©1995 Matthew G. Devost
A Thesis Presented
by
Matthew G. Devost
to
The Faculty of the Graduate College
of
The University of Vermont
In Partial Fulfillment of the Requirements
for the Degree of Master of Arts
Specializing in Political Science
May, 1995
[Note: Page Numbers Not Applicable for Electronic Version.]
ABSTRACT
ACKNOWLEDGMENTS ii
CHAPTER 1 - Introduction 1
The Information Age 2
The Knowledge-Based Economy 4
CHAPTER 2 -. New Territory, New Concepts and New Warfare 10
New Concepts: Information Warfare 14
New Weapons 16
HERF Guns 17
EMP/T Bombs 18
System intrusion 18
Emissions capture and espionage 20
Viruses, trojan horses and worms 21
Normal accidents 24
Information Warfare: Isolated Examples 24
Operation Datastream 25
The Hacker Spy 26
Hacker Attacks During Gulf War 28
Infrastructure Attacks 30
The Phone System 31
The Power Grids 33
The Big Picture 34
CHAPTER 3 - The Political Context of Information Warfare 38
What is National Security 38
Political Attractions of Information Warfare 41
Low Cost 41
Timely and Not Location Specific 42
Anonymity 43
Minimal Loss of Human Life 44
First Strike Advantage 47
Offensive Nature of Information Warfare 47
Deterrents to Waging Information Warfare 48
Economic Interdependence 49
Fear of Escalation 52
Lack of Technical Expertise 53
Information Warfare as Terrorism 54
The Realist/Liberal Approach to Information Warfare 56
The Realist Approach to Information Warfare 57
Problems with the Realist Approach 59
The Liberal Approach to Information Warfare 61
Problems with the Liberal Approach 62
The Realist/Liberal Conflict 64
The Strategic and Security Impacts of Technology:
A Historical Perspective 68
Decentralizing the Military: The Conoidal Bullet 69
Information Warfare: The Bushnell Turtle of the Information Age 71
CHAPTER 4 - National Security Solutions for the Information Age 74
The Computer Security Act of 1987 74
Operation Sundevil 76
Information Warfare: A Threat Assessment Portfolio 77
National Security Solutions for the Information Age 80
Step One: Declassify the Threat 80
Step Two: Increase Security 81
Step Three: Increase Vendor Accountability 82
Step Four: Facilitate Private/Public Sector Cooperation 83
Step Five: Conceptualize Our Information Sphere 84
Step Six: Multi-Level Education 88
Step Seven: Use Hackers as a National Resource 90
Step Eight: Global Institutions and International Agreements 95
Conclusion: National Security in the Information Age 96
FOOTNOTES
SELECTED BIBLIOGRAPHY 101
This thesis examines the impact information technologies have had on the national security of the United States. It looks at how these technologies have evolved into a significant component of the economic, military, and social construct of the nation resulting in a transition from the Industrial Age to the Information Age.
It introduces a new paradigm for conflict among nations based upon attacking information infrastructures. The political attractions and deterrents to using these new information warfare methods are discussed at great length. The debate is then placed in a traditional realist/liberal context and examined from both perspectives, suggesting ways in which each side would remedy the national security threat. Historical technological developments are explored and contrasted with new technology to develop hypotheses regarding the future strategic impacts that these new technologies will have.
An increased reliance on information technology which is highly vulnerable to failure and sabotage has created a new risk to the national security of the United States. These vulnerabilities will be exploited during any conventional military conflicts between nation states, but several political deterrents including economic interdependence and fear of escalation decrease their attraction during peacetime. Despite this, the political and strategic attractions of information warfare make it a likely terrorist weapon.
The final chapter offers policy prescriptions and solutions for integrating these concerns into the framework of the United States' grand strategy to decrease the security threat and facilitate international cooperation in this area.
I am greatly indebted to a number of people who have made this thesis possible. First and foremost, my parents, family and friends who have provided unlimited support and encouragement. This thesis is dedicated to them.
A special acknowledgment to Robert D. Steele. From the beginning, he has provided encouragement and opportunity. The scholarship he provided to attend his International Symposium: "National Security and National Competitiveness: Open Source Solutions," allowed me to exchange ideas with innovators and experts from around the world.
Special thanks to Dr. Mich Kabay and the National Computer Security Association for giving me the opportunity to speak at the Second International Conference on Information Warfare.
Within the University of Vermont: Professor Cherie Steele, for her patience and dedication as my thesis advisor; Professors Tony Gierzynski and Tom Streeter, for sitting on my thesis committee; and Professor Tom Rice and the rest of the Political Science department for providing support and funding for my graduate research.
Many others were helpful, perhaps without realizing it: Winn Schwartau, Bob Stratton, Eric Hughes, Emmanuel Goldstein, and numerous members of the digital underground.
Introduction
Conceptions of national security can and do change. A series of new threats to American national security have developed with our transition into the Information Age. New technological developments and an increased reliance on computer-based technology will cause a shift in conceptions of national security for all advanced post-industrial societies. Nations face the danger of having their information infrastructures destroyed, altered, or incapacitated by new offensive technologies. Accordingly, grand strategies must integrate these new threats and vulnerabilities into their general framework. Although Eugene Skolnikoff argues that the vulnerability of large systems is rarely noticed until disruption or catastrophe occurs(1), this thesis argues that these issues must be dealt with pre-emptively to minimize their economic and political costs. Political scientists and political leaders must recognize and examine the threats posed by new technology and how it will effect both national and international political relationships. This thesis provides an introduction to these new technologies and suggests ways they have been utilized in the past to threaten the national security of the United States. The threat is also placed in a theoretical political context by examining how it relates to paradigm-shifting technologies of the past, what its political attractions and deterrents are, and how it would be analyzed and addressed within traditional realist/liberal national security schools. It concludes with policy prescriptions to assist policy makers in the transition to a new national security agenda that includes the concepts examined in this thesis.
The need for work in this area is great. Very little work has been done in the political science field to examine security issues related to information technology.(2) David Ronfeldt argues that "with few exceptions, policy makers and analysts are just beginning to discern how government and politics may ultimately be affected by the information revolution."(3) As a result, this thesis draws from a wide range of material that has been taken from multiple disciplines and weaves it all to reveal national security vulnerabilities and what can be done about them.
The Information Age
The United States is making a transition to a new age. Alvin Toffler referred to this transition as the Third Wave(4), in his 1980 book of the same title.(5) According to Toffler, the pattern of societal development follows a series of waves, each of a lesser timespan than the previous. Toffler writes:
Until now the human race has undergone two great waves of change, each one largely obliterating earlier cultures or civilizations and replacing them with ways of life inconceivable to those who came before. The First Wave of change - the agricultural revolution - took thousands of years to play itself out. The Second Wave - the rise of industrial civilization - took a mere three hundred years. Today, history is even more accelerative, and it is likely that the Third Wave will sweep across history and complete itself in a few decades.(6)
Toffler's predictions about the coming Third Wave were written over fifteen years ago, and the societal revolution he predicted is readily acknowledged today as the Information Revolution.
This terminology is used by the leaders of the United States to describe the transition to a knowledge-based economy. Vice President Al Gore argues that "we are in the midst of an Information Revolution."(7) President Clinton often speaks of the Information Age and during his presidency he has created various working groups and committees to develop the foundations for a National Information Infrastructure.(8) Various scholars argue that the United States has already made the transition into the Information Age and that a majority of our jobs are already knowledge-based jobs.(9) In fact the decline in industrial based jobs looks very similar to the decline in agricultural jobs brought about by the transition from the First to the Second Wave. The swell of the Third Wave is already visible and its crest no longer unimaginable.
The Knowledge-Based Economy
If this coming Sunday, you were to sit down and read the entire New York Times, you would absorb more information in that one reading that the average person absorbed in a lifetime in Thomas Jefferson's Day.(10)
Information revolutions are not new. Gutenberg's printing press launched an information revolution over five hundred years ago. His invention allowed for the mass distribution of information, permitting common men to posses otherwise scarce texts like the Bible. This created less reliance on hierarchical sources of authority for interpretation of texts and granted anyone with the resources to operate a printing press access to large audiences. To take the argument even further, author Kevin Kelly argues that cultural advances, like the printing press "prepared a possibility space that allowed human minds and bodies to shift so that some of what it once did biologically would afterwards be done culturally."(11) Under this view, the printing press served a dual purpose. It revolutionized the way human beings interact and it contributed to our evolution by decreasing the amount of information our minds needed to store. In this regard, the Information Revolution is similar to the printing revolution. Computers increase our capacity to store and search for information externally.
Other mediums of communication might be considered revolutionary as well.(12) One need only think of the changes brought about by the invention of the telephone, radio, and television to realize that information revolutions have their place in history. Each of these technologies increased our capacity to communicate over great distances. In some cases, the communication took place over physical cables, and in other cases the communication took place over frequency waves with no physical connection required. How does this information revolution promise to be different?
The difference is our increased ability to access, distribute and store incredibly large quantities of information in very little time. It is now possible to send the entire Encyclopedia Brittanica across the country in about two seconds.(13) Access to large quantities of information through electronic communications is a realizable goal anywhere there is access to a standard phone line or cellular cell. In the near future, a series of low orbit satellites will allow electronic communications technology to be utilized from any location on earth.(14) In addition to this, the Internet, currently the world's information backbone, is increasing at a rate of twenty-five percent per month and the World Wide Web has been experiencing growth rates of 341,634 percent per year.(15)
With this increase in interconnectivity and information resources, the labor force of a Third Wave nation becomes knowledge-based. Peter Drucker writes:
The basic economic resource - "the means of production," to use the economist's term - is no longer capital, nor natural resources, nor labor. It is and will be knowledge. The central wealth making activities will be neither the allocation of capital to productive uses, not labor - the two poles of nineteenth and twentieth century economic theory, whether classical, Marxist, Keynesian, or neo-classical. Value is now created by productivity and innovation, both applications of knowledge to work. The leading social groups of the knowledge society will be knowledge workers and knowledge executives who know how to allocate knowledge to productive use, just as the capitalists knew how to allocate capital to productive use...Yet, unlike the employees under Capitalism, they will own both the means of production and the tools of production.(16)
Other scholars have expressed similar sentiments. Daniel Bell echoes Drucker's argument when he proposes that "the crucial point about a post-industrial society is that knowledge and information become the strategic and transforming resources of the society, just as capital and labor have been the strategic and transforming resources of the industrial society."(17)
The key financial institutions of knowledge-based societies also become information-based. A majority of the financial transactions within the United States do not involve the physical transfer of capital or physical representations of money such as gold or currency, but rather the transfer of information. For example, when money is loaned between institutions no physical transfer of funds takes place. Instead, the informational representation of money is exchanged. Information now represents money and "finance no longer has anything to do with money, but with information."(18) Whereas industrial societies were concerned with protecting physical capital and providing safe routes for the transport of resources, information societies must be concerned with protecting information and the transfer of information. Where the destruction of bridges was a threat to the national security of an industrial society, the destruction of information networks, especially those involved with financial transactions, is a threat to the national security of information societies.
