NEWS

ommunications networks are systems designed to transmit information. Computers and communications are the technology of technologies. The field is experiencing a revolution several times each decade. Important recent milestones include:

· The Internet: a network of many kinds of networks. The Internet's main importance is its capability for internetworking, allowing any user to find, touch, and connect to a large variety of networks and sources of information, users, and computational resources that each makes available.

· The computer: microprocessors are changing the shape of everything related to computing, communications and control. Home and work computers permit direct data communication from the general public.

· The television: television has become a way of life. Wristwatch television, wall-size television, high definition television, and fully interactive cable television are all available.

· The personal communication explosion: cellular phones, facsimiles, two-way pagers, palm pilots.

Security

The increasing use of general access devices makes security matters increasingly important. Although the need for security is currently appreciated more in businesses than in homes, even in businesses there is limited awareness.

There is a need for the protection of individual, business, and government privacy, and the integrity of material transmitted. Deployment issues relate to securing of infrastructure links and end-to-end applications and therefore affect all levels of the architecture and all players, including users themselves. Dependence on networking activities will broaden concerns about security.

Security of the network is an obvious concern in crises where there is an active adversary seeking to obstruct the response. This is clearly the case in warfare and in confronting terrorism. The response team must keep its plans secret from hostile parties, and it must protect its communications against denial of service. However, security needs are not limited to active, hostile situations.

Robert Kehlet, of the Defense Nuclear Agency, observed that when you operate at a federal level, though, you get access to databases and information that are very sensitive in nature. You don't want to pass that out to the world in general and make it totally and completely public accessible.

Security is essential to national-scale applications such as manufacturing and electronic commerce. It is also important in situations where sensitive information must be communicated. Many traditional ideas of network security must be reconsidered for these applications in light of the greater scale and diversity of the infrastructure and the increased role of non-experts.

On a short- term basis, new security models are needed to handle the new degree of mobility of users and possibly organizations. The usability or user acceptability of security mechanisms will assume new importance, especially those that inconvenience legitimate use too severely.

In many, perhaps all, of the national-scale applications, users can be expected to move from a security policy domain or sphere to another and have a need to continue to function. That is, for example, carrying a portable computer from the wireless network environment of one's employer into that of a customer, supplier, or competitor.

Mobile users who want to connect back to their home domain from a foreign one have several alternatives. It is likely that the local domain will require some form of authentication and authorization of users. The remote domain might either accept that authentication and authorization from the user.

In addition, such remote access may raise problems of exposure of activities, such as lack of privacy, greater potential for spoofing, or denial of service, because all communication must now be transported through environments that may not be trusted.

Unfortunately, the problems of security are very difficult to address with computational and communications facilities. Policy and steps, especially when it involves merging several different security domains, is extremely complex. It must be based on the tasks to be achieved, the probability of subversion, and the capabilities of the mechanisms available.

Satellite stations and monitoring centers are capable of telephone surveillance. A system can monitor and analyze telephone communications, which is, in fact, the largest and most important form of secret intelligence. However, it is impossible for analysts to listen to all but a small fraction of the billions of telephone calls, and other signals which might contain significant information.

But, a network of monitoring stations is able to tap all calls from a specific area, and sift out messages which sound interesting. Computers automatically analyze every message or data signal, and can also identify calls to a target telephone number.

Surveillance systems are highly computerized. They rely on near total interception of international commercial and satellite communications in order to locate the telephone or other messages of target individuals.

Experts have assessed that, computers with network connectivity, can be entered by an electronic intruder from anywhere in the world. Gaining access to these computers through a network connection is relatively simple, costs very little, and typically involves little risks of detection. This new phase of terrorism is referred to as cyber-terrorism, and with biological warfare, represents the greatest threat of next century.

Cyberterrorism

U.S. vulnerability to info war is the major security challenge of the next century. Much more important, but not as complex as telephone espionage. Other names for cyber terrorism are: information war, technological warfare, hacking, and computer security.

Every year U.S. companies lose millions of dollars to industrial espionage and sabotage. The attacks come from outside hostile countries or organizations, business competitors, or individuals. People are not aware of how easy it is to breach security at major corporations. Even

computer experts hired by companies to make sure their systems are safe find very difficult to fight intruders.

Even military computer systems are vulnerable to intruders. The computer and Internet development are considered by many to be comparable to the development of the atomic bomb in respect to the way it may change our society and warfare. In the Gulf War, computers and telecommunications were used to knock out the Iraqi communications and electrical systems.

However, as the U.S. relies more and more in computers, we become more vulnerable to attacks. Imagine what would happen if Wall Street caught a virus that would cause their network to crash. The prospect is: if we are able to do it, others are also able to do it to us.

Cyberterrorists can attack anywhere where the physical and the virtual worlds combine. The Internet and the computer technology have made possible universal interface. Cyberterrorists can use the Internet and the computer networks to destroy, altercate, and infiltrate valuable information or systems necessary for security.

A terrorist country, such as Cuba, must make its act big enough and well known enough to achieve its goal. The person actually performing the attack can do it from his own home or lab in Cuba. He will not be harmed in the attack, he will probably not be traced, and if he messes up he learns from his mistakes and become even more dangerous when he strikes again.

