The headaches caused by two significant computer virus outbreaks this summer, the SoBig and Blaster worms, have forced technology gurus in the public and private sectors to re-examine the issue of cyber security.
Based on the experience of these two relatively mild viruses, "cyber terrorists" could wreak mayhem easily by exploiting any one of hundreds of known vulnerabilities in Microsift Corp.'s Windows, which reigns as the standard for most businesses and governmental agencies.
Several incidents this year alone offer chilling evidence of just how vulnerable the nation's digital infrastructure is to Windows "malware."
Last month's outbreak of the SoBig virus shut down part of CSX Corp.'s signaling system in the Eastern United States, causing numerous delays. The same virus caused problems in computer systems from automobile manufacturer BMW in Germany to The San Francisco Chronicle newspaper on the West Coast.
In Maryland, Blaster crashed computers at the Motor Vehicle Administration on Aug. 11, forcing its offices to close statewide for a day. The next week, Blaster temporarily knocked out Air Canada's check-in systems.
Yet another worm, dubbed "Slammer," disabled computers at FirstEnergy Corp. in Ohio in January -- including one responsible for monitoring the company's nuclear power plant.
And on top of the inconvenience such attacks cause, every incident also inflicts economic damage, mostly in lost productivity and goods.
According to mi2g Ltd., a London-based computer security firm, August was the worst month ever for malware-related economic harm. Attacks caused $32.8 billion in worldwide damage. The company estimates the SoBig worm alone caused $29.7 billion in damage across the globe.
Still more sobering are mi2g's yearly estimates of malware damage -- rising from $800 million to $970 million in 1997, to between $88.3 billion and $107 billion so far this year.
If the terrorists are paying attention, and experience tells us they most likely are, a disastrous terrorist attack on our digital infrastructure could be just a matter of time.
Some already have begun sounding the alarm, inlcuding former White House cyber security czar Richard Clarke.
Since retiring from the post this past spring, Clarke -- who now heads a computer security firm in Arlington, Va., called Good Harbor Consulting LLC -- has strongly criticized the federal government's preparedness against cyber terrorism.
"[Information technology] has always been a major interest of al-Qaeda," Clarke said in a July speech. "We know that from the laptops... we've recovered that have hacking tools on them.
"It is a huge mistake to think that al-Qaeda isn't technologically sophisticated, a fatal one," Clarke continued. "They are well-trained, they are smart. They proved it on 9/11 with one style of attack -- and they can prove it again."
So where does Macintosh fit into this equation?
For one thing, as has been noted in two recent columns, Apple Computer Inc.'s Mac OS X is immune to the tens of thousands of viruses and worms that target the Windows operating system, and -- thanks to a Unix-based core -- it's also more resistant to attack.
However, the use of Mac OS X in the fight against cyber terrorism never arose in those columns because it seemed a remote possibility.
After all, the U.S. Department of Homeland Security in July signed a five-year, $90 million contract with Microsoft to supply Windows software to its 140,000 employees. Although a department spokeswoman said the federal government doesn't endorse any particular platform, such a large-scale purchase comes off as a strong vote of confidence for Windows.
But on Aug. 26, the U.S. Office of Management and Budget added Mac OS X and Linux to a revision of its Technical Reference Model, a sort of stamp of approval for various technologies used by the federal government.
Unofficial but just as intriguing was a revelation found last week on the MacTeens Web site that recent builds (test versions seeded to software developers) of the forthcoming update to Mac OS X -- known as "Panther" -- apparently contain an assortment of government seals, including the departments of each of the nation's armed forces, as well as the U.S. Public Health Service and the National Oceanic and Atmospheric Administration, as part of the login window component.
Another compelling ingredient to this stew of information were the comments of Apple Chief Financial Officer Fred Anderson on Sept. 3 to a group of analysts for SmithBarney Citigroup Inc.
He said Apple had seen "renewed interest in Mac OS X" from corporations and governmental agencies because of the software's immunity to Windows malware coupled with its powerful, difficult-to-hack Unix foundation.
Anderson also noted that Apple's governmental customers are "very focused on security" and that the company's sales to federal agencies was up "over 60 percent in each of the last two fiscal years" -- though its base, admittedly, was small.
Adding at least some Macs to the mix of government computers makes sense if for no other reason than to limit the incapacitation and damage from a cyber attack by using more than one operating system.
But any broad federal conversion to the Mac is unlikely, given the vast amount of money that has been invested in Windows software and Intel Corp.-based hardware. Software customized for Windows would need to be rewritten for OS X -- no small task.
Another potential hurdle would be the retraining of employees who have worked solely with Windows. Although the transition would go smoothly for some, others could take months to adjust to the often subtle and confusing differences between how Windows and OS X do things. (For that matter, even some Mac users have had a tough time switching from OS 9 to OS X.)
To be sure, the federal government keenly is aware of the threat of cyber terrorism. In February, it released "The National Strategy to Secure Cyberspace," a report assessing the risks and steps to address them.
While the report describes the risks in exhaustive detail, the suggested responses dovetail primarily with such typical Windows-oriented attacks as the Blaster and SoBig worms.
The report's advice includes identifying threats, patching security holes,running anti-virus software and taking other measures to minimize damage from attacks.
Many of these recommendations would be rendered unnecessary or lessonerous if Mac OS X became more common in corporate and governmentalenvironments.
Indeed, one recommendation in particular holds promise for a larger role forthe Mac in the federal government. It encourages the private sector todevelop "highly secure and trustworthy operating systems. If such systemsare developed and successfully evaluated, the federal government will,subject to budget considerations, accelerate procurement of such systems."
Apple can argue that with OS X, it has such a system available now.
Despite Chairman Bill Gates' 19-month-old Trustworthy Computing Initiative,Microsoft has struggled to reduce the myriad of Windows vulnerabilities. Even Chief Executive Steve Ballmer admitted Monday in a speech that the company "needs toraise the bar on the quality of products when it comes to security."
Regardless of Microsoft's progress on improving security, the federalgovernment would be wise to look to diversification among operating systemsas a basic defense against cyber terrorists.
Given OS X's resistanceto attack and high level of interoperability with Windows networks, Macswould be ideal for such a role.Copyright © 2015, Los Angeles Times