This is the nature of conflict of the Information Age. Where the politics of the last one hundred years centered around Industrial Age technology, the politics of the future will be based on Information Age concerns oriented towards the storage, protection and exchange of information. The premiere issue of the magazine designed for the Information Age, appropriately named Wired, had this to say about the emergence of new technology.
The medium, or process, of our time - electronic technology - is reshaping and restructuring patterns of social interdependence and every aspect of our personal life. It is forcing us to reconsider and re-evaluate practically every thought, every action, and every institution formerly taken for granted.(19)
The purpose of this thesis is take this concept one step further. It will demonstrate that with the Information Age comes new threats to the infrastructure of the United States. It will show that our reliance on computer technology and our quick transition into a knowledge-based economy has left us vulnerable to attack, and that vulnerability creates difficult political dilemmas that must be dealt with should we wish to continue following the currents of the Third Wave.
In Chapter Two, a new paradigm for conflict based upon attacking information infrastructures is introduced and examples are given to demonstrate how this new paradigm is rapidly developing to threaten the security of Third Wave nations. Chapter Three then places the issue in a theoretical context by examining the political advantages and deterrents to nations utilizing the capabilities of new technology for offensive purposes. The issue is then examined from both the realist and liberal perspective to speculate how each side would respond to the acknowledged national security threat. Similarities to historical technological developments are explored and contrasted with new technology to develop hypotheses regarding the future strategic impacts that these new technologies will have. The final chapter offers policy prescriptions and solutions for integrating these concerns into the framework of the United States' grand strategy in order to decrease the security threat and facilitate international cooperation in this area.
New Territory, New Concepts and New Warfare
What is the National Information Infrastructure? For the purposes of this paper, the NII is defined as the physical and virtual backbone of an information society and includes, at a minimum, all of the following:(20)
This rather broad list has been compiled to demonstrate our current reliance on computer technology. The National Information Infrastructure is usually described as a utopian network for the cooperative exchange of information. However, from a security perspective, the NII encompasses a much more extensive sphere. Not only does it include systems required for the flow of information, but the hardware those information flows have helped create, as well.
Where information flows are concerned, one might separate information content into three distinct groupings with occasional overlaps:
1) Military information, which deals with actual military developments, top secret operations, intelligence, systems control, correspondence between high ranking officials, troop files and credit ratings, general troop activities and lower level correspondence.
2) Business information, which consists of business records, bank transactions, individual credit records, business systems, and other financial transactions.
3) Personal information, which includes individual credit records, personal systems, files and correspondence between individuals.
An attack or threat on lower levels of information, credit card fraud for example, is more of an inconvenience than a national security threat. Replacement costs may be high for this type of information, but the costs are not nearly as high as they are for military or business information. A successful attack on just a few business information systems could cause a severe lag in the American economy. Robert Steele notes that "It costs a billion dollars and takes six weeks to recover from a one day bank failure and we have them all the time."(21) If Wall Street suddenly closed down, or if bank transactions suddenly disappeared the United States would lose hundreds of billions of dollars. It is estimated that the daily value of telephone transactions on Wall Street alone, is in excess of one trillion dollars.(22)
A potential attack on military information, especially that which is classified, poses a national security threat from a strategic standpoint. From a command and control perspective, denying communications capability or altering and destroying intelligence can have profound effects on the capabilities of modern militaries. General Colin Powell notes that "A downsized force and a shrinking defense budget result in an increased reliance on technology, which must provide the force multiplier required to ensure a viable military deterrent... Battlefield information systems became the ally of the warrior. They did much more than provide a service. Personal computers were force multipliers."(23) Whereas Sun Tzu regarded the skillful command of troops as having the potential "of round boulders which roll down from mountain heights,"(24) in today's military it would be round boulders capable of rolling by themselves, both on flat ground and up steep grades. Soldiers in battle are less reliant on a hierarchical command structure and are capable of making more autonomous decisions based on an increased ability to receive and analyze real-time information regarding the condition of the battlefield. In this situation, the emphasis is not on the function of command, but on maintaining the supply and value of the information.(25)
Robert Steele argues that information warfare is "about applied intellect - it is about harnessing intellect and protecting intellect, and it is above all about providing the commander - including the civil commander in the role of political, economic, or cultural leader - with survivable, reliable, decision-support through war and operations other than war, on the home front as well as on the traditional front line - and to do so largely with 'out of control' civil resources."(26) With military command and control placed in this context, threats to national security are present not only when military communications are targeted, but also when civilian support to operations is targeted. One cannot harness the distributed intelligence of a nation if the information content is diverted or destroyed.
What threat is posed to American national security if, during a war, the enemy were able to get information on troop movements or discover flaws in one of our weapons systems? Or if the Soviets, during the Cold War, had been able to access information on the Strategic Defense Initiative or stealth aircraft designs? What if one fourth of all the computer systems in America stopped working one day?
New Concepts: Information Warfare
Information warfare is about destroying information, reducing information flows, reducing the reliability of information content, and denying access to services. Author and security expert Winn Schwartau writes:
Information warfare is waged against industries, political spheres of influence, global economic forces, or even against entire countries. It is the use of technology against technology; it is about secrets and the theft of secrets; it is about turning information against its owners; it is about denying an enemy the ability to use both his technology and his information.(27)
Historical patterns reveal that information warfare is undoubtedly warfare of the future. Traditionally, warfare has followed the different waves of development in society. Science has always been applied to war.(28) Agrarian society saw the development of the crossbow. As scientific capacity increased, so did the weapons societies used in warfare. As nations industrialized, they used their factories to create tanks. As our capacity to understand physics increased, we used nuclear fission to deal devastating blows from high altitudes. Today, computer-guided electronics allow us to deal even more damage from the comfort of an underground bunker thousands of miles away. As we move, or have already moved, into the Third Wave or Information Age, it is only natural that our weapons or means of warfare will follow.
Information warfare, as a concept, is not entirely new. In 1912, when the British cableship Telconia hauled up and cut the five cables that linked Germany to the outside world: (two to the Azores and North America, one to Vigo, one to Tenerife, and one to Brest); the British were waging information warfare.(29) The British recognized the strategic significance of wartime communications and utilized their capabilities to hinder Germany's ability to communicate. Likewise, when the United States intercepted and decrypted Japanese communications intelligence during wartime operations and diplomatic negotiations, the United States was waging information warfare.(30)
The only problem with these examples is that the environment in which they took place is not as relevant today. These attempts at information warfare were waged against industrial societies in which information was just one valuable asset, ranked lower on the hierarchy of strategic importance than protection of the industrial base. Today's Third Wave societies are no longer based entirely on industrial concepts and information has a higher strategic value now than it has had at any point in history. This means that information warfare poses a greater threat to national security in the Information Age than it did in the Industrial Age. In fact, for several reasons illustrated later, information warfare may become the preferred method of conflict among Third Wave nations. General Gordon Sullivan and Colonel James Dubik acknowledge that "To succeed against an industrial state generally requires the destruction not only of its army, but also of the military infrastructure, resources and manufacturing base of the total war-making capability. Achieving victory against an information-based state will entail destroying that country's armed forces, as well as destroying its war-making capability (which may well include industrial and information-related targets) and its information systems."(31) Not only is information warfare an entirely new paradigm for waging war, it must also be adopted as a supplement to traditional and conventional means of warfare if successful campaigns are to be waged.
New Weapons
With a new type of warfare comes a new breed of weapons. In order to understand the vulnerabilities of systems and the capabilities of possible adversaries, a brief overview of offensive information warfare weaponry is required.
HERF Guns. High Energy Radio Frequency guns allow adversaries to create denial-of-service scenarios against a wide variety of targets. The concept behind the HERF Gun is very simple and they are incredibly easy to build. Depending upon the size of the power source used and range or accuracy desired, HERF guns can be designed to take many different shapes and forms. HERF Guns direct a blast of high energy radio signals at a pre-selected target. Schwartau explains:
Electronic circuits are more vulnerable to overload than most people realize, and that weakness is exploited by a HERF Gun. A HERF Gun is nothing more than a radio transmitter, conceptually similar to the real tall ones with blinking red lights on top to keep planes from hitting them. Your portable CB or cellular phone are also radio transmitters, with different purposes, working at different power levels. The HERF Gun shoots enough energy at its target to disable it, at least temporarily. A HERF Gun can shoot down a computer, cause an entire network to crash, or send a telephone switch into electronic orbit. The circuitry within modern computer and communications equipment is designed for low-level signals; nice quiet 1s and 0s which operate within normal limits. The HERF Gun is designed to overload this electronic circuitry so that the information system under attack will become, at least temporarily, a meaningless string of babbling bytes.(32)
The damage that a HERF Gun can do when directed at a variety of creatively selected targets is clearly obvious. Not only is a situation created in which information systems fail, but it becomes extremely difficult to identify the cause of failure.
EMP/T Bombs. Electromagnetic Pulse Transformer Bombs operate under the same principle as HERF Guns; however, they are thousand times more powerful.(33) Also, the damage induced by EMP/T Bombs is permanent. Governments have been concerned with the threat of electromagnetic pulse since the invention of the atomic bomb. A 1980 Federal Emergency Management Agency report concluded that the following hardware would be most susceptible to failure from EMP: computers, computer power supplies, transistorized power supplies, semiconductor components terminating long cable runs (especially between sites), alarm systems, intercom systems, life support system controls, telephone equipment, transistorized receivers and transmitters, transistorized process control systems, power control systems, and communications links.(34)
If EMP/T Bombs were detonated over densely populated urban areas, the results would be disastrous. Not only would all communications and electronic equipment fail, but the city would also experience a blackout, thus creating a prime environment for civil unrest and riots.
System intrusion. Interconnected communications and computer systems are also susceptible to intrusion. Commonly referred to as hacking, system intrusion creates a wide variety of security concerns. Hacked systems can be utilized for information gathering purposes, information alteration, and sabotage. Vulnerabilities exist in almost every externally networked computer in the United States. A report prepared by the Computer Security division of the National Institute of Standards and Technology notes that "connectivity allows the hacker unlimited, virtually untraceable access to computer systems."(35) An entire subculture dedicated to the issues concerning hacking has developed and its numbers increase substantially every year. In the summer of 1994, over one thousand people from around the world descended on New York city for an organized convention called "Hackers on Planet Earth."(36) Being a sensational subject, computer hacking has also generated a lot of attention in the American media. The recent apprehension of known computer hacker Kevin Mitnick generated a plethora of front page stories across the nation. Unfortunately, with this media attention, the term hacker itself has taken on an entirely new meaning. Steven Levy first described hackers as computer explorers, "adventurers, visionaries, risk-takers, artists... and the ones who most clearly saw why the computer was a truly revolutionary tool."(37) Levy's hackers were the pioneers of the computer industry: Steven Jobs, Bill Gates and Stephen Wozniak. These are men who are recognized today as establishing a competitive advantage in personal computer hardware and software for the United States. Today, the term hacker is often used to indicate a computer criminal. This creates a difficult dilemma for those who wish to use the term with positive connotations. For the purposes of this paper, the term is used in both capacities, with the focus not on the intent of hackers or computer criminals, but on their capabilities. Intent, reliability and disposition only come into play when computer explorers are considered a potential national security asset in Chapter Four.