Assume a possible scenario. Wall Street reports a massive loss of data as computers and backup tapes go up in smoke. ConEd and PG&E power companies' computers crash, plunging the East and West coasts into darkness. At major airports, the FAA's ATC computers crash, causing havoc across the Midwest. 911 emergency systems in major cities go down from a logic bomb. Internet traffic slows to a tickle as ISPs and telecom companies struggle with coordinated large-scale denial-of-service attacks. That's the kind of nightmare we can face. Some of these attacks have already occurred, in small scale, in various nations. Attackers, as mentioned before, can wage cyberwarfare from computers anywhere in the world.

The core problem: United States' dependence on computers makes it more vulnerable than most countries to cyber attacks. Our national infrastructure depends not only on our interconnected information systems and networks, but also the public switched network, the air-traffic control systems, the power grids and many associated control systems, which themselves depend heavily on computers and communications.

Our defense against isolated attacks and unanticipated events are inadequate. Risks include not just penetrations and insider misuse, but also insidious Trojan horse attacks that can lie dormant until triggered. Our defenses large- scale coordinated attacks are even more inadequate.

According to former CIA director George Tenet in congressional testimony, June 2002, "we must rely more and more on computer networks for the flow of essential information. Trillions of dollars in financial and commerce are moving over a medium with minimal protection. The opportunity to disrupt military effectiveness and public safety, with the elements of surprise and anonymity provide plenty of incentives.”

The cyberterrorist's traditional weapons of choice include computer viruses such as, logic bombs that wake up on a certain date, worms, and Trojan horse; cracking (accessing computer systems illegally); sniffing (monitoring network traffic for passwords, credit cards, etc); social engineering (fooling people into revealing passwords and other information); and dumpster diving (sorting through the email trash). In a brief summary, there are:

· Viruses: computer viruses come in all shapes and flavors, from "harmless" prank messages to electronic forms of Ebola that chew up your data and spit it out as garbage. Some viruses infect your PC's boot sector and rewrite the sector, crippling your system. Others infect the files that launch or run most of your software, rendering your programs unusable. Others erase your computer's CMOS setup tables, making it impossible for your computer to work.

· Worms: worms are breeder programs, reproducing themselves endlessly to fill up memory and hard disks. Worms are often designed to send themselves throughout a network, making their spread active and deliberate.

· Logic bombs: logic bombs are embedded pieces of destructive code that detonate on preset dates or when a specified set of instructions is executed, unleashing destructive actions within a computer or through out a network

· Bots: bots are pieces of code designed to rove the internet and perform specific actions

· SYN: SYN attacks involve sending a torrent of connection requests to targeted sites.

· SYN flood: creates a major traffic jam at the site, cutting it off.

But a new tactic, coordinated large-scale attacks, emerged on March 2, 1998. The tactic consists of intrusion attempts involving multiple attackers working together from different IP addresses, many in different locations, and countries. The intent is to make the attacks more difficult to detect, and to increase the "firepower".

Another advanced cyberterrorist tool is monitoring computers, fax machines, printers and other devices by picking up their electromagnetic radiation. They allow cyber spies (at least one of the spies from Cuba arrested recently by the FBI in Miami was a computer engineer, expert on computational technology in Cuba) to intercept passwords and sensitive information.

Such monitors can be as far as 1 mile-or further if they have fast-Fourier-transform chips and other classified systems design by the National Security Agency, or its foreign counterparts, such as Cuba's intelligence services. There is no way to know if a system is monitored.

Information warfare attacks on computers could be classified as attacks through legitimate gateways of the computers such as the modem and the keyboard (software attacks), and attacks through other than legitimate gateways (backdoor attacks). At the current technological level, backdoor attacks can be carried out mainly by utilizing radio frequency (RF) technology and are classified as RF attacks.

Any wire or electronic component is, in fact, an unintended antenna, both transmitting and receiving. Every such unintended antenna is particularly responsive to its specific resonance frequency, and to some extent, to several related frequencies. If the objective is to eavesdrop on the device, then the electromagnetic emanations coming from functioning components of the device are received by highly sensitive receiving equipment and processed in order to duplicate information handled by the device. If the objective is to affect the device's functioning, then appropriate RF signals are transmitted to the targeted device. Producing and transmitting a signal, which would just disrupt the normal functioning of a target device, is a simple technological task, and Cuba is quite capable of producing such attacks.

It is not science fiction: weapons can zap your computer into oblivion from a distance. Radio frequency (RF) weapons are real. They consist of a power supply, transmitter, antenna. One type, referred to as HPM, generates Gigawatts of short, intense energy pulses focused into a narrow beam capable of silently burning out electronic equipment. There have been high ranked military experts testifying in Congress in relation to this matter since mid-1998.

RF weapons are also packaged as RF munitions, which use explosives to produce radio-frequency energy. In the hands of skilled Cuban scientists, these munitions come as hand grenades or mortar grounds. Potential targets of RF weapons include computer and other electronic devices used in national telecommunications systems, the national transportation system, mass media, oil and gas control and refining, civil emergency services, among several important infrastructures.

