January 03, 2001, 1:36 PM — AS WE WRITE THIS, the world's most technologically advanced nation is still attempting to sort out who will be its leader for the next four years by re-counting scraps of paper painstakingly perforated by the trusting citizens of the state of Florida. As backward as this sounds, it may be preferable to the alternative: allowing the leader of the free world to be chosen by a vocal minority of talking heads in the media.
The sad thing is, we don't feel like we're being overly dramatic. We are still in shock that one of the major television networks displayed a full-screen photograph of one of the candidates underscored with the inscription "43rd President of the United States" well before the outcome was conclusive.
We can agree to disagree on whether this affects the behavior of voters who may still be casting their ballots while these inaccuracies are being broadcast; but certainly it has an effect on the flow of events in one of the most influential societies on Earth.
We've seen it coming for some time now, but we're willing to bet no one was prepared for information warfare on such a grand scale. And with apologies to our colleague Winn Schwartau, who has popularized the term infowar to describe the digital version of traditional shoot-outs with tanks, planes, and submarines, we are talking more generically here. We mean the use of information in electronic form to influence minds, manipulate financial markets, exact revenge on business competitors, and determine the leader of the United States.
We see abundant signs that the next wave of assault on information system security is going to strike at the most vulnerable link in the chain: human beings. Bruce Schneier's Crypto-Gram newsletter covered many recent incidents of this nature and declared a "third wave" of network attacks that he characterized as "semantic" because they "target the way we, as humans, assign meaning to content."
Some high-profile examples Schneier cited include the devastating Aug. 25 attack against the fiber-channel company Emulex. This assault was based on a fraudulent press release from the distribution service Internet Wire that precipitated a 61 percent plunge in Emulex's stock in a matter of hours. Stories of stock manipulation through Internet chat rooms are legion, but this attack demonstrates the seriousness of the problem.
How can you defend against attacks that influence the minds of your shareholders or customers? It can seem impossible. Even Bruce, in his wise and extensive discussion of security issues, predicts more serious incidents of this nature. He acknowledges that problems with misinformation aren't going to be fixed by technological "magic wands" because they target people, not code.