Emissions capture and espionage. Computer hackers can also utilize several tools for the capture of vital information secrets such as passwords or data. Van Eck emissions enable hackers to capture the contents of computer screens from up to two hundred meters away.(38) Devices designed to capture these emissions can be developed at very low cost. To further complicate the matter, current government regulations prevent non-governmental organizations from protecting themselves by installing TEMPEST(39) equipment.(40) Information and telecommunication networks are also easily monitored for information that might be utilized for system intrusion.(41)
Viruses, trojan horses and worms. Viruses, trojan horses and worms have huge destructive potential. Perhaps the greatest threat of the three is the computer virus, a program which has the ability to attach itself to legitimate files and then propagate, spreading much like an infectious disease from computer to computer as files are exchanged between them. The more interactivity a computer has with other computers the higher the chance of it contracting a virus. The virus continues to hide itself until a certain criterion is met. These criteria change from virus to virus, but some of the most deadly are viruses that wait a certain length of time before initiating their destructive capabilities. This insures that the virus has had enough time to copy itself to many systems, thus increasing its damage potential. Once the criteria are met, the virus can attack a system in one of many ways: by erasing files, destroying hard disk drives, or corrupting databases.
Imagine a virus that spreads to a bank computer and then randomly modifies numbers within a database, or simply causes the bank's computers to shut down. The potential for damage is enormous, but it is mostly monetary damage. Now imagine that same virus attacks a hospital computer system. Human lives are at stake, making that virus a tool of murder no less dangerous than a loaded weapon. Viruses are very difficult to protect against because a copy of the virus is often needed to create a vaccine or program to detect it. We do not usually find copies of the virus until they have caused damage. It has been estimated the cost of removing the viruses infections over the next five years will be over $1.5 billion - not taking into account the value of the data that will be destroyed.(42) There are already many documented cases of companies losing millions of dollars in business and thousands of hours of computing time due to viruses attacks.(43) That number will only increase in the future.
By 1992 there were over 1,500 catalogued viruses in the West, with that number expected to have doubled by the end of 1993(44) One of the most popular was the Michaelangelo virus, which received news coverage on all the major television networks. What many Americans do not understand is that Michaelangelo is just one of many potential attackers of their computer systems. In Bulgaria, companies have set up virus factories producing more viruses than the anti-virus industry can combat. How should the U.S. deal with companies whose only concern is to produce destructive software? This is one of the many questions we must ask ourselves when creating policies to ensure safe computing in future years.
The trojan horse derives its name from the famous attack on the city of Troy, and operates much like the trojan horse of ancient times. A trojan horse is a program that pretends to be a benign program but is really a program of destruction. The program tricks the user into running it by proclaiming to perform some useful function; however, once initiated it can be as destructive as a virus. Trojan horses are less of a danger because they are easily destroyed: one simply deletes the program, since they contain no means of copying themselves independently.
The worm operates much like a virus, but is can travel along a network on its own. Perhaps the best known worm was the one created in 1988 by Robert Morris, the son of an National Security Agency official. Morris created a worm to seek out sites on the Internet by traveling along its many connections and copying itself onto remote computers. Morris' worm was not created to damage any systems, but he made an error in designing the program. This error caused the worm to begin propagating itself at an exponential rate, slowing down Internet sites and causing communications to come to a standstill. The reaction among Internet users and system administrators was mass hysteria. The following are some highlights of the events as they unfolded over the course of twelve hours
5:00 p.m. - Morris launches his worm onto the Internet
8:00 p.m. - System operators at computer systems across the nation begin noticing that something is slowing their computer system down.
2:38 a.m. - The virus has spread onto many systems including the Lawrence Livermore National Laboratory, NASA Ames Laboratory, Los Alamos National Laboratory, and the Department of Defense's Milnet network.
- A worried system operator releases the following message onto the Internet. "We are currently under attack by a computer virus."
5:00 a.m. - An estimated 6,200 computers have been infected in the course of 12 hours. System operators begin breaking network connections to protect their systems. Later calculations revealed that only around 2000 computers had been attacked.
Days later, system operators were still cleaning up and containing the Internet worm which had caused over one million dollars in damage.(45) Morris was convicted for the damage initiated by his worm and sentenced to three year's probation, a $10,000 fine and four hundred hours of community service.(46) Though Morris's actions were illegal, he managed to expose the vulnerability of the computer networking system. If one college student could do so much damage by accident, what could a rogue nation or terrorist group do on purpose?
Normal accidents. In his 1985 book, Charles Perrow discusses threats posed by accidental failure of advanced technology.(47) The same threats exist with computer technology and information systems. It is not uncommon to read in the newspaper about power lines being cut causing airports to shut down for extended periods of time or for unexplainable electronic gremlins to cause multiple failures at great cost. This was the case in Chicago in September 1994 when several unexplainable electronic failures shut down airports and financial institutions throughout the city.(48)
Information Warfare: Isolated Examples
Although there have been several examples in which national security has been breached in the past five years, no single event constitutes an enduring national security threat. But collectively, these events highlight a national security threat based upon internal weaknesses in the security of information technology systems in the United States.
Operation Datastream
Recently released information reveals that a sixteen-year-old computer hacker from Britain was able to infiltrate United States Department of Defense computer systems for seven months without being detected. He obtained access to ballistic weapons research, aircraft design, payroll, procurement, personnel records and electronic mail. In all, over one million passwords were compromised. The Ottawa Citizen reports that "the U.S. Defense Information Systems Agency admitted in a private briefing, which has been confirmed, that the hackers had affected the departments' 'military readiness'."(49)
It is also believed that the hacker had access to sensitive and classified computer databases regarding nuclear inspection details in North Korea.(50) The security implications in this case are intensified by the fact that information could have been altered. Had the North Korean government had access to this information, it is possible that they might have altered databases and communications to assist their development of nuclear weapons. In fact, there is no evidence to suggest that North Korea was not involved in operations of this sort on its own. It is acknowledged that the only reason the British hacker was caught is because he left his computer terminal connected to a U.S. defense computer overnight.
This is obviously a case where information warfare techniques have substantial implications. Nuclear weapons are regarded as one of the most devastating threats to the physical security of nation states. This case demonstrates that information warfare can be used to assist nuclear proliferation, creating two major security concerns. North Korea might have been able to alter inspection reports and falsify data to cover up their nuclear proliferation efforts, or it might have utilized the information to find out which sites the United States was targeting for inspection.
The Hacker Spy
Perhaps the best publicized account of a hacker breaking into U.S. military computer systems took place in 1986 when Cliff Stoll at the Lawrence Berkeley Laboratory (LBL) discovered a German hacker using the university's computer to access sensitive databases. Stoll's adventure began when he found a seventy-five cent error in the LBL accounting system that tracks system usage and then bills the correct party. By exploring the accounting software, Stoll found that a user named Hunter had used seventy-five cents worth of computing time in the last month. Stoll also discovered that Hunter did not have a valid billing address, so he had not been properly charged. Through much work, Stoll discovered that Hunter was in fact a computer intruder, a hacker using LBL's system to access other systems. In most cases the user would have been shut out, but Stoll, an astronomer by trade, not a computer security expert, decided to track the activity of the hacker.(51)
When Stoll first discovered that the hacker was accessing military computers, no one believed him. The people in charge of maintaining these sensitive systems did not know, nor did they believe, that a hacker had entered their system. Stoll had a even harder time trying to convince law enforcement agencies that this was indeed a crime worthy of having the hacker's call traced. This one hacker attempted to break into many military computer installations including the Redstone Missile Command in Alabama, the Jet Propulsion Laboratory in Pasadena, and the Anniston Army Depot. In many of the cases the hacker successfully gained full access to computer systems and searched for keywords like stealth, nuclear, White Sands and SDI.(52) When he found the files he copied them to his home computer.
The search for the hacker continued for almost a year. The activity was eventually traced to a West German citizen named Markus Hess. Hess, a member of the hacker group called the German Chaos Computer Club, used the pseudonym Pengo among his colleagues. He was known as one of the best hackers in the Hannover area. On February 15, 1990, Hess and two colleagues were convicted of espionage for selling secrets to the KGB.(53)
Surely one must look at this case as a threat to U.S. national security, especially in the context of the Cold War. Gone are the days of searching for Ivans in elite factions of the U.S. military. Now any twenty-year-old German drug addict can accomplish the same thing from an apartment in West Germany. The vast computer networks gives him the means, and the lax security of the United States computer systems allows him to gain access to them and compromise national interests.
Hacker Attacks During Gulf War
The United States inability to protect its computer systems was demonstrated by attacks on Department of Defense computer systems during the war with Iraq. Testimony before a Senate committee confirmed that during April and May of 1991, computer hackers from the Netherlands penetrated thirty-four Department of Defense computer sites. Here are few highlights from the report:
At many of the sites, the hackers had access to unclassified, sensitive information on such topics as (1) military personnel--personnel performance reports, travel information, and personal reductions; (2) logistics - descriptions of the type and quantity of equipment being moved; and (3) weapons system development data. Although the information is unclassified, it can be highly sensitive, particularly during times of international conflict. For example, information from at least one system, which was successfully penetrated at several sites, directly supported Operation Desert Storm/Shield. In addition, according to one DOD official, personnel information can be used to target employees who may be willing to sell classified information.(54)
U.S. soldiers put their lives on the line to fight a war for a country that cannot even protect the sensitive information related to their activities, let alone personal data that could be used against their families. What is most distressing about the report is its conclusion that the hackers exploited known security holes to gain access to a majority of these systems. The United States government knew that these security holes were there, yet it did nothing to fix them. The report also indicates that the hackers "modified and copied military information,"(55) and that many of the sites were warned of their vulnerability but failed to realize the implications. The report ended with a warning of things to come: "Without the proper resources and attention, these weaknesses will continue to exist and be exploited, thus undermining the integrity and confidentiality of government information."(56)
The Dutch hackers are one of the most respected hacking groups in the world. Luckily for the United States, the Dutch exploits were for educational purposes only. Their attacks were blatant, open and recorded by video.(57) In order to ensure that their explorations were noticed they created a user account named after Vice President Quayle. Had the Dutch hackers been acting with malicious intent, or under the sponsorship of another nation state, who knows how much damage they could have inflicted on Allied operations in the Gulf War.
Infrastructure Attacks
The three examples given above demonstrate instances where sensitive military information was accessed, erecting a breach of security with serious national security implications. Although these attacks were dangerous, they caused very little damage to the flow of information. Attacks that target information infrastructures with the intent to damage information flows are of equal, if not greater, concern.
In an information-based or knowledge-based economy, denying access to information transfers causes economic instability. However, due to the infancy of the information-based economy and an increased hesitance to report instances where damage is incurred, there are very few examples in which individual actors have inflicted this sort of damage. Instead, this section will focus on examples of accidental failure that demonstrate vulnerabilities in the infrastructure of Information Age societies.