Ninety percent of our military communications now passes over public networks. If an electromagnetic pulse takes out telephone systems, we are in trouble because our military and non-military nets are virtually inseparable. The former Soviet Union developed RF weapons because of the potential to be effective against our sophisticated electronics, said retired U.S. Army Lieutenant General Robert Schweitzer in congressional testimony in June, 1998.

Russia provided this technology to several countries. China is also well ahead in this field. Since February 1999, China and Cuba have increased their military and intelligence joint activities. The presence of Chinese personnel in Cuba is now very obvious.

A new class of cyberweapon, the Transient Electromagnetic Devices (TEDs) is easier to construct and use. TEDs generate a spike-like pulse that is only one or two hundred picoseconds in length at very high power. TEDs are smaller, cheaper, required less power and are easier to build. As we will analyze later on the report, Cuban engineers have the proper technology and experience to build TEDs.

They can be built using spark-gap switches and can be assembled from automobile ignition, fuel pump and other relative available parts at a cost of $ 300 dollars. TEDs can burn out a broad range of devices, with effect on electronics systems that are similar to a lightning strike. The compact devices could fit in a briefcase, or be placed in a small van. With a six- foot backyard antenna and more advanced spark-gap units, terrorists could point them at flying aircrafts.

"The enemies of peace realize they cannot defeat us with traditional military means", President Bill Clinton, January, 1999.

What is cyberterrorism?

Terrorism that involves computers, networks, and the information they contain. Computer networks have been attacked during recent conflicts in Kosovo, Kashmir, and the Middle East, but the damage has mostly been limited to defaced Web sites or blocked Internet servers. However, with American society increasingly interconnected and ever more dependent on information technology, terrorism experts worry that cyberterrorist attacks could cause as much devastation as more familiar forms of terrorism.

Is the United States vulnerable to cyberterrorism?

Yes, but experts disagree about how large and immediate a threat cyberterrorism poses. In 1997, the Pentagon simulated a cyberattack and found that attackers using ordinary computers and widely available software could disrupt military communications, electrical power, and 911 networks in several American cities. Hacking tools and expertise have become only more widespread since then.

Is cyberterrorism the same as hacking?

No. While some people use the term “cyberterrorism” (which was coined in the 1980s) to refer to any major computer-based attack on the U.S. government or economy, many terrorism experts would not consider cyberattacks by glory-seeking individuals, organizations with criminal motives, or hostile governments engaging in information warfare to be cyberterrorism. Like other terrorist acts, cyberterror attacks are typically premeditated, politically motivated, perpetrated by small groups rather than governments, and designed to call attention to a cause, spread fear, or otherwise influence the public and decision-makers.

Hackers break in to computer systems for many reasons, often to display their own technical prowess or demonstrate the fallibility of computer security. Some on-line activists say that activities such as defacing Web sites are disruptive but essentially nonviolent, much like civil disobedience.

Why would terrorists turn to cyberattacks?

Terrorists try to leverage limited resources to instill fear and shape public opinion, and dramatic attacks on computer networks could provide a means to do this with only small teams and minimal funds. Moreover, “virtual” attacks over the Internet or other networks allow attackers to be far away, making borders, X-ray machines, and other physical barriers irrelevant. Cyberterrorists would not need a complicit or weak government (as al-Qaeda had in Afghanistan) to host them as they train and plot. On-line attackers can also cloak their true identities and locations, choosing to remain anonymous or pretending to be someone else.

Terrorists might also try to use cyberattacks to amplify the effect of other attacks. For example, they might try to block emergency communications or cut off electricity or water in the wake of a conventional bombing or a biological, chemical, or radiation attack. Many experts say that this kind of coordinated attack might be the most effective use of cyberterrorism.

What kinds of attacks are considered cyberterrorism?

Cyberterrorism could involve destroying the actual machinery of the information infrastructure; remotely disrupting the information technology underlying the Internet, government computer networks, or critical civilian systems such as financial networks or mass media; or using computer networks to take over machines that control traffic lights, power plants, or dams in order to wreak havoc.

How do cyberattacks work?

Attacks on the physical components of the information infrastructure would resemble other conventional attacks: for example, a bomb could be used to destroy a government computer bank, key components of the Internet infrastructure, or telephone switching equipment. Another option would be an electromagnetic weapon emitting a pulse that could destroy or interrupt electronic equipment.

Attacks launched in cyberspace could involve diverse methods of exploiting vulnerabilities in computer security: computer viruses, stolen passwords, insider collusion, software with secret “back doors” that intruders can penetrate undetected, and orchestrated torrents of electronic traffic that overwhelm computers—which are known as “denial of service” attacks. Attacks could also involve stealing classified files, altering the content of Web pages, disseminating false information, sabotaging operations, erasing data, or threatening to divulge confidential information or system weaknesses unless a payment or political concession is made. If terrorists managed to disrupt financial markets or media broadcasts, an attack could undermine confidence or sow panic.

Attacks could also involve remotely hijacking control systems, with potentially dire consequences: breaching dams, colliding airplanes, shutting down the power grid, and so on.

Could cyberterrorists really take control of a dam or a power plant?

