist attack be against plants, not people? At the urging of the White House, the U.S. Department of Agriculture and the FBI are looking at the threat of agricultural bioterrorism—an assault on the country’s efficient but fragile system of giant single-crop farms.

The fear is that if some party wanted to, they could damage a major crop—and the economy—by introducing a plant pathogen that doesn’t normally exist here. Likely bioweapons include plant-killing fungi, such as soybean rust, or infectious microbes that induce plants to produce toxins. If the group were sophisticated enough, they could genetically engineer a highly pathogenic strain, produce it in large quantities, and sneak a lot of it in.

In wild plants, natural genetic diversity helps limit the spread of disease. Ninety-nine percent or more of the genes in crops are the same across the United States, and that uniformity makes an epidemic much more likely. Once unleashed here, a superbug could spread like wildfire before researchers identified it and figured out how to keep it in check. Even then, spores could survive and infect the next year’s crop. They could also be spread by the wind, from field to field, or even state to state. It would be a continuing, recurring problem, like a permanent bomb going off.

Even though so far they’ve all been fakes, the feds are on edge. Their major worry is that terrorists are adding chemical and biological weapons to their arsenal of arms, and that, one day, they’ll make good on their threats—thus, enter the dark world of the cyber underground. So, the government has begun taking precautions, and pours billions of dollars into creating a network of programs designed to respond to such attacks. The ambitious plans include amassing antidotes to potential bioagents such as anthrax and other bacteria and viruses, and to chemical weapons such as the nerve agent sarin. The government is training medical response, fire, police, and rescue teams; beefing up local health departments to handle civilians in case of a major attack; and gathering intelligence on terrorist groups believed to be interested in acquiring such weapons. These new programs have helped make counterterrorism one of the fastest-growing parts of the federal budget, even as terrorist acts plunged to a 30-year low prior to the 9-11 attacks, say congressional budget analysts. Total U.S. antiterrorism spending could exceed $60 billion in 2002, up from $10 billion in 2000. The question is whether it’s money well spent.

A recent report by the General Accounting Office, Congress’s watchdog, says no, claiming that lawmakers have dumped money into fighting a threat yet to be fully assessed. and probably less dangerous than widely believed, considering how tough it is to acquire, process, and use the deadly toxins. A growing number of government and private counterterrorism experts agree. They say that federal officials are so spooked by the possibility of a chemical or biological attack that they are deliberately hyping the threat to get Congress to cough up coveted cash for prevention programs. And most lawmakers are buying it wholesale. It’s Mom, apple pie, and terrorism. In 1997, a jittery Congress ordered the Department of Defense to conduct multiagency training exercises in the nation’s 120 largest cities against so-called weapons of mass destruction. Today, there are some 400 training courses run by myriad agencies, including the Energy and Justice Departments, the Environmental Protection Agency, and the Federal Emergency Management Agency. In just how many different ways is the United States going to set out to accomplish the same thing, because many of the programs are redundant?

The most eye-popping example of out-of-control spending, detractors say, is the Department of Health and Human Services (HHS). In 1996, HHS spent $7 million on its “bioterrorism” initiative. In 2001, it requested $452 million. Most notably, the department intends to create a national stockpile of millions of doses of vaccines and antibiotics, a potential boon for pharmaceutical companies that are among those eagerly lobbying for more antiterrorism measures. GAO investigators have repeatedly questioned the department’s emphasis on vaccines for smallpox, pneumonic plague (airborne bacteria that cause respiratory failure), and tularemia (bacteria that cause a disabling fever in humans). None of these potential killers appear on the CIA’s list of biggest germ threats from terrorist groups. Still, HHS is doing the right thing by focusing on them. Tularemia and pneumonic plague are very easy to develop. The easiest to develop is anthrax.

Other agencies are clamoring for a piece of the pie, leading to tremendous internecine fighting. FEMA wants a chunk of the training and equipment money, as does the Justice Department’s Office of Justice Programs, whose mission is to dole out federal anticrime money to states and localities. The Department of Veterans Affairs wants to wrest stockpiling duties away from the Centers for Disease Control and Prevention. And the National Guard, a powerful lobby on Capitol Hill, is creating its own hazardous materials response teams, even though there are already more than 800 state and local hazardous material (HAZMAT) units, plus additional crews in the Army, Marine Corps, EPA, and Coast Guard. Then there’s the Energy Department, which is pushing for $50 million to research palm-size bug and poison detectors and other antiterrorism products. Not to be left out, the United States Holocaust Memorial Museum and the Office of Personnel Management want $3 million apiece, and the Smithsonian Institution is asking for $4 million to bolster security against potential terrorist attacks.

When Congress first began considering this issue in 1995, the debate was driven by the belief that terrorists, although more likely to use guns and bombs, would eventually turn to lethal chemical and biological agents. The 1995 Tokyo subway gas attack by the cult Aum Shinrikyo was a shot across the bow. So were reports that Osama bin Laden—accused of masterminding the bombings of two U.S. embassies in East Africa—has tried to get his hands on unconventional weapons.

The only major case of bioterrorism in the United States was in 1984 by followers of the Indian guru Bhagwan Shree Rajneesh, who had set up a commune in Oregon. Hoping to sway a local election, they unleashed salmonella poisoning in 10 restaurants in a nearby town, sickening 751 people but killing none. Still, law enforcement officials are convinced that the risk merits whatever preventive measures the government can afford. This is not on the top 100 list of things you’re going to die from. But if you’re a national security expert, this is on the top 3 list of things to worry about.

One reason there have been no attacks is that it’s so tough to effectively use biological weapons. But a dozen hostile nations now either possess or are actively pursuing bioweapons. Most counterterrorism and intelligence experts agree other countries would think hard before striking, because they know the United States would retaliate with stunning force. They also agree that terrorists cannot carry out large-scale lethal attacks without the backing of a foreign government. However, they can do damage. The question is: how much? Nobody knows, because few have bothered to assess how real the threats are. No one, though, wants to be caught asleep at the switch—just in case. It’s one of those things it’s hard to say no to. It’s like fallout shelters in the 1950s. Was that wrong to do? You have to look at the world you’re operating in.