The Phone System
On January 15, 1990 seventy million phone calls went uncompleted.(58) In Queens, New York two teenage hackers wondered if they were to blame for the outage.(59) The phone company also wondered if hackers might be at fault as well. In fact, several hackers were being closely monitored for illegally accessing, altering and using various phone switches. As it turned out, a programming error was to blame for the failure, however, a sense of urgency regarding the security of the phone networks was established.(60)
Crashes since then have not been uncommon. Steven Bowman writes:
Telephone switching stations which are scattered about the U.S. cities are crucial to our communications network. They are squeezed into any number of unprotected locations. In 1992, a failed AT&T switching station in New York put both Wall Street and the New York Stock Exchange out of business for an entire day, with an estimated loss of billions of dollars in trading value. The failure resulted in 4.5 million blocked domestic long distance calls, nearly 500,000 interrupted international calls, and the loss of 80 percent of the Federal Aviation Administration's circuits. A similar failure on November 5, 1991, in Boston resulted in a 60 percent loss of calls in that area.(61)
Today, the security of the phone networks upon which rely for everyday communications and business transactions is still questionable. Reports, detailing the recent arrest of America's most wanted computer hacker, Kevin Mitnick noted that Mr. Mitnick manipulated telephone company switches to disguise his whereabouts.(62)
We rely on telephone communications daily. Many American businesses would be unable to function without them. Not only is there an inherent vulnerability of this service being denied, but phone lines can also be manipulated to divert calls to competitors or can be eavesdropped upon. In what has been called the Hacker Wars, competing hacker groups within the United States used such techniques on a daily basis. Not only did they manipulate phone switches, but they also gained access to numerous private computer networks, including some military sites. Though losses were minimal, it is only because phone system crashes have been isolated and uncoordinated. Should someone target several large phone networks at once, the results would be more than an inconvenience. It would have a devastating effect on the economic prosperity of many businesses. Should the denial of service be maintained for extended periods of time, many businesses, government agencies, and even some military installations would be electronically paralyzed.
The Power Grids
Power grids, like telephone networks, are prone to failure, both accidental and intentional. Stephen Bowman writes:
The United States power system is divided into four electrical grids supplying Texas, the eastern states, the midwestern states and the northwestern states. They are all interconnected in Nebraska. A unique aspect of the electrical grids, as with communication grids, is that most built-in computerized security is designed to anticipate no more than two disruptions concurrently. In other words, if a primary line went down, the grid would ideally shut off power to a specific section while it rerouted electricity around that problem area. If it ran into two such problems however, the grid is designed to shut down altogether.(63)
The national security implications of major power failures are obvious. Blacking out several large cities at once would result not only in large economic losses, but would likely spawn civil unrest and chaos. One need only think of the damage inflicted by the Los Angeles riots in 1992. For social reasons, outside the realm of this paper, our cities have become highly unstable and prone to disruption. Amory B. and L. Hunter Lovins note that "However caused, a massive power-grid failure would be slow and difficult to repair, would gravely endanger national security and would leave lasting economic and political scars."(64)
The Big Picture
Are you telling me that we spend almost $4 trillion dollars, four goddam trillion dollars on defense, and we are not prepared to defend our computers?(65)
Isolated incidents of electronic communications, computer, and power failures are inconveniences with heavy price tags, but they are not a threat to the national security of the United States. Accidents happen. We are prepared to deal with most. We are not, however, prepared to deal with an internal or external attack on our entire information infrastructure as defined earlier in this chapter. Nor are we prepared to deal with the domestic and international political consequences that such vulnerabilities create, as will be discussed in chapter three.
I wish to conclude this chapter by bringing all the pieces together in a hypothetical threat assessment so that an in depth evaluation of the security implications can be discussed. It is estimated that with as little as 1 million dollars and less than twenty well trained men, the infrastructure of this nation can be brought to its knees.(66) More conservative figures estimate it at 100 million dollars and 100 men.(67) Never before in history, has new technology created such vulnerabilities to national security at so low a cost to the attacker.
Imagine a well trained team of saboteurs, operating over several years, infiltrating several high technology companies like Microsoft or Novell, a few major automobile manufacturers, or a couple of airlines. Viruses or trojan horses are timed to detonate on a certain day, rendering computer systems inoperable. A small team of hackers infiltrates large computer, telecommunications and power centers preparing them for denial of service attacks. Another team constructs several large EMP/T bombs and HERF Guns to be directed at targets like the Federal Reserve and Wall Street. Doomsday arrives and the countries electronic blood stops flowing. No transfer of electronic funds, no stock exchange, no communications and power in a majority of locations, no traffic control, no air travel. At this point, what is the situation? Our physical integrity has been maintained, the loss of life has been minimal, and we have no one to blame. Has our national security been breached? Information warfare and intelligence expert Robert Steele argues that the United States can not recover from a similar, even if much smaller, attack:
We can not afford the luxury of waiting for an electronic Pearl Harbor to mobilize public opinion, for two reasons: first, because the catastrophic outcome of a major electronic disaster, one which degrades or destroys major financial centers - eliminating trillions of digital dollars- or other key elements of our national fabric, is not supportable by our existing economies. We cannot afford the cost of the time to reconstitute our civil sector. The second reason is more frightening: it is highly unlikely that we will be able to prove with any certainty which nation, organization or individual was responsible for the attack.(68)
Consider the following report by Robert Ayers, Chief of the Center for Information Systems Security. Mr. Ayers group recently used readily available hacker tools freely available on the Internet to test the vulnerability of U.S. systems. He found that:
88% of the time they are effective in penetrating the system,
96% of all system penetrations are undetected, and
95% of the instances where penetration is detected, nothing is done.(69)
According to a report in OSS Notices, Mr. Ayers "estimates that only 1 in 1000 successful system penetrations is ever reported and that in any given year government systems are illegally accessed, though not necessarily maliciously so, at least 300,000 times."(70)
On the virus front one U.S. government organization found 500 software and hardware viruses in a single year, all of which were intercepted and scanned at its loading dock in the original shrink-wrapped packaging.(71) These problems will only continue as information networks continue to grow at exponential rates and as viruses are created faster than we can detect them.
Ivan Bloch has stated that the "future of war [would be] not fighting, but famine, not the slaying of men but the bankruptcy of nations and the break-up of the whole social organization."(72) The transition into the Information Age makes such a vision all the more plausible. Where national security is concerned, information networks have created a tunnel to the center of our vulnerability, usable by any nation or collective of individuals at their discretion.
The Political Context of Information Warfare
Ultimately, information warfare must be seen in a political context. How should nations deal with the threat posed by information warfare, both internally and internationally? What are the political and strategic attractions of waging information warfare? What are the deterrents? Should nations be concerned with capabilities or intentions? How does information warfare compare with traditional concepts of national security and the development of other new technologies? The purpose of this chapter is to answer these questions, demonstrating how the concept of information warfare fits within the framework of traditional national security studies, but, in order to find solutions, we must move beyond them.
What is National Security
Much work has been dedicated to the study of what comprises national security. At its simplest level, a nation's security has been defined as "no more than the total of the individual's perceived sense of security."(73) More encompassing definitions suggest that national security entails the "range of physical threats that might arise for the nation and the force structures, doctrines and military policies mobilized to meet those threats... also those internal and external factors - such as economic or technological change - that might arise and whose direct or indirect effect would be to diminish or to enhance the nation's capacity to meet physical threats."(74)
Using this definition alone, information warfare can be categorized as a national security threat. Given the vulnerability of military information networks and the military's reliance on commercial communications paths for ninety-five percent of its communications,(75) information warfare can hamper the military's ability to respond to conventional threats. The military's reliance on computer technology for digital mapping and intelligence also creates a vulnerability to our conventional military forces. It took two months to meet the digital mapping requirements to use Tomahawks in Gulf War.(76) Had the threat been immediate, the United States would not have been able to utilize its smart weapons capabilities and collateral damage would have been higher. Also, EMP/T bombs can be used to destroy radar installations with little to no human deaths, as they were in the Gulf War,(77) thus decreasing a nation's ability to respond to missile and aircraft threats.
To fully realize the potential threat of information warfare, the definition of national security must be broadened. The economic arguments of scholars like Luttwak, Thurow and Prestowitz(78) must be included in our definition of national security. Is United States national security threatened if our ability to maintain a prosperous economic system declines? If so, how might other nations gain competitive advantages against U.S. industries and financial markets using information warfare techniques? How might electronic eavesdropping through Van Eck emissions capture and communications interception be used to threaten national security by threatening American prosperity? The recent expulsion of five alleged American spies from France demonstrates that other nations consider industrial espionage a serious threat.(79) Unfortunately, this area is too large to deal with in the confines of this paper, but this prosperity aspect must be drawn into an expanded definition of national security to realize the threat posed by information warfare.
Information warfare endangers not only our ability to respond to physical threats, but our economic prosperity, as well. Traditionally, our ability to remain prosperous has been directly linked to physical threats. In the Information Age this is no longer true. Economic prosperity, indeed the very lifeblood of our economic identity, can be destroyed without any physical damage being inflicted. Once the threat is recognized, one must ask: In this post-Cold War world, why would states want to wage information warfare against each other?
Political Attractions of Information Warfare
Politically and strategically there are many attractions to state-sponsored information warfare. It is low cost, timely, not location specific, provides no early warning, is not taboo, inflicts low human life costs, and can be waged in complete anonymity. Each of these must be examined at length before a clear understanding of how information warfare is strategically and politically advantageous can be achieved.
Low Cost
Information warfare is relatively cheap to wage. You get a high return on your investment with information warfare techniques. Both Steele's and Schwartau's estimates of what it would cost to reduce the United States to information rubble ($1 million and $100 million respectively) are incredibly cheap when compared to the cost of conventionally military weapons. This makes offensive information warfare attractive to Third World states and offers them the same basic capability to inflict damage on information infrastructures as Second and First World nations.
Timely and Not Location Specific
Information warfare is timely and it is not location specific. Information warfare can be waged at the drop of pin, to steal an analogy from the telecommunications industry. There is no early warning system for information warfare. You don't know it is coming, so you must always anticipate it. This creates a high level of paranoia. No radar can pick up a long distance phone call from overseas, yet that one phone call may cause more monetary damage that a dozen planes carrying conventional bombs. The World Trade Center is a perfect example. The damage to the flow of information, estimated at over $1 billion(80), proved to be more costly than the structural damage inflicted on the building. Viruses can be imported into the United States through information networks, telephone lines, or on simple floppy disks which do not attract the attention of U.S. Customs Inspectors.