Yes, although experts disagree as to how likely this is, and in any case, such a feat would be considerably harder to pull off than defacing a Web site or launching a denial of service attack. If the device that controls such a system such as a dam or power plant is connected to the Internet, it would theoretically be vulnerable to cyberhijacking, although terrorists would still need to find a way to exploit the security vulnerabilities of such machines, perhaps with help from a conspirator on the inside. In 2000, hackers working with a former employee of Gazprom, the major Russian energy company, reportedly briefly took control of the computer systems that govern the flow of natural gas through the company’s pipelines.

Does al-Qaeda have cyberterrorist capabilities?

We don’t know. Osama bin Laden’s terror network uses the Internet, encryption software, and other up-to-date information technology to link its members, plan attacks, raise funds, and spread propaganda. But using the Internet is much easier than inflicting damage through the Internet. That said, U.S. officials reportedly think that al-Qaeda has been training members in cyberattack techniques, and U.S. computer logs and data from computers seized in Afghanistan both indicate that the group has scouted systems that control American energy facilities, water distribution, communication systems, and other critical infrastructure. In what may be a related development, a Pakistani group hacked into an antiterrorist Web site after September 11, posting messages expressing support for al-Qaeda and threatening to attack U.S. military Web sites. But we don’t know whether the group has ties to al-Qaeda.

Which other terrorist groups could launch cyberattacks?

We don’t know how many groups have the know-how. The Tamil Tigers have mounted on-line attacks against the government of Sri Lanka. The Japanese doomsday cult Aum Shinrikyo, which released sarin gas in the Tokyo subway system in 1995, had previously built a system for tracking Japanese police vehicles, and investigators discovered that the group possessed classified data regarding these vehicles. Other foreign terrorist organizations also use the Internet for communications and propaganda, but it’s hard to know who has cyberterrorist capabilities until they try something. Cyberattacks often lack the drama of traditional terrorist attacks, so they might not be attractive to some terrorist groups.

Could terrorist groups get help from hackers?

Yes. Rather than developing their own computer skills, terrorist groups might try to hire or trick unaffiliated hackers into helping. Experts are particularly worried about highly skilled and underpaid computer specialists from the former Soviet Union. Hackers who dislike America might also decide to perpetrate an attack independently. Following the April 2001 collision of a U.S. Navy spy plane and a Chinese fighter jet, Chinese hackers launched denial of service attacks against American Web sites.

Could states that sponsor terrorism help cyberterrorists?

Conceivably, although highly skilled individual hackers would probably offer better help. The assets states can offer terrorists—funding, training, logistical support, and so on—would matter less for most cyberattacks than for attacks involving conventional weapons or weapons of mass destruction.

Are any state sponsors of terrorism capable of waging war in cyberspace?

Yes. According to a report by Dartmouth University’s Institute for Security Technology Studies, at least two of the countries listed by the State Department as sponsors of terrorism have cyberwarfare programs: North Korea and Cuba. North Korea has been dropped from the category of terrorist country. Cuba has the Bejucal Base, capable of producing cyber attacks. Many other countries, including the United States, Russia, and China, have cyberwarfare programs as part of their military apparatuses.

What can be done to protect against cyberterrorism?

Experts stress vigilance about computer security: patching security flaws quickly once they’re detected, designing systems to withstand attacks, backing up systems off-site so they can bounce back quickly from a disruption, watching for disgruntled employees who might help terrorists penetrate a system.

What is the U.S. government doing to protect against cyberterrorism?

Most of America’s information infrastructure is privately owned and administered, so any government effort requires coordination and information sharing with the private sector. In 1998, the FBI established the National Infrastructure Protection Center to assess cyberthreats and improve communication between government and private information-security officials. Other law enforcement agencies and military branches also have programs to defend the national information infrastructure.

Can individual computer users do anything to combat cyberterrorism?

Yes. Individual computer owners can become unwitting accomplices to denial of service attacks. Information technology experts say that maintaining good security—using a firewall and virus protection software, avoiding suspicious email and programs—can help prevent or minimize cyberattacks.

Cuba: The Threat

Cuba is not a challenge or a threat to the United States with conventional weapons on a conventional battlefield. It never was, not even at its military peak of the 1970's. However, Cuba is a real threat to the United States with non-traditional weapons.

Background

Cuba has surprising talent and experience in the areas of electronics, computers, computer software and data processing. The country benefited from its association with the former Soviet Union, and some European countries, which turned out many skilled electrical and computer engineers, as well as technicians.

Cuba's electronic industry has its origins in the mid-1960s when the Ministry for Iron and Steel Machinery (SIME) began assembly of radios from imported parts. In 1974 SIME started producing black-and-white television sets. Then came a plant to produce batteries (1975), telephone switchboards (1981), and color television sets (1985). In 1985 SIME also started production of semiconductors.

In 1976 a separate electronics institute was created, the National Institute of Automated Systems and Computer Skills (INSAC). In 1994 INSAC was incorporated into the newly created Ministry of Steel, Heavy Machinery and Electronics. The Ministry of Communications is also responsible for small-scale production of certain electronics-related products.

The entity Cuba Electronica was created in January 1986 as part of the Foreign Trade Ministry. It is responsible for importing electronic equipment and exporting computers, peripherals, semiconductors and software.

