Security expert: Cyberspace digital arms race threatens U.S.

Find opportunities — and win them.

The number and sophistication of potential weapons such as password-cracking software, viruses and worms, key loggers and spyware demonstrate the risk, according to Chet Hosmer.

Washington Technology's .

The United States faces the threat of a cyberspace attack, and the evidence of that threat can be held in the palm of your hand, according to one expert in the computer security industry.

"In contrast with conventional, nuclear or biological arms races, the raw materials necessary are digital 1s and 0s," Chet Hosmer, president and chief technology officer of WetStone Technology Inc., told an audience at the Techno Security 2005 conference earlier this week.

To illustrate his point, Hosmer pulled a USB drive out of his pocket and held it up.

"Because it [looks] benign, our concern is not as great. But it can be distributed instantly and freely around the Internet. It requires no physical access to the target, [it] can be launched from multiple locations. The effects caused can be swift and significant, and virtually no laws exist to control its production, sale or trade," he said.

The growth in number and sophistication of such potential weapons as password-cracking software, viruses and worms, key loggers and spyware demonstrate the magnitude of the risk, he added.

From September 2004 to May 2005 there were almost 3 million downloads of free password-cracking software, for instance, more than 2 million downloads of key-logging software and more than 1.25 million downloads of spyware, according to Hosmer.

Much of this activity is related to the explosive growth of Internet-based crime, and it is reasonable?and indeed, likely?that interests hostile to the United States also are participating, he said.

Earlier this week, the Government Accountability Office said in a new study, titled "Emerging Cybersecurity Issues Threaten Federal Information Systems," that federal cybersecurity programs are at risk of becoming static and unresponsive in the face of these emerging threats.

Some in the industry, however, are uncomfortable with the categorization of these software tools as weapons, because unlike more conventional weapons such as guns, it comes down to intent rather than the inherent design of the software, according to Hosmer.

"I chose that word [weapons] very carefully, because of the damage they can cause," Hosmer said. "Look at the definition of weapon in any good dictionary."

Webster's New World College Dictionary includes these definitions for weapon:

  1. An instrument or device of any kind used to injure or kill;

  2. Any means of attack or defense.


Patience Wait is a senior writer forsister publication,Government Computer News