Although a well-planned information warfare attack might take several years to orchestrate, it can occur instantaneously. To uncover plans for such an attack would involve a great deal of investigation and intelligence or a stroke of luck. Most of the actors would be invisible, both to the victim and to each other. Most of the preparatory work for lower levels of information warfare can be done outside the traditional territorial boundaries of the victim nation. Other forms of information warfare, (HERF Guns, EMP/T Bombs) require the breaching of international boundaries, thereby allowing greater capabilities to those nations that have easier access to U.S. visas or are subject to less stringent immigration regulations. However, as the World Trade Center bombing proves, our nation's boundaries are capable of being breached by any foreign nationals or terrorists with malicious intent.
Anonymity
Information warfare can be waged anonymously. Anonymity is the nature of new technologies, especially telecommunications. An anonymous attack creates two problems. Not only has a state's national security been breached, but there is no one to hold accountable for the attack. This makes information warfare very attractive tool to covert operators. However, given the nature and intent of terrorism, it is highly unlikely that terrorists will remain anonymous while engaging in information warfare, since it is in their best interest to claim the damage they have inflicted.
Political dilemmas arise in the victim state when citizens demand retribution. The government has no target. The result will be political instability as citizens focus blame on the government for allowing this to happen. It might even be possible to collapse a particular political system with prolonged, systematic anonymous attacks.
We need computers in our lives, but we do not trust them. Winn Schwartau calls these conflicting feelings "binary schizophrenia."(81) When used anonymously, information warfare plays on feelings of binary schizophrenia causing insecurity and chaos. In this regard, anonymous information warfare is comparable to the German blitzkrieg of World War II. It makes an impact on the citizenry as well the government. Targets can be strategically selected to generate the maximum amount of chaos and insecurity possible.
Minimal Loss of Human Life
Information warfare can also be waged to minimize the amount of human life lost within the target nation. This makes information warfare techniques politically attractive since there are no global taboos associated with waging war against machines. Jeff Legro gives three reasons why states might restrain from using certain weapons or means of warfare. He argues that "countries may pursue restraint because popular opinion vilifies certain weapons; because leaders calculate that escalation would damage their domestic and international political support; or because states fear retaliatory attacks."(82)
How does information warfare fit within this framework? Because information warfare causes low levels of human casualties and structural damage, there is little reason to believe that popular opinion will vilify it. In fact, populations will not even know information warfare is being waged against them until it is too late. Even at that point, very few people will understand the methods used. Therefore it is highly unlikely that information warfare will be considered an inhuman way to pursue diplomacy by other means.
Also, there is little reason to believe that using information warfare will be politically damaging to the aggressor country. Information warfare's anonymity assures that the aggressor will be identified only if they wish to be. When information warfare is waged by one nation against another without anonymity, the political outcomes would resemble those of traditional warfare. Strategic alliances could be formed and some states could chose to remain neutral, though it is highly unlikely that neutral states will be able to avoid the global economic aftershocks of high intensity global information warfare.
If waged without anonymity, it is very likely that a victim nation would respond to information warfare with retaliatory strikes. In this regard, fear of retaliation or escalation will act as a deterrent to using information warfare. However, the first strike advantage of information warfare might neutralize any fears regarding retaliation using counter information warfare, leaving victim nations with the difficult decision of responding with conventional military force.
In Legro's essay he uses three examples to demonstrate that military culture is a strong factor determining when alternative or taboo forms of warfare will be used. Since information warfare is a relatively new concept, it is doubtful that it has been fully adopted by the military culture. However, recent trends indicate that information warfare is an area that is getting a great deal of attention and increased funding in an age of reduced military budgets. This shows that the military culture perceives information warfare as a reasonable and perhaps preferable form of warfare. At least three branches of the United States Armed Services have publicly admitted to concentrating on information warfare concerns.(83) Aerospace Daily reports that "Major advances in information technologies are spurring the U.S. Air Force to mainstream information warfare into its operations by incorporating information warfare into its doctrine."(84) With Legro's thesis in mind, perhaps the military culture will accelerate the use of information warfare as a method of conflict resolution. The use of information warfare techniques by the Allied forces in the Gulf War indicate that the military culture has already accepted information warfare as a supplement to conventional military tactics.
First Strike Advantage
In information warfare there is a huge first strike advantage, but only if the goal is unlimited destruction and anonymity is utilized to prevent a conventional response. There is a high correlation between the extent to which a nation damages its enemy's information capabilities and their ability to respond using purely information warfare techniques. A nation can execute this first strike anonymously if it so desires, thus delaying retaliation indefinitely.
The first strike advantage of information warfare complicates matters further by creating a security dilemma in which those countries exercising the greatest amount of restraint will likely incur the most damage. In information warfare, a first strike decreases the likelihood and may even prevent an adversary from responding. The strategic advantages of waging a first strike means that nations will always keep a finger on the trigger. In an anarchic international system, hostilities or conflict might escalate quickly into information warfare in an effort to generate a strategic advantage over one's adversary. If conventional conflict is inevitable, then whoever destroys their adversary's information systems first, gains a strategic advantage in battle.
Offensive Nature of Information Warfare
Information technology and computer systems, are vulnerable by nature. Therefore, taking defensive measures against the information warfare threat will always be difficult and costly. Improving the defense of information systems also contributes to the security dilemma since decreasing one's susceptibility to information warfare increases the attraction of using information warfare offensively. There are, however, as will be examined in the next section, several deterrents to waging state-sponsored information warfare among technologically advanced nations that will entice states to pursue defensive postures. In order to neutralize the security dilemma presented by defensive postures, states may share defensive technologies to ensure that a defensive equilibrium is maintained. This serves a dual purpose: a relative balance of power is maintained among states; and the offensive threat of rogue states or terrorist entities is reduced. Though states will want to maintain offensive "just-in-case" capabilities, security is best maintained, due to the nature of the threat, by developing defensive capabilities.
Deterrents to Waging Information Warfare
Among technologically advanced nations, there are several deterrents to waging information warfare. Factors such as economic interdependence, fear of escalation, and lack of technical expertise detract from the advantages of state sponsored information warfare
Economic Interdependence
Perhaps the most useful definition of economic interdependence in any discussion of information warfare, is the one put forth by Richard Cooper. He uses the term to "refer to the sensitivity of economic transactions between two or more nations to economic developments within those nations."(85) Focusing on economic sensitivity allows us to disregard conventional measures such as trade surpluses and deficits and look at the interlinked effects of economic stability between interdependent nations.
Our focal point, from the information warfare perspective, must be upon the extent to which interdependent nations will feel the economic aftershocks of economic instability. Should the U.S. fall victim to information warfare directed at our financial institutions, what effect would it have on the economic stability of the European Community or Japan and the Pacific Rim nations? If interdependence is to act as a deterrent to information warfare, then levels of interdependence must be high enough as to ensure that the costs of waging information warfare outweighs the benefits. According to Rosecrance and Stein, the interdependence of the financial system is now formal because we have vested interests in not letting the reserves of foreign currencies drop below a certain threshold which would harm our own economy.(86)
With the realization that information warfare has devastating economic effects, interdependence will act as a disincentive to state-sponsored information warfare. Economic interdependence introduces new complex variables into offensive information warfare strategies. Joseph Nye notes that there is power to be derived from making oneself less interdependent with other nations.(87) This is especially true where information warfare is concerned. The effectiveness of offensive information warfare is increased as benefits exceed costs. One benefit of less interdependence with the target nation is that economic aftershocks will have less effects on the aggressor's economy. Decreasing economic interdependence might be seen as a precursor to waging information warfare, but is not a readily realizable goal for most technologically advanced nations. Reducing levels of economic interdependence is costly for two reasons: the benefits of interdependence can no longer be extracted and distributed among the citizenry, perhaps decreasing a nation's prosperity; and domestic political constraints can disrupt the nation's internal balance of power. The domestic sectors of society that benefit from interdependence (multi-national corporations, financial institutions, and other investors) will likely logroll interests to prevent the breaking of interdependent links.(88)
A decreasing level of economic interdependence also contributes to the intensity of security dilemmas and increases the likelihood of escalation. Decreasing economic interdependence might be interpreted as a threatening posture, especially if one nation is more susceptible to attack than the other, as is the case with the United States and most of its trade partners. Increasing economic interdependence, however, might be seen as increasing relative security, especially for the nations most susceptible to attack. This creates difficult policy decisions since traditional forms of negative foreign policy, like economic sanctions, become less effective and perhaps even threatening. If one nation is perceived as a threat, then the most effective way of deterring that nation from attacking is to make the costs of information warfare exceed the benefits. This can be done by threatening to use conventional military force or increasing levels of economic interdependence.
It must also be noted, that interdependence does nothing to prevent states from waging information warfare against specific corporations of economic sectors to increase comparative advantage in those areas. Since such actions are being taken by allies of the United States such as Germany, France and Japan(89), interdependence becomes an ineffective deterrent. Fear of escalation will act as a more effective deterrent, or at least will place limits on the extent to which limited information warfare can be waged.
Fear of Escalation
It has already been demonstrated that the military culture will probably use information warfare methods as a strategic supplement to conventional methods in any military conflict and that the escalation of information warfare is likely. But does the reverse hold true? Will information warfare escalate to conventional military conflict? In order for the fear of escalation to act as a deterrent, information warfare must be allowed to escalate into military conflict. A country will not wage information warfare, especially against a country with strong military capabilities, if they fear that the situation might escalate into military conflict.
Under these circumstances, information warfare becomes highly politicized and the domestic bases of power can be compromised. It is important that political leaders declare ahead of time, the value of information systems and assure the international community that conventional military tactics, even though they involve the loss of human life, will be used to counter information warfare attacks.
Given the fact that information warfare causes minimal loss of human life, response will be difficult for nations without strong information warfare capabilities. The urge to respond using Industrial Age warfare techniques will be great, but justifying such responses will be difficult unless the value of these information systems is declared before they are attacked. A press release saying "any attack on the information infrastructure of this nation will be viewed as an act of war and any state sponsored information warfare may be responded to with military strikes," may seem a little drastic, but information warfare can not be taken lightly. This type of warfare erodes a nation's strength, destabilizes its economy, and threatens its autonomy. Such responses might be necessary and will certainly be advocated by many policy makers should the circumstances arise. In order for the fear of escalation to work as a deterrent to information warfare, this position must not only be advocated, but adhered.
Lack of Technical Expertise
Lack of technical expertise is perhaps the weakest deterrent to information warfare. It is not really a deterrent, but what Bruce Sterling has referred to as a "protective membrane" of computer literacy.(90) It is foolish to think that this protective membrane prevents any nation state from developing information warfare capabilities. If they don't have the experts in-house, they can import them from another country, whether it be a scientist from Russia or hackers from the United States. While interviewing a very prominent U.S. hacker, I discovered that his most lucrative employment offers came from nations developing strong offensive information warfare capabilities.(91) This export of U.S. security experts might be viewed as a security threat in itself.