An Irish expert says that the Cuban information-technology industry matches that of the Republic of Ireland, which has been particularly successful in persuading a range of information technology companies to establish their European base in Cuba.

One of the most advanced areas of the electronics industry in Cuba is production of medical equipment. The Central Institute for Digital Research (ICID), in collaboration with the Biotechnology Centers, has developed high technology medical equipment including the Cardiocid-M, an electrocardiographic system for diagnosing cardiovascular system diseases; Neorocid, an electromyographic and electro-neurographic system for diagnosing peripheric nervous system diseases, and various applications for high- technology genetic engineering research.

The main developments of Cuba's electronic industry occurred between 1975 and 1989. Among others:

· Computer equipment plant, established in 1978, with a 4,300 square meters production area

· Printed circuit board plant, established 1982, with a 4,900 square meters production area

· Electronic modules production plant, with 4,000 square meters production area

· Mechanical production plant, with 7,500 square meters production area

· Monitors and television set plant, established in 1975, with an annual capacity of 100,000 units

· Alphanumeric keyboards plant, established in 1988, equipped to produce keyboards compatible with IBM, DEC and other microcomputer systems. Production capacity of 250,000 units per year

· Printed circuit boards plant, which can produce 35,000 square meters per year of circuit boards. It uses Betamax material and carries out the printing by serigraphy.

· Electronic Research and Development Center, established in 1985.

· Electronic Components Complex, (CCE), produces active and passive components, established in 1985.

· Medical equipment complex, established in 1989. Produces instruments and equipment for the Biotechnology Centers.

Computing in Cuba dates back to the mid- 1950s when two first generation U.S. computers were installed. During the 1960s came computers from France, followed by Soviet and East- European systems. During the 1970s Cuba embarked on a program to develop its own second minicomputers based on Digital's PDP-11.

Most of Cuba's early computer specialists were trained in East Germany and the Soviet Union. In mid 1980s two main centers of computational research were established one at the CUJAE and the other at Universidad Central de Las Villas.

Cuba has also developed computer networks. Presently, there are four networks with international connectivity: CENIAI, Tinored, CIGBnet, Infomed. CENIAI began networking in 1986, and has had a UUCP link to the Internet since 1992. They currently offer email, database access, and programming and consulting services. CIGBnet is the network of the Center for Genetic Engineering and Biotechnology. It began in 1991 and provides email, database access, a biological sequence server.

Since 1991, there has been a surplus of electrical and computer engineers in Cuba due to the closing of many industries. Many of these engineers changed their lines of work to the areas of telecommunications espionage and computer interference and disruption, in special centers created by the government.

A large group of them received specialized training in Russia, Vietnam, North Korea and China As a result, a significant engineering and technical staff is now dedicated to research, development and application on these areas.

The Beginning

Prior to the August 1991 coup attempt, the KGB was developing computer viruses with the intent of using them to disrupt computer systems in times of war or crisis. In early 1991, a highly restricted project was undertaken by a group within the Military Intelligence Directorate of Cuba's Ministry of the Armed Forces.

The group was instructed to obtain information to develop a computer virus to infect U.S. civilian computers. The group spent about $5,000 dollars to buy open-source data on computer networks, computer viruses, SATCOM, and related communications technology. These efforts have continued to be made, now in a much larger scale, and could potentially cause irreparable harm to U.S. defense system.

The project is under the direction of Major Guillermo Bello, and his wife, Colonel Sara Maria Jordan, both of the Ministry of the Interior. Several well- known Cuban engineers were sent to work in this group. The engineering effort is led by engineers Sergio Suarez, Amado Garcia, and Jose Luis Presmanes. Several computational centers have been created at either universities or research centers through Cuba, where highly secret research and development activities are conducted. The developments of malicious software requires little in the way of resources- a few computers and an individual or group with the appropriate expertise-making a malicious software R&D program easy to support as well as to hide.

According to reports, Dutch teenagers gained access, apparently through an Internet connection to computer systems at 34 DOD sites, including the Air Force Weapons Laboratory, the David Taylor Research Center, the Army Information Systems Command, and the Navy Ocean Systems Center during operations Desert Shield Storm.

They were snooping in sensitive rather than classified military information. The intrusions normally involved broad-base keywords searches including such words as "rockets", "missiles", and "weapons".

They exploited a trap door to permit future access and modified and copied military information to unauthorized accounts on U.S. university systems. Although no "customer" was identified, the data collected could have been sent electronically anywhere in the world. At that time, some Cuban engineers were receiving specialized training in Holland, Sweden, and Austria.

Cuba: Low Energy Radio Frequency

It is quite possible, and probable, that Cuba is doing research and development on low level radio frequency weapons, or LERF. This technology utilizes relatively low energy, which is spread over a wide frequency spectrum. It can, however, be no less effective in disrupting normal functioning of computers as the high energy RF, or HERF due to the high probability that its wide spectrum contains frequencies matching resonance frequencies of critical components.

Generally, the LERF approach does not require time compression, nor does it utilize high tech components. LERF impact on computers and computer networks could be devastating. One of the dangerous aspects of a LERF attack on a computer is that an unprotected computer would go into a "random output mode".

