There’s always the old-fashioned way. But that takes longer and isn’t as efficient. And lives could be at risk.
These days, police officers travel with computer systems built into their squad cars. With the punch of a few buttons, an officer can link with the state police database, known as LEADS, and instantaneously get the goods on a driver or a vehicle or both.
But for some 325 police departments outside Chicago, the direct connection to LEADS depends on a system hosted by the Illinois Criminal Justice Information Authority. The problem is there’s no independent power source to back up the system should the authority’s Chicago office lose electricity.
Candice Kane, the authority’s executive director, says the authority has been asking the legislature for years to appropriate the $300,000 to $500,000 she estimates it would take to buy a generator for her computer system or to connect the system to an alternative power source that could serve as a backup. But those efforts have been unsuccessful. This year, with the state in a budget crisis, she didn’t even ask.
“The system is so strong and durable and we’ve been so fortunate over the years to not go down very much that I don’t think it’s been necessarily seen as great a risk as it might be,” she says. “But certainly, given what happened last September, I think there’s been a lot more thought put into it.”
There has been a lot more thought aimed at whether terrorists could take down a computer system such as the authority’s in an effort to disrupt government operations. In short, Illinois agencies are on alert for cyber-terrorism.
They’re being quiet about it, though. Mary Reynolds, the governor’s chief technology officer, says the state doesn’t want to hand battle plans to terrorists. While officials are reluctant to discuss specifics — they don’t want to identify potential targets or system vulnerabilities — they clearly are focused on minimizing the chances for such an attack. As a result, they’re examining their systems, everything from mainframes to networks, in an effort to plug any electronic holes.
At the same time, there’s a national push for more research into cyber-security issues. William Wulf, president of the National Academy of Engineering, says comparatively little money has been spent to back research in this area. According to Wulf, that means the research product tends to be more conservative. “When there is not much money around, people don’t propose radical out-of-the-box ideas,” he says. “They work within a comfortable little framework.”
U.S. Rep. Sherwood Boehlert, a New York Republican, is sponsoring federal legislation that would direct $880 million over five years to cyber-security research programs at the National Science Foundation and the National Institute of Standards and Technology. As of mid-April, that measure was pending in the U.S. Senate.
Clearly, there is a balance to be struck: Governments and the people they serve simply are getting more dependent on computers. Vendors doing business with the state can in some cases transact deals online. Last month, taxpayers could file their taxes online. In virtually every arena, computers increasingly are being used to facilitate state services.
But while information technology can help government work more efficiently, increased use of such technology heightens exposure to a cyberattack from terrorists and everyday hackers. And, as communities grow to depend on technology, they become vulnerable when systems malfunction.
nullShould the criminal justice author-ity’s system go down, police officers would not be completely stranded. To tap into LEADS, the state police database, an officer simply would need to radio the department’s dispatcher, who could connect to LEADS and relay information back to the officer. As recently as the mid-1980s, that’s how police officers conducted business.
“The function doesn’t cease even in the case of a disaster and/or simply a power outage,” Reynolds says. “It’s just done by voice instead of by network.”
But the old method takes more time and the information provided is not as comprehensive. And for police officers on patrol, quick and complete infor- mation, including a suspect’s criminal history, is critical. “It’s always a concern to me when we are potentially in a situation where we can deprive a law enforcement officer of information that they need for their safety or security or that of the community,” says Kane, the authority’s director.
The state auditor general’s office, in an audit released last month, paints an even gloomier picture: “Should the systems become unavailable, police officers could be placed in peril, and police resources may be used ineffectively. Should a statewide disaster occur contemporaneously with a service crisis at the authority, the hazard to public safety could be vastly less manageable without the communications network.”
And physical support elements, such as a generator for the criminal justice authority, are just one part of the anti-cyberterrorism equation. While security measures such as fences and doors that restrict physical access to computer systems are critical, officials also are concerned with keeping out electronic intruders.
To that end, government officials are trying to keep up. In Springfield, where the state’s central computer facility is located, the Federal Bureau of Inves- tigation and area computer security professionals monitor developments within their chapter of InfraGard, a federal program designed to help the public and private sectors better protect critical information systems by sharing information.
The U.S. Department of Justice requires that every U.S. attorney have a task force on terrorism. The task force for the central district of Illinois, which is based in Springfield, is deferring much of this responsibility to the governor’s Terrorism Task Force, which has been aggressive in developing terrorism response plans.
“The Illinois people are really addressing the response aspect to a large extent,” says Assistant U.S. Attorney Patrick Chesley, the central district task force’s coordinator. “What we want to be involved in is any investigations for criminal prosecutions or other actions that the government might take.”
Still, the federal task force is examining a number of issues, including cyberterrorism. Chesley says that’s because the U.S. attorney’s office has extensive resources, such as several prosecutors focused on cybercrime. The office is “a little bit better” equipped than the state to handle cybercrime issues, he says.
And keeping up with cybertrends, whether it’s the latest computer virus or the latest firewall to protect an information system, is a full-time job. No sooner has protective technology improved than hackers are burning the midnight oil trying to find a way through.
“You never say never because there’s always a very sharp person out there who spends their days and nights devoted to trying to penetrate a system,” Reynolds says. “For the most part, we have been very successful in being prepared and being able to protect against those things.”
Reynolds is making other efforts to protect the state’s systems: She’s working to establish a council of information “security officers.” In February, the governor ordered each agency to appoint such an officer to be respon-sible for “safeguarding the information technology assets of the agency.” Reynolds wants to assemble those people into the council to help stay on top of information security concerns.
“The most important thing is that it’s got to be everybody’s business,” says Pete Siegel, chief of information technology at the University of Illinois at Urbana-Champaign. “So we’re educating not just the systems administrators on campus but also the faculty that you’ve got to keep your virus protection up on your computer, little things like that. You don’t download things that say ‘I love you’ and it’s from a stranger. Just don’t open it.”
As for hardware concerns, all the players credit the Y2K scare with motivating governments, and businesses for that matter, to modernize computer equipment. The world, of course, survived Y2K, but not before an international mad rush to upgrade systems. And that rush left system administrators better prepared to fend off such threats as hackers or cyberterrorists.
“Those types of systems that could not have lasted through simple changes like the change in the century were older systems and they were the most vulnerable,” says Kenneth Bouche, assistant deputy director of the information technology command at the State Police. “By going through Y2K and eliminating a large part of our most vulnerable systems, we in essence prepared ourselves for the future.”
And while Y2K motivated such positive change, the threat of terrorism, particularly in the wake of the September attacks, also is pushing the state to progress in related technological arenas. In addition to motivating system administrators to be more sensitive to technological trends, the terrorist threat also is pushing the state toward a more integrated criminal justice system.
In December, the governor ordered the creation of the Integrated Justice Information System to develop plans to further integrate criminal justice systems such as those used by judges and law enforcement agencies.
“We’re not just talking about the cop on the street who needs information for an investigation; we’re talking about parole officers and judges and those people who make decisions about whether school bus drivers or teachers should be licensed,” Bouche says.
As for the department’s role as a protector of government information systems, Bouche says that’s nothing new. He says state-level law enforcement agencies are used to protecting information. The twist: They have a new brand of perpetrators.
“No longer do we have to worry about people looking for criminal justice information,” he says. “We have to worry about people trying to disrupt government services.”
Illinois Issues, May 2002