Information Warfare as Terrorism
Given the offensive nature of information warfare and acknowledging that in most circumstances the deterrents of waging non-anonymous information warfare among technologically advanced nations outweighs the advantages, information warfare becomes a very attractive terrorist tool. When waged anonymously or by non-state entities, all of the advantages of information warfare are present but the deterrents are not. Economic interdependence means nothing to terrorist groups, therefore, the most powerful deterrent becomes neutralized. Fear of escalation also does little to deter information terrorism since most acts will be committed anonymously or by groups who do not fear military retaliation. Lack of technical expertise still acts as a deterrent to some extent. However, offensive information warfare weapons are easily built using open source material. Lack of resources does little to prevent information terrorism, but lack of patience may help minimize and isolate the damage to levels which do not threaten the autonomy of a nation. Quite possibly, the greatest deterrent to information warfare being used by terrorists, may be the United States' lack of policy regarding these areas. Terrorists may feel that an information warfare attack will not generate enough controversy and may conclude that bloody bombs are more effective than EMP/T ones for their purposes. This deterrent, however, will evaporate as the United States recognizes the importance of its information systems, and as terrorists realize how much economic damage they can inflict.
Where terrorism is concerned, Legro's three constraints might have adverse influences, perhaps causing terrorists or rogue states to pursue information warfare rather than restrain from it. Within terrorist organizations or rogue states there is no popular opinion to vilify the use of certain weapons or means of warfare. Moreover, the popular opinion of those represented by terrorists may vindicate the use of weapons that maximize damage or inflict the greatest pain on the target. Leaders of these groups or states may use these weapons to gain domestic support, and may have little apprehension about loosing international political support since such support is usually negligible in the first place. In addition, terrorists or rogue states seek retaliation, rather than fear it, because retaliation focuses attention on their organization and their cause.
For these reasons, terrorists are likely to utilize non-anonymous information warfare because the benefits far exceed the costs. As knowledge disseminates, the number and locality of the threats will increase as well. Mr. Schwartau often speaks of cyber-civil disobedience. This disobedience may take the form of information terrorism. After the California couple who ran the Amateur Action BBS in California were sentenced to jail in Memphis Tennessee for violating Tennessee pornography standards(92), messages circulated on the Internet requesting volunteers to help take down the Memphis phone and power grids to protest the use of local community standards for information transfers that take place on phone lines. Whoever posted these messages was soliciting help to conduct information terrorism. Anarchists have talked about creating information anarchy should the commercialization of the net continue. Again, this would be information terrorism in a very limited sense.
This numerous and diverse array of potential threats, substantiates the proposition that information warfare is best averted by concentrating resources on defensive initiatives. Information terrorism can be decreased by making the costs exceed the benefits. This can only be done by reducing the potential for damage to our information infrastructure should the United States be attacked.
The Realist/Liberal Approach to Information Warfare
Ultimately, information warfare must be addressed in a political context. How does information warfare fit into traditional conceptions of national security? How will states approach the problem and what kind of political conflicts and tensions will develop along the way? This thesis argues that information warfare fits into traditional national security debates. Several correlations can be drawn between information warfare and other technologies that have influenced conceptions of national security in the past. By examining the influence of these technologies on war strategy and political relationships within the international system, one might better understand how information warfare will have similar influences.
The Realist Approach to Information Warfare
Realists perceive security as a relative concept. The realists are primarily interested in maintaining a relative balance of power or relative level of security. With nuclear weapons during the Cold War, it was easy to gauge relative security. If the Soviets had two bombs and we had four, and the Soviets increased their arsenal to four, then we increased ours to eight. A relative security balance was maintained.
The problem with the realist perspective is that it is does not usually include economic prosperity as a component of national security. This makes it difficult to address the information warfare threat, because it is economic in nature. However, given the possible impact of information warfare might have on the United States' ability to use conventional weapons and its devastating effects on command and control systems necessary to thwart physical threats, most realists would recognize information warfare as posing a genuine national security threat.
Once the threat is acknowledged, the realists would focus on ways to increase the United States relative security. Since the realists believe that the international political system exists in a state of anarchy, in which distrust is a natural component, there is very little use in cooperative agreements designed to deter information warfare. The realist approach to information warfare would consist of the following objectives:
1) Increase security of information systems at home. This objective is easier stated than realized. There are, however, several ways in which the security of United States' information systems can be improved through enhanced security procedures, increased focus on education, and greater vendor accountability. These suggestions will be expanded upon in chapter four.
2) Constant evaluation of possible adversaries information systems for weaknesses. The difficulty with the realist approach is that you need a way to measure the security of rival nation states in order to determine your own level of security. Since security is relative, the realists would create weaknesses where possible, either through backdoors in software or chipping(93) of hardware. Offensive information warfare capabilities should be enhanced and readily available.
3) Formation of possible responses. Develop responses allowing for the use of both counter information warfare and conventional military warfare. The United States willingness to use conventional military forces in response to information warfare should be readily acknowledged and publicized to deter possible offensive actions against them.
4) Develop methods for assessing information damage. We are not currently capable of assessing information damage inflicted or information damage incurred. In order to measure relative security you must have some way to create scenarios measuring both offensive and defensive capabilities.
5) Decrease levels of interdependence. Since interdependence decreases relative security, interdependence should be reduced. Interdependence poses a security threat to realists in two ways. First, it reduces the effectiveness of offensive information warfare waged by the United States against other nations, since the economic aftershocks of such an offensive attack would damage the American economy as well. Second, interdependence leaves the United States susceptible to third party information warfare waged either against or between nations that are its trading partners. It possible for nations to damage the United States' economy by attacking its economic allies.
6) Create autonomous networks. Make networks more autonomous in order to minimize the domino effect of accidental or intentional failure. This would be carried out first at the military level and then at the commercial level for those networks that help support C4I (command, control, communications, computers and intelligence). However, this may be another area, where the costs of unplugging systems from the global network exceed the benefits of security through autonomy. This will be discussed at greater length in Chapter Four.
Problems with the Realist Approach
Since the United States is arguably the most vulnerable to information warfare, increasing relative security becomes incredibly difficult. Apart from an all-out conventional war, offensive information warfare is not an alluring way for the United States' to pursue its interests. The costs of reducing interdependence alone greatly exceed any benefits that could be extracted. These high costs, such as loss of economic prosperity and domestic political support, make decreasing economic interdependence in today's highly linked global economy a non-achievable goal.
Also, under the realist approach, state-sponsored industrial espionage becomes a necessity if weaknesses are to be implanted in the information systems of other nations. Given the United States reservations in using state intelligence agencies for this purpose, the realists would be hard pressed to create the necessary weakness required by their doctrine. The United States lacks the linkage between governmental and private sector goals that are an inherent component of other nations, like Japan and France, that would enable it to conduct the level of espionage required to reduce relative balances of security among possible adversaries. The United States also faces the possibility of losing global political prestige should such operations be discovered.
Realism's greatest contribution to the debate is its suggestion that internal security be increased. Given offensive capabilities should hostilities occur, as long as the United States increases its level of internal security at a rate that is equal to, or greater than its neighbors, it will be able to maintain a relative balance of power. By decreasing vulnerabilities the United States is decreasing the threat, regardless of where it originates.
The Liberal Approach to Information Warfare
The liberal perspective is better equipped to recognize the threat to national security imposed by information warfare based on information warfare's potential to decrease the United States ability to remain prosperous. For the liberals, the international political system is not as anarchic as it is for the realists and it is possible to achieve order through cooperative policy. The liberal approach to reducing the threat of information warfare is based more on cooperative measures than offensive or defensive abilities. The liberal would pursue the following initiatives:
1) Increase levels of interdependence. Recognizing interdependence as the greatest deterrent to offensive information warfare the liberals would seek to increase U.S. interdependence with other nations. Not only does this promote prosperity, but it reduces the attraction of using offensive information warfare against the United States.
2) Create global institutions and international agreements. Though some liberals argue that international agreements and institutions should not be necessary if states act in their best interest, the reality is that we rely on regimes for many aspects of cooperative international relations.(94) Global institutions and agreements ensure a somewhat stable environment in which states can pursue their self interests and exchange information with reduced transaction costs. Regardless, treaties designed to prevent the waging of information warfare might be difficult to establish as traditional U.S. allies openly admit to waging Class II(95) information warfare. However, precautions to prevent Class III(96) information warfare might be negotiated and would prove beneficial, especially to the United States, since we are the nation most susceptible to attack.
Technologically advanced nations are likely to join in these cooperative measures in order to avert the worst case scenario. In the worst case scenario, offensive information warfare is waged and the international economy collapses, possibly, but not necessarily, leading to conventional military conflict. In this case, regimes are created out of a common aversion to a particular outcome. The benefits of cheating are outweighed by the possible costs of the worst case scenario; therefore the regime will survive.
Problems with the Liberal Approach.
Increasing levels of interdependence, or facilitating one-way dependence, with nations that pose information warfare threats seems akin to succumbing to bribery. Could developing nations use the threat of offensive information warfare as a method of integrating their economies with the global economy? In a true free-market global economy, increasing interdependence is inevitable. However, the instability within many developing nations, might motivate developed nations to keep the number of unstable links to their economy to a minimum. Increasing interdependence as a deterrent to information warfare only works if the developed nations are willing to extend feelers to the entire developing world.
Increasing interdependence only decreases the threat from other nation states. It does nothing to decrease the threat from terrorists organizations. Since terrorists have already been cited as those most likely to engage in information warfare, increasing interdependence might be viewed as very ineffective policy as far as information security is concerned.
The problem with creating international regimes is that cheating is difficult to define. What qualifies as an offensive information warfare tactic? Is state sponsored industrial espionage a violation or exception to the guidelines of the regime? Since information warfare is defined differently by different states, these are all difficult questions that would need to be mediated. In addition to this, the liberal approach does very little to prepare the United States for the possibility of other nations cheating. The security problem is still greatest for the United States, since it is the most vulnerable to attack and the costs of the worst case scenario are highest for it.
Stein uses the acceptance of a global language among air traffic controllers and pilots as an example of common aversion.(97) By Stein's example, a worst case scenario would be two planes crashing into each other, causing equal losses for both sides. To apply the same example for information warfare, the worst case scenario would be that the two planes crash, but the United States' plane is carrying 400 people, while the other plane is only carrying 50. Both states have suffered losses by not avoiding the worst case scenario, but the cost for the United States is greater.
The Realist/Liberal Conflict
The greatest conflict between the realists and the liberals centers around the formation of international regimes. Stein writes that "realists hold that since sovereign nations act autonomously in their own self interest, international institutions are inherently irrelevant to world politics."(98) The liberals, on the other hand, accept regimes as methods to cooperatively avoid a worst case scenario. Is there any middle ground to be found?
The answer is yes, if the formation of regimes are perceived more as acts of self interest than cooperative agreements. By forming regimes, in this case, the United States is pursuing its own self interest. Since the United States has the most to lose in the worst case scenario, it also has the most to gain from the aversion of the worst case scenario. The regime might be viewed as the United States forcing its self interest on the rest of the international community. Robert Keohane argues that "rational self-interested actors, in a situation of interdependence, will value international regimes as a way of increasing their ability to make mutually beneficial agreements with one another."(99)
One can argue strongly that regimes designed to prevent state sponsored information warfare, from the United States' perspective, are actions of self-interest in an anarchic international system and therefore are acceptable under the auspices of both realism and liberalism.