Different kinds of LERF weapons have already been used over the years, primarily in Eastern Europe. This is one of the reasons it is highly probable that Cuba is active in the development of such weapons. For instance, during the Czechoslovakian invasion of 1968, the Soviet military received advanced notice that Czechoslovakian anti-communist activities had been wary of relying on the telephone communications.

These telephone communications were controlled by the government. They prepared to use radio transceivers to communicate between their groups for coordination of their resistance efforts.

During the invasion Soviet military utilized RF jamming aircraft from the Soviet air force base in Stryi, Western Ukraine. The aircraft jammed all the radio spectrum, with the exception of a few narrow pre-determined "windows" of RF spectrum utilized by the invading Soviet army.

Another example of a LERF attack was the KGB's manipulation of the United States Embassy security system in Moscow in the mid-80s. The security system alarm was repeatedly falsely triggered by the KGB's induced RF interference several times during the night. This was intent to annoy and fatigue the marines and to cause the turning of the "malfunctioning" system off.

A small group of agents from Cuba, well trained, can put components from Radio Shack, for example, inside a van or a pick up truck, with an antenna. And that is really what an RF weapon looks like, a radar or antenna showing, and drive it around a building, be the White House, the Pentagon, or the FAA facility and pulse.

They can fire, and re-fire, as long as the generator has power. The radiation goes through concrete walls. Barriers are not resistant to them. They will either burn out or upset all the computers or the electronic gear of the targeted building. They are absolutely safe to human beings.

Another aspect of offensive RF technology is its traditional application in information intercept or eavesdropping. Traditionally, the Soviet Union and Russia have placed high priority on the development and use of this technology. Changes of last decade in Russia impacted the KGB, which has been split into independent parts.

The 8th and 16th Directorates, roughly representing Russian equivalent of the NSA, became an independent agency, the Federal Agency of Government Communications and Information (FAPSI). FAPSI is directly subordinate to the President of Russia.

In a wave of privatization, FAPSI was partially privatized as well. Some of the leading FAPSI experts left the agency and founded private security companies. These companies are fully capable of carrying out any offensive operations and serve as consultants to previous ally countries.

There is also a close cooperation between FAPSI and its private spin-off companies. The private companies can provide the FAPSI with some of the products of their intercept, while FAPSI can also share some of its products, along with personnel and equipment, including its powerful and sophisticated facilities, such as the Lourdes in Cuba, for a very productive long-range intercept.

This situation can easily put American private business in a highly unfavorable competitive position since the end of the Cold War somewhat shifted goals, objectives, and some targets of the FAPSI toward a heavier emphasis on intercept of technological, commercial and financial information.

It can take a few days to build a LERF weapon. It takes a few weeks or a few months to establish a successful collection of information through RF intercept. But several countries, including Cuba, have the capacity to do so.

Cuba: Lourdes Base (dismantled in 2002)

At Lourdes, a suburb of La Habana, south of Centro Habana, and close to Jose Marti's airport, there is a Russian sophisticated electronic espionage base. It encompasses a 28 square mile area and employs some 1,500 Russian engineers, technicians and staff. A satellite view of Lourdes, 1996, is included.

There are two fields of satellite dishes. One group listens in to general U.S. communications. The second group is used for targeted telephones and devices. The areas are designated "Space Associated Electronics Area North" and "Space Associated Electronics Area South". There is also an HO/Administration Area, and a Vehicle/Equipment Maintenance Area.

The Russians have spent over $3 billion dollars on Lourdes. In 1996 they started to upgrade the facilities, in some $250 million dollars. Presently, they have state- of- the art equipment. The computers at the base are programmed to listen for specific phone numbers-when they detect these lines are in use the computers automatically record the conversations on transmissions.

The upgrading now includes voice recognition facilities, that is, computers recognize certain targeted voice spectrum, and when so, they automatically record the conversations. Also facsimiles are detected, as well as computer data.

At present, Lourdes is an even more important asset for Russia in its efforts to spy on the United States than it was during the Cold war. Lourdes receives and collects intercepts by spy satellites, ships and planes in the Atlantic region, making it a full fledge regional command and control center.

The use of the intelligence garnered by Lourdes is not limited to penetrating secret U.S. military operations. Its targets also include the interception of sensitive diplomatic, commercial and economic traffic, and private U.S. telecommunications.

The strategic significance of the Lourdes facility also has grown dramatically since the order from Russian Federation President, Boris Yeltsin, of February 7, 1996 demanding that the Russian intelligence community step up the theft of American and other Western economic and trade secrets.

The director of the Defense Intelligence Agency told the Senate Intelligence Committee in August 1996, "Lourdes is being used to collect personal information about U.S. citizens in the private and government sectors". The signal intelligence complexes operated by Russia at Lourdes also offers the means by which to engage in cyberwarfare against the United States.

Cuba: Bejucal Base

In 1995, Russia started the construction of an espionage base to be operated by the Cubans. The base is located at Bejucal, south of La Habana. The agreement, and the supervision of the entire project, was directed by General Guillermo Rodriguez del Pozo. Equipment for the base was shipped secretively from Russia through the port of Riga, in Latvia. This country does not have an embassy in Cuba. However, Cuba maintains a large embassy, over 50 persons, in Latvia.

