Excerpted from: ERRI DAILY INTELLIGENCE REPORT-ERRI Risk Assessment Services-Wednesday, May 20, 1998 Vol. 4 - 140

WASHINGTON (EmergencyNet News) - According to a congressional study, the U.S. State Department's unclassified computer system is vulnerable to hackers and terrorists, while the Federal Aviation Administration has numerous weaknesses in physical security of its computers. The reports by the General Accounting Office, the investigative arm of Congress, were released on Tuesday at a Senate Governmental Affairs Committee hearing into security weaknesses in the nation's public and private computer systems.

At the State Department, the GAO was able to penetrate the nonclassified computer systems and to access sensitive information through dial-up connections.

The GAO report said: "State's sensitive but unclassified information systems can be easily accessed by unauthorized users who in turn can read, delete, modify or steal sensitive information on State's operations."

The GAO found the State Department's Internet security was adequate, however, as its staff was unable to penetrate those systems.

The GAO study found the FAA "was not effectively managing physical security at ATC (air traffic control) facilities. For example, at one facility, an FAA inspection report disclosed that service contract employees were given unrestricted access to sensitive areas without having appropriate back- ground investigations."

Assistant Comptroller General Gene Dodaro told the panel that the FAA assessed security at another aircraft control facility and concluded "that access control procedures were weak to nonexistent and that the facility was extremely vulnerable to criminal and terrorist attacks."

He added that the FAA didn't know if other sites were equally vulnerable because it hadn't checked physical security at 187 facilities since 1993.

The GAO report said: "FAA is ineffective in all critical areas included in our computer security review. Weak Computer Security Practices Jeopardize Flight Safety."

A recent U.S. Central Intelligence Agency report says that many countries are not prepared for the disruption of basic services that the Year 2000 computer glitch may cause.

Sherry Burns, who is studying the issue for the CIA said, "We're concerned about the potential disruption of power grids, telecommunications and banking services" among other possible fallout, especially in countries already torn by political tensions. Burns said CIA systems engineers and intelligence analysts were focusing beyond the technical problem of reprogramming computers to recognize dates when the Millennium comes.

The Central Intelligence Agency has begun to collect and analyze information on preparations for the "social, political and economic tumult" that could flow from interruptions of essential services in some fragile societies. The glitch, known as the Y2K problem, may trigger widespread disruptions because not all computers will be fixed by 31 December 1999.

Burns said that with the world's computer networks largely linked, the use of data that has been converted to the new millennium standard improperly

-- or not converted at all -- could infect newly reprogrammed systems.

According to the CIA assessment, the threat of turmoil is greatest among those unaware of the key role that computers play in providing essential services and bringing goods to markets, even in less developed countries.

Burns said, "There is very little realization that there will be disruption" of basic services as some computers shut down, even among business leaders. She added, "As you start getting out into the population, I think most people are again assuming that things are going to operate the way they always have. That is not going to be the case."

She also said that many governments are "unprepared for what could potentially be some fairly tough circumstances."

In an initial effort to gauge preparations, the CIA received a wide range of feedback in 1997, not all of it very encouraging.

One overseas contact told the CIA his country would be safe because it used a "different calendar." Others acknowledged the issue was not a priority issue. Someone from a Middle Eastern country told the CIA not to worry about the millennium "bug." The Mideast person said, "When we see it, we'll spray it."

According to Burns, Canada, Britain and Australia were about six months behind the United States in preparing their systems for the switch, and this was the group in the best shape. The rest of Western Europe, led by the Scandinavians, came next, six to nine months behind the United States.