Regimes also pose the problem of what cryptographer Eric Hughes calls "regulatory arbitrage."(100) There will always some states that will not participate in the regimes and this will offer a favorable legal climate for individual information warfare efforts. If, as part of the regime, states agree to outlaw systems intrusion originating in one country but directed at another, what do you do with the states that do not participate in the agreement? A perfect example of this is the Netherlands delay in establishing anti-hacking laws. A lot of attacks on United States Department of Defense systems originated in the Netherlands because hacking was legal under Dutch law. The Netherlands provided a safe legal environment for those individuals wishing to hack. This left the United States' options limited to increasing internal security without being able to eliminate the source of the threat. Is intervention justified at this point?
In order for regimes to work, they must include standardized laws regarding systems intrusion that transcend all national boundaries. This problem may be exacerbated in June of 1995 when a team of U.S. hackers invades the computers of France.(101) After extensively verifying that they have no legal liability if they violate the hacking laws of France from within the United States, this group has decided to test the waters. Hacker Erik Bloodaxe explains that "International law is so muddled that the chances of getting extradited by a country like France for breaking into systems in Paris from Albuquerque is slim at best. Even more slim when factoring in that the information gained was given to the CIA and American corporations."(102) This case will provide an excellent test for how states can resolve international telecommunications violations and work towards cooperative agreements to prevent such behavior. It may, in fact, be the catalyst for the first formation of international regimes dedicated to preventing low levels of information warfare. It may also provide the United States with a useful bargaining chip to help deter government sponsored industrial espionage in countries like France and Germany.
Where interdependence is concerned, neither the realist or liberal approach offer a viable proposal to decrease the threat of information warfare. Decreasing interdependence is not an attainable goal in today's highly interlinked global economy, because interdependence yields innumerable benefits. Increasing levels of interdependence in order to deter information warfare threats is ineffective policy, because it is too focused on specific states and does not encompass the broad range of threats that exist.
Since, the realist suggestion to create information weaknesses in the systems of possible adversaries would be a violation of any global agreements that are likely to be developed, this objective would have to be abandoned or pursued covertly in violation of the regime.
Increasing internal security through various methods would not threaten the regime, since it is organized to prevent offensive information warfare. The security of systems is likely to increase as technological advances in the area of cryptography are utilized by individuals and organizations. However, in order to prevent a security dilemma, the United States would have to terminate export restrictions on encryption technology.(103)
The remaining realist suggestions dealing with autonomous networks, strategic planning and developing measures for damage assessment are possible under liberal regimes as well. Each of these initiatives fall into defensive categories, however, the creation of autonomous networks is disadvantageous to technologically advanced nations. Since distributed information networks contribute to the economic prosperity of Third Wave nations, any movement towards autonomy may have negative effects.
Realism and liberalism offer balanced approaches to dealing with the national security implications presented by information warfare. Taken alone, neither of them offers a satisfactory blueprint for dealing with the threat. Combined, they might offer an adequate strategy for realizing national security in the Information Age. This will be discussed at length in the policy prescriptions offered in Chapter Four.
The Strategic and Security Impacts of Technology: A Historical Perspective
It is useful to examine how past technological developments have changed military strategy and conceptions of security in the past. By studying the effects of other technologies, we might increase our capacity to understand the impact information warfare will have on strategy and security concerns in the future. Although a nuclear analogy is inevitable due to the offensive nature of information warfare, there are several other comparisons which demonstrate how information warfare can change the distribution of power on the battlefield.
Decentralizing the Military: The Conoidal Bullet
Manuel De Landa argues that changes in information technology will cause a shift towards decentralization in the military very similar to the changes introduced by the conoidal bullet in the nineteenth century battlefield.
Just as the critical point in speed can mark the beginning of turbulence, so a critically new technology may set the art of war into flux for decades. Today's computerized networks, for instance, are imposing on the military the need to decentralize control schemes, just as the conoidal bullet forced it in the nineteenth century to decentralize its tactical schemes. When breech-loading rifles and their spinning bullets made their appearance on the battlefield, they allowed infantry to outrange artillery, disrupting the balance of power that was several centuries old, and forced commanders to develop new tactical doctrines. Before the advent of the conoidal bullet, infantry were allowed no initiative on the battlefield, individual marksmanship was discouraged in favor of synchronized volleys of collective fire. With the rifle, individual initiative returned to the battlefield and with these, and increased role for snipers and skirmishers in the new tactics. Similarly, modern command networks, after using a central computer to regulate the traffic of messages, have been forced to grant "local responsibility" to the messages: in the ARPANET, the messages find their own destination.(104)
In the Information Age, not only is the autonomy of soldiers increased as command is decentralized, but the weapons have become self-capable as well. Using vast information systems, we have created weapons that seek out their own destination. Where the infantry men of nineteenth century were capable of outdistancing artillery with the advent of the conoidal bullet, smart weapons allow the United States' military to outdistance entire countries. The soldier trained to program coordinates and digital mapping software into Tomahawk missiles now becomes as effective as a jetfighter pilot, without placing American lives at risk. This is, no doubt, a comforting notion for those policy makers initiating hostilities.
However, properly administered information warfare can decrease or nullify the effectiveness of smart weapons technology. Digital mapping data can be altered to cause random errors or synchronization satellites can be jammed to reduce accuracy. Therefore, minimal investment in open source technology utilized with information warfare tactics can render the United States' technologically advanced weapons systems practically useless. Information technology changes the hierarchical characteristics of military strategy by enabling more autonomy on the battlefield and by further distancing the role of man. Attacks upon information systems upset that balance, by rendering new technologies ineffective and forcing technologically advanced nations to revert to Industrial Age combat.
The duality of information warfare presents itself again. Not only is it a new method for waging warfare, but it also effects the way conventional warfare is waged among technologically advanced nations. The threat posed by information warfare is multiplied when military leaders focus more upon strategic threats than tactical ones. General James Clapper, Director of the Defense Intelligence Agency, concedes: "I think in this context there potentially is great danger here, not so much in the context of on the battlefield as much as the thing that concerns me is the potential danger, the potential vulnerabilities to our commercial systems, our banking. The very dependence that this nation has on computers - I think there is clearly a vulnerability in a strategic sense, not so much perhaps in a battlefield combat situation."(105) In General Clapper's statement, we can see how concerned the military is with the impact information warfare could have on the United States' internal infrastructure.
Information Warfare: The Bushnell Turtle of the Information Age
Regarded as the first working submarine, David Bushnell's "Turtle", a propeller-driven submersible vessel with a single operator, introduced a new dimension to naval warfare. Utilized during the American Revolution, the Turtle carried torpedoes loaded with 150 pounds of gun powder that were covertly attached underneath British ships and detonated with timed switches.(106) The British ships were vulnerable because they operated in an environment where threats were based on optical observations of the horizon. If there was a ship visible in the horizon then there was a perception of threat, especially if that ship adorned an enemy flag. Threats from below the ocean's surface were both inconceivable and unexpected.
In terms of resources required, it was much cheaper to build and man the Turtle than it was to build and man British fighting ships. Similar to information warfare, the Turtle yielded high benefits at relatively little cost, thereby increasing its attraction despite its unconventional appearance and design. The analogy can be taken one step further.
Think of the United States as a British ship and the Turtle as any nation state or organized terrorist group practicing information warfare. The ocean is the United States information infrastructure upon which we maintain our buoyancy. The Turtle, itself, derives its usefulness from the mobility allowed by the existence of the ocean. However, the Turtle is able to maneuver alongside the ship with complete undetected anonymity and place a torpedo along our hull. The torpedo detonates and the ship faces a crisis. Can the ship survive? Perhaps, but only because its skilled crew has always demonstrated an enhanced capacity for remedying problems. The damage will be costly and will affect the operations of the ship, but with a little ingenuity, the crisis can be overcome. Now, what if the Turtle had not placed one torpedo but several, programmed to detonate at precisely the same time? Such a challenge the ship's crew can not overcome.
To the captain of the ship, the very existence of the Turtle is a threat. He has several ways to increase the security of his ship. Hulls can be reinforced to reduce the impact of torpedoes, crews can be educated to recognize shadows in the oceans surface indicating the presence of the Turtle, and the ship can build Turtles of their own to patrol its perimeter and neutralize threatening Turtles as they arrive.
Although this analogy has been oversimplified, its moral is still poignant. Vulnerabilities in the information infrastructure and capabilities to exploit them do exist, creating a dire security threat. The fact that these capabilities have not been exploited yet does not reduce their potential. Napoleon dismissed the advanced submarine designs presented to him by Robert Fulton fifty years after Bushnell's Turtle first saw action.(107) Fulton later approached the British who utilized his inventions with little success then dismissed his predictions regarding the future impact of torpedo warfare.(108) Today, reality has exceeded even Fulton's expectations. Submarines and torpedo warfare are considered vital instruments for protecting national security, especially for waterbound nations like Britain. Likewise, information warfare will have profound national security implications for nations that rely heavily on information technology.
National Security Solutions for the Information Age
Eventually, these issues must be dealt with on a political level. A threat to the nations security can not be dealt with until it has been acknowledged by those in power. Dr. J.F. Holden-Rhodes, in his remarkable book describing the use of open source intelligence for the war on drugs, describes how President Reagan signed a National Security Decision Directive that "equated the impact of drug trafficking as a threat to the national security of the United States and directed all federal agencies with a role in drug enforcement, including the DOD, to pursue counter-narcotics efforts more actively."(109) Although information technology security warrants a place on the national agenda, it has yet to be incorporated into United States grand strategy.
In order to better formulate policy prescriptions dealing with the information warfare threat, it is useful to examine past government actions in this area and evaluate their effectiveness.
The Computer Security Act of 1987
The United States Congress passed a law titled the Computer Security Act of 1987 which required federal agencies to identify systems that contain sensitive information and to develop plans to safeguard them. Agencies were required to (1) identify all developmental and operational systems with sensitive information, (2) develop and submit to NIST and NSA for advice and comment a security and privacy plan for each system identified, and (3) establish computer security training programs.
Finally, the United States was taking seriously the threat to national security posed by computer vulnerabilities. The Computer Security Act was a step in the right direction, but holes in the infrastructure still exist. In 1990, the General Accounting Office examined the response and implementation of the act. The GAO reports, that as of January 1990, only 38 percent of the 145 planned controls had been implemented.(110) The GAO report makes the following conclusion:
The government faces new levels of risk in information security because of increased use of networks and computer literacy and a greater dependence on information technology overall. As a result, effective computer security programs are more critical than ever in safeguarding the systems that provide essential government services.(111)
With only a 38 percent compliance more needs to be done if the United States is to fully protect its valuable informational assets. But, instead of concentrating on making the systems more secure, the government chose to focus on the intruders of these systems. Time, energy and money that should have been spent discovering and fixing security bugs was used to design and implement an attack on the hackers themselves instead. This was an attack that focused only on domestic hackers and did little to thwart the threat to United States national security. The result: Operation Sundevil.