The base is now fully operational, similar but smaller than Lourdes, and with all state-of-the-art equipment. The unit is referred to by some as The Electronic Warfare Battalion, EWB. The request for the base came because Cuba does not have access to Lourdes. They only get copies of the Russian intelligence summaries on issues that could affect the nation's security.

Cuba Bejucal's Base is very powerful, and it has the capabilities, besides running signals intelligence operations, that is, eavesdropping, of conducting cyberwarfare. The Interior Ministry's General Directorate for Intelligence is in charge of the Base.

It also runs a smaller center, located at Paseo, between 11^th and 13^th streets, in Vedado, La Habana. The center is mainly radio listening and transmitting, and for limited telephone espionage.

The Electronic Warfare Battalion has the necessary equipment to interfere Radio and TV Marti, and the equipment to interfere TV Marti if it transmits in UHF. The equipment is not used as yet. However, the base has offensive jamming capabilities, capable of disrupting communications deep inside the United States. This is indeed a unique facility because of its size and location and capability.

Interference of Radio and TV Marti is now disseminated through the Island, in what is called project Titan. In charge now of Chinese personnel, which since March 1999 has also taken partially over the operations of the Bejucal base, or EWB.

Early in 1999, the Pentagon's military computer systems were subject to ongoing, sophisticated and organized cyber attacks. Officials stated that this latest series of strikes at defense networks was a coordinated effort coming from abroad. Deputy Defense Secretary John Hamre, who oversees all Pentagon security matters, confirmed the attacks have been occurring since 1998.

Secretary Hamre called them a "major concern." Officials believe some of the most sophisticated attacks are coming from a country routing through Russian computer addresses to disguise their origin.

The probes and attacks are also against U.S. military research and technology systems-including the nuclear weapons laboratories run by the Department of Energy. Rep. Curt Weldon, R-Pa., chairman of the House Armed Services research and Development Subcommittee stated "What we have been seeing in recent months is more of what could be a coordinated attack...that could be involved in a very planned effort to acquire technology and information about our systems in a way that we have not seen before."

These attacks coincide with the fact that the Bejucal base is fully operational, and also with the new presence of China military and intelligence personnel in Cuba.

Rep. Curtis Weldon also stated "it is not a matter of if America has an electronic Pearl Harbor, it is a matter of when". For two days in January, 1999, cyber attacks were made into military computers at Kelly Air Force Base in San Antonio-the center for the most sensitive Air Force intelligence, the kind of information critical to American troops abroad.

Joseph Santos, also known as "Mario", one of the persons arrested by the FBI in an alleged spy ring, on September 1998, is an electrical and computer engineer, with great expertise in computer networks, and member until 1996 of a research computational center in a University in Cuba.

According to the indictment, Santos' assignment was to infiltrate the new U.S. Southern Command headquarters in West Dade. He had, as his fundamental assignment, the penetration of the headquarters of said command. Maps of several cities, including San Antonio, were found in his apartment. It is a fact that Lourdes, Wajay, Santiago’s farm, and the EBW bases, are a threat to the U.S. security, capable of intercepting not only U.S. military secrets but also commercial and trade intelligence.

Bejucal Base

Former Lourdes Base (Dismantled)

Cuba: the new China presence

In February, 1999, a top level Chinese military delegation, led by Chi Haotian, Defense Minister, visited Cuba. They met several times with Raul Castro, Cuba's Defense Minister. It was the first time a Chinese Minister of Defense visited Cuba.

China's President Jiang Zemin visited Cuba in 1993. Castro went to China in 1995. Other important visits have occurred recently. Raul Castro, accompanied by several generals, visited China. Also, general Dong Liang Ju, head of China's Military Commission, visited Cuba.

An important role here is played again by General Guillermo Rodriguez del Pozo, whose son is married to Raul Castro's daughter. All these facts lead to an important conclusion: a very close military relation between Cuba and China.

It is obvious that China sees a presence in Cuba of an important strategic value, and is making Cuba a military and intelligence gathering Center. What Cuba really wants from China? Most probably, economic assistance. But the real important question is what China wants from Cuba?

China has become very active in Cuba's military telecommunications, cyberwarfare and biowarfare activities. China is investing to modernize the satellite- tracking center at Jaruco. China is heavily involved also in the telecommunications-monitoring base at Paseo, between 11^th st and 13^th st, Vedado.

The government of China has created the 863 and Super-863 Programs, with the sole mission of importing technologies for military use. The 863 program was given a budget split between military and civilian projects, focusing on science and technology.

The following are key areas of military concern: biological warfare; communications and intelligence systems. The People's Liberation Army, PLA, has placed priority on the development of battlefield communications; reconnaissance; intelligence signals operations.

In order to achieve these priorities, the government of China has focused on the use of intelligence services to acquire U.S. military and industrial technology. That is the main reason why China is using and improving Cuban capabilities in this area and moving to develop its own on the island.

After years of hostile relations between China and the Soviet Union, Russia has again become China's main source of advanced weapons, including electronic warfare and electronic eavesdropping, (sigint), equipment.

