The headaches caused by two significant computer virus outbreaks this summer, the SoBig and Blaster worms, have forced technology gurus in the public and private sectors to re-examine the issue of cyber security.
Based on the experience of these two relatively mild viruses, "cyber terrorists" could wreak mayhem easily by exploiting any one of hundreds of known vulnerabilities in Microsift Corp.'s Windows, which reigns as the standard for most businesses and governmental agencies.
Several incidents this year alone offer chilling evidence of just how vulnerable the nation's digital infrastructure is to Windows "malware."
Last month's outbreak of the SoBig virus shut down part of
's signaling system in the Eastern United States, causing numerous delays. The same virus caused problems in computer systems from automobile manufacturer BMW in Germany to
The San Francisco Chronicle
newspaper on the West Coast.
, Blaster crashed computers at the Motor Vehicle Administration on Aug. 11, forcing its offices to close statewide for a day. The next week, Blaster temporarily knocked out Air Canada's check-in systems.
Yet another worm, dubbed "Slammer," disabled computers at
in January -- including one responsible for monitoring the company's nuclear power plant.
And on top of the inconvenience such attacks cause, every incident also inflicts economic damage, mostly in lost productivity and goods.
According to mi2g Ltd., a London-based computer security firm, August was the worst month ever for malware-related economic harm. Attacks caused $32.8 billion in worldwide damage. The company estimates the SoBig worm alone caused $29.7 billion in damage across the globe.
Still more sobering are mi2g's yearly estimates of malware damage -- rising from $800 million to $970 million in 1997, to between $88.3 billion and $107 billion so far this year.
If the terrorists are paying attention, and experience tells us they most likely are, a disastrous terrorist attack on our digital infrastructure could be just a matter of time.
Some already have begun sounding the alarm, inlcuding former
cyber security czar Richard Clarke.
Since retiring from the post this past spring, Clarke -- who now heads a computer security firm in Arlington, Va., called Good Harbor Consulting LLC -- has strongly criticized the federal government's preparedness against cyber terrorism.
"[Information technology] has always been a major interest of al-Qaeda," Clarke said in a July speech. "We know that from the laptops... we've recovered that have hacking tools on them.
"It is a huge mistake to think that al-Qaeda isn't technologically sophisticated, a fatal one," Clarke continued. "They are well-trained, they are smart. They proved it on
with one style of attack -- and they can prove it again."
So where does Macintosh fit into this equation?
For one thing, as has been noted in two recent columns,
's Mac OS X is immune to the tens of thousands of viruses and worms that target the Windows operating system, and -- thanks to a Unix-based core -- it's also more resistant to attack.
However, the use of Mac OS X in the fight against cyber terrorism never arose in those columns because it seemed a remote possibility.
After all, the U.S. Department of Homeland Security in July signed a five-year, $90 million contract with
to supply Windows software to its 140,000 employees. Although a department spokeswoman said the federal government doesn't endorse any particular platform, such a large-scale purchase comes off as a strong vote of confidence for Windows.
But on Aug. 26, the U.S. Office of Management and Budget added Mac OS X and Linux to a revision of its Technical Reference Model, a sort of stamp of approval for various technologies used by the federal government.
Unofficial but just as intriguing was a revelation found last week on the MacTeens Web site that recent builds (test versions seeded to software developers) of the forthcoming update to Mac OS X -- known as "Panther" -- apparently contain an assortment of government seals, including the departments of each of the nation's armed forces, as well as the U.S. Public Health Service and the
, as part of the login window component.
Another compelling ingredient to this stew of information were the comments of Apple Chief Financial Officer
on Sept. 3 to a group of analysts for SmithBarney
He said Apple had seen "renewed interest in Mac OS X" from corporations and governmental agencies because of the software's immunity to Windows malware coupled with its powerful, difficult-to-hack Unix foundation.
Anderson also noted that Apple's governmental customers are "very focused on security" and that the company's sales to federal agencies was up "over 60 percent in each of the last two fiscal years" -- though its base, admittedly, was small.
Adding at least some Macs to the mix of government computers makes sense if for no other reason than to limit the incapacitation and damage from a cyber attack by using more than one operating system.
But any broad federal conversion to the Mac is unlikely, given the vast amount of money that has been invested in Windows software and
-based hardware. Software customized for Windows would need to be rewritten for OS X -- no small task.
Another potential hurdle would be the retraining of employees who have worked solely with Windows. Although the transition would go smoothly for some, others could take months to adjust to the often subtle and confusing differences between how Windows and OS X do things. (For that matter, even some Mac users have had a tough time switching from OS 9 to OS X.)
To be sure, the federal government keenly is aware of the threat of cyber terrorism. In February, it released "The National Strategy to Secure Cyberspace," a report assessing the risks and steps to address them.
While the report describes the risks in exhaustive detail, the suggested responses dovetail primarily with such typical Windows-oriented attacks as the Blaster and SoBig worms.
The report's advice includes identifying threats, patching security holes, running anti-virus software and taking other measures to minimize damage from attacks.
Many of these recommendations would be rendered unnecessary or less onerous if Mac OS X became more common in corporate and governmental environments.
Indeed, one recommendation in particular holds promise for a larger role for the Mac in the federal government. It encourages the private sector to develop "highly secure and trustworthy operating systems. If such systems are developed and successfully evaluated, the federal government will, subject to budget considerations, accelerate procurement of such systems."
Apple can argue that with OS X, it has such a system available now.
' 19-month-old Trustworthy Computing Initiative, Microsoft has struggled to reduce the myriad of Windows vulnerabilities. Even Chief Executive Steve Ballmer admitted Monday in a speech that the company "needs to raise the bar on the quality of products when it comes to security."
Regardless of Microsoft's progress on improving security, the federal government would be wise to look to diversification among operating systems as a basic defense against cyber terrorists.