China has acquired high performance computers, HPC, from the United States. HPCs are important for many military applications and essential for some. It is assumed here that China is modernizing Cuba's computer systems with HPCs.

These computers are in the speed range of 1500-40,000 millions of theoretical operations per second (MTOPS). HPCs are useful in the design, development, manufacturing, performance, and testing of biological weapons, command, control, and communications, information warfare, collection, processing, analysis, and dissemination of intelligence an in the encryption of communications.

Another potential application of HPCs in Cuba is cryptology-the design and breaking of encoded communications. This application, such as in the Bejucal base, demands fast processing, and the ability to handle large amounts of data. As a point of reference, the U.S. National Security Agency uses some of the highest performance computers available.

However, it is true also that significant cryptology capability can be achieved through the use of widely available computer equipment, such as networked workstations or parallel processors.

Under the revised HPC policy, Cuba falls in Tier 4 with Iraq, Iran, Libya, North Korea, Sudan, and Syria. Tier 4 means a virtual embargo on all computer exports. This is another factor of the importance of the new China/Cuba relations. In light of China's aggressive espionage campaign against U.S. technology, Cuba fits perfectly with Chinese electronic warfare priorities and electronic collection needs.

Conclusions

The United States' dependence on computers makes it more vulnerable than most countries to cyberattack. The president's Commission on Critical Infrastructure Protection has identified eight critical areas in need of protection: information and communications, electrical power systems, gas and oil industries, banking and finance, transportation, water supply systems, emergency services and government services.

Many traditional and non-traditional adversaries of the United States-according to Louis J. Freeh, Director, FBI, today are technological sophisticated and have modified their intelligence methodologies to use advanced technologies to commit espionage. In telecommunications, even some smaller (Cuba?) intelligence adversaries now use equipment the FBI is unable to monitor.

The international terrorist threat can be divided- according again to Louis J. Freeh- in three general categories. Each poses a serious and distinct threat, and each has a presence in the United States. The first and most important category, and the concern of this study, is state-sponsored terrorism. It violates every convention of international law. State sponsors of terrorism include Iran, Iraq, Syria, Sudan, Cuba, and North Korea. Put simply, these nations view terrorism as a tool of foreign policy.

Public and private sector organizations that rely on information technologies are diverse. The result is a revolutionary and systematic improvement in industrial, services, and commercial processes. However, as commercial information technologies create advantages, their increasingly indispensable nature transforms them into high-value targets.

With very few exceptions, attacks against the nation's cyber assets can be aggregated into one of four categories: crime, terrorism, foreign intelligence, or war. Regardless of the category, any country can acquire the capability to conduct limited attacks against information systems.

Software is one weapon of information-based attacks. Such software includes computer viruses, Trojan horses, worms, logic bombs and eavesdropping sniffers. Advanced electronic hardware can also be useful in information attacks. Examples of such hardware are high-energy radio frequency (RF) weapons, electromagnetic pulse weapons, RF jamming equipment, or RF interception equipment.

Such weapons can be used to destroy property and data; intercept communications or modify traffic; reduce productivity; degrade the integrity of data, communications, or navigation systems; and deny crucial services to users of information and telecommunications systems.

The Cuban government is well aware of this vulnerability. Hence, major terrorists and intelligence services are quickly becoming aware of exploiting the power of information tools and weapons. The Cuban government is well aware of this vulnerability.

The increasing value of trade secrets in the global and domestic marketplaces, and the corresponding spread of technology, have combined to significantly increase both the opportunities and methods for conducting electronic espionage.

The security of trade secrets is essential to maintaining the health and competitiveness of critical segments of the U.S. economy. The U.S. counterintelligence community has specifically identified the suspicious collection and acquisition activities of foreign entities from at least 23 countries, including Cuba.

Cuba has acquired the capacity to conduct cyberterrorism also through simple technology transfer. There are multiple international conferences on the subject. Anyone can attend these conferences.

There is a BEAMS conference that has gone on for 20 years, a EUROEM conference that has gone on for over 20 years also. RF weapons can be made today for a cost of $800 dollars. Therefore, there is no need for a lot of power, or a lot of money, to affect the infrastructure. This technology application is quite under the capabilities of Cuba's electronic development.

Electronic monitoring of communications signals will continue to be the largest and most important form of secret intelligence. Cuba's main facility- Bejucal Base- is quite capable of monitoring telecommunications in the U.S., the Caribbean, and Latin America.

Computers automatically analyze every call or data signal, and can also identify calls to a target telephone number in U.S. no matter from which country they originate. Both, Bejucal and EWB, are highly computerized. They rely on near total interception of international commercial and satellite communications in order to locate the telephone or other messages of target individuals.

Cuba's intelligence activities against the United States have grown in diversity and complexity in the past few years. Press reports of recent espionage cases involving Russia, North Korea, China, and Cuba are just the tip of a large and dangerous intelligence iceberg.

The director of the CIA stated before the Senate Select Committee on Intelligence, 2002, that there are five countries presently conducting electronic espionage that poses a threat to the United States, they are: China, Russia, Iran, North Korea, and Cuba.

Cuba represents a serious threat to the security of the United States in the cyberwarfare phase of terrorism.