Operation Sundevil
Law enforcement agencies had already begun to focus their attack on the digital underground when Operation Sundevil was initiated, but it was by far the largest clamp down on computer crime in the United States. The focus of Operation Sundevil was the hackers' system of information distribution which consisted of hundreds of underground computer systems that housed information on how to break into computer systems, files stolen from major U.S. corporations, and files that contained credit card access numbers used to commit credit fraud. Around forty-two computers were seized along with 23,000 floppy disks of information during the May 7, 8, and 9, 1990 raids.(112)
Across the United States teenagers and their parents were awakened by the Secret Service, followed by a search of their house and the confiscation of anything that looked remotely electronic. Misinformation led to mistakes. Perhaps the most publicized of these was the raid on Steve Jackson Games. Jackson owned a small company that ran a bulletin board system allowing game players to call in and ask questions, arrange meetings, etc. Jackson unknowingly employed a computer hacker. The Secret Service tied the two together and as a result Steve Jackson Games was raided and its computer equipment was seized, only to be returned several years later. This greatly effected Jackson's business and he nearly went bankrupt. Jackson recently won a law suit against the Secret Service in the amount of $52,000 plus legal fees.(113)
The United States has a vested interest in preventing computer crime and fraud, and Operation Sundevil was surely a huge attack on such crimes, but it was greatly misdirected. While teenage hackers were arrested and tried, U.S. military systems and business systems remained open to attack. Hackers will always exist. The only true way to stop them is to plug the holes they use to gain access to systems. The solution lies not in ignoring domestic computer crime, but in giving a higher priority to increasing computer security.
Today, five years after Operation Sundevil, most large federal and state law enforcement agencies have units dedicated to thwarting computer crime. While, most focus on credit card and phone fraud, the domestic hacker is still viewed as the primary threat. As noted earlier, the Computer Security Act has also been relatively ineffective. Security holes still exist and the government has yet to design an integrated approach for maintaining security standards on its computers.
Information Warfare: A Threat Assessment Portfolio
Winn Schwartau, in his breakthrough book on the subject, identified three levels of information warfare: Class I, Class II, and Class III.(114) These three classes are similar to the three levels of information I developed in 1993(115), as described in Chapter Two. In order to develop a threat assessment portfolio for information warfare, one must focus on the levels of information warfare that are currently being waged today.
As exemplified in Chapter Two, both Class I and Class II information warfare are being waged actively today against individuals and corporations. Perhaps the best example of Class I information warfare in recent months was the attack on Michelle Slatalla and Joshua Quittner after they released their book describing the "hacker wars" of 1990. A group of technically adept individuals calling themselves the Internet Liberation Front jammed Quittner and Slatalla's Internet e-mail accounts rendering them useless, and forwarded incoming phone calls to an out-of-state number "where friends and relatives heard a recorded greeting laced with obscenities."(116) This is just one isolated incident of what has been a recurring problem on the Internet recently.
Class II information warfare is also currently being waged at the corporate level. Intellectual property has been stolen and shipped to foreign nations.(117) Arguably, even the collapse of one of Britain's oldest financial institutions, the Barings Bank was the result of Class II information warfare.(118) Without the reliance on information technology, the financial damage inflicted on Barrings by risky investments would never have been possible to achieve by one man.
On the Class III level, we have seen where military systems are targeted up to 300,000 times per year and how those targeted systems are penetrated 88 percent of the time. Only one infiltration of military and government systems was traced back to indicate sponsorship by another nation state. This does not mean, however, that such infiltration's are not taking place with state backing now. It only shows that we have not caught them. We know that nations like France, Germany and Israel have information warfare operations in place, but they have not used them to wage Class III information warfare, yet. We have also seen where nations have used offensive information warfare as a supplement to conventional military tactics, and how most advanced weapons systems are heavily reliant on information technology.
In the past six months, information warfare concerns have started to work their way into public discourse. Aerospace Daily recounts a recent report by the Defense Science Task Force on Information Architecture for the Battlefield:
Of utmost concern to the task force is the fact that U.S. information systems are "highly vulnerable" to information warfare. The task force was "briefed on activities and capabilities that caused concern over the integrity of the information systems that are a key enabler of military superiority..." Creating a strategy to be able to wage information warfare "may be the most important facet of military operations since the introduction of stealth," the report said.(119)
The findings of this report indicate that our national security portfolio is lacking substance where information warfare is concerned. Speaker of the House, Newt Gingrich asks "What if Saddam Hussein had hired 20 hackers in August [1990, just before Desert Storm] to disrupt the American economy...He could have shut down the phone system by crippling AT&T's network and destroyed the financial network, which would have changed drastically how the Gulf War was waged."(120) In order to deal with this problem, the United States, and all technologically advanced nations, must develop a national security strategy for information warfare.
National Security Solutions for the Information Age
Several steps must be taken to put the United States' digital house in order, and begin dealing with the threat to national security posed by information warfare. Though the following list is not completely inclusive, it should serve as a useful framework for dealing with the problem.
Step One: Declassify the Threat
Before dealing with the threat posed by information warfare, we must acknowledge that it exists. It is wrong to assume that security through obscurity will work indefinitely. Offensive information weapons can be developed using open source material and assembled using readily available electronic components. In fact, some offensive information warfare weapons, namely a HERF gun, have been assembled completely by accident.(121)
The existence of offensive information warfare capabilities coupled with the United States' heavy reliance on information technologies, has introduced a new threat to our national security. It has been shown that information warfare, most likely in the form of terrorism, is probable because the costs, both politically and economically, are lower than the benefits derived. If an autonomous nation or political group wishes to inflict damage, chaos and fear on American society with minimal costs, then its most rational option is to use offensive information warfare capabilities.
If this threat is acknowledged, the response options available to the United States increase. Actions to decrease the impact of an information warfare attack can be undertaken in advance to minimize the damage incurred. Political scientist James Wyllie argues that "Deterrence demands that an adversary be made completely aware of the value of the issue in dispute to the deterrer, and the willingness to collect a price should the rival not be dissuaded from its unwelcome course of action."(122) Acknowledging the threat acts as a deterrent for several reasons. First, it increases the number of responses available to the United States because the issue has been addressed at a political level, and it demonstrates to the international community that this is an important issue. Our capabilities to deal with such an attack are increased because we are prepared for it. Second, it motivates the military and private industry to deal with this problem and create viable security solutions that minimize the vulnerability of the United States' information infrastructure. Third, it gives the United States a political catalyst to deal with this issue on a global level and to enter into treaties and agreements to protect the global information infrastructure and to avert common worst case scenarios. Let us examine each of these in greater detail.
Step Two: Increase Security
As technological advancements in information technology continue, security must be a vital component. Perhaps, easier said than done. The security of our information systems must be continually increased. Security experts and hackers agree that encryption will be the critical component used to secure computer systems and information transfers of the future.
Increasing security quells realist concerns about information warfare by decreasing the United States' vulnerability to attack. Unfortunately, it also contributes to the security dilemma, because defensive actions might be construed as intentions to attack other nations. Because of this security dilemma, it is important that the United States be able to export this technology to allies and enemies alike. This is similar to Ronald Reagan's suggestion that should his Strategic Defense Initiative prove successful, the technology would be given to the Soviet Union in an effort to attenuate their fears of a U.S. attack.(123) In order for this to occur, the United States government will have to release its stranglehold on encryption technology and allow U.S. companies to export this technology without restriction. Not only does this increase security and stability, but it will also generate growth in the software industry and allow U.S. companies to maintain a comparative advantage in this area.
The American people have always displayed an ability to be innovative and tenacious in the face of adversity. Given the opportunity and incentive, they will rise to deal with the threat of information warfare in ways we are not yet capable of predicting. The important aspect is that the American people at least be given the opportunity. The rest will follow.
Step Three: Increase Vendor Accountability
Step three is closely linked with step two. In order to increase security and not just manifest an illusion of having done so, vendors must be held accountable for the "secure" products they distribute. Though it is impossible to eliminate all security holes and to find every bug, more must be done to ensure the reliability of systems and software before they are shipped. Also, vendors should be required to create patches and fixes for security holes as they are found and distribute them to all customers.
Security expert Bob Stratton argues that "if you ask the vendors, they will say: nobody told us this was important. Nobody told us security was important."(124) The United States must assure the vendors that security is important and must be a required component of those technologies that will constitute our information infrastructure.
On the virus front, more must be done to ensure consumers that merchandise will be shipped virus-free. Some level of accountability must be determined for those companies that fail to verify the integrity of the software or hardware they are shipping. Perhaps, some sort of criminal or monetary liability for vendors is needed to stimulate active virus checking at the shipping end of software distribution. One thing remains certain: we can not allow viruses to spread within shrink-wrapped software. It ensures too great a distribution within American society to be taken lightly.
Step Four: Facilitate Private/Public Sector Cooperation
Both the public and private sectors of the United States have a vested interest in the creation of a secure information infrastructure. The military is incredibly reliant on private sector communications lines and does not have the resources to create new secure information technologies on its own. Robert Steele argues that the relationship between the private and public sector with regards to new technology has reversed. Where technology used to migrate from the military into the private sector, it now migrates in the opposite direction. Steele argues that the military and civil sector must now cooperate and that "the military must acknowledge that it cannot dominate information warfare and that it must completely recast its understanding of information warfare to enable joint operations with civil sector organizations including law enforcement, businesses with needed skills, and universities."(125)
The military must be able to define its security needs and work with the private sector to meet them. Both sectors will benefit. The military will get increased security and the private sector will get funding for research and development and profits from the marketable products it develops. Not only does this increase the security of military systems, it also increases the security of the private sector upon which they are reliant for communications and open source intelligence gathering and storage. In this way, the United States can expand the umbrella of security over a larger part of its information sphere.
Step Five: Conceptualize Our Information Sphere
Using a term borrowed from Air Force information warfare doctrine, an information sphere is an assessment of those information technologies that are vital to national security. At the core of the sphere are those technologies that are of greatest value: classified military networks and vital financial networks like the Federal Reserve. As you move away from the core, importance decreases to include non-classified military sites, communications networks and intelligence systems, other financial networks and transaction centers, other communication networks, power grids, private sector information systems and non-operational military information. The outer edge of the sphere contains the least important information such as personal information and communications.
In order to formulate an integrated approach to addressing the threat of information warfare, the United States must define its information sphere. Granted, different organizations and branches of the military are going to have different conceptions of what the information sphere contains, but all of these conceptions must be drawn into a centralized sphere in order to address the problem at a national level. Those information systems at the core of the sphere must be protected first and foremost. As technological capabilities progress, the shield of protection must be extended over other parts of the sphere until the entire information sphere is sheltered.
Under the best case scenario, parallel efforts to protect each component of the sphere are executed simultaneously with varying intensity. It is foolish to focus entirely on the core of the sphere until we feel it has been adequately protected because it is highly likely that we will never arrive at that conclusion, and in the meantime we are leaving other vital components of our information sphere unprotected. In the Information Age, different components or levels of the information sphere are likely be interconnected as well, increasing their importance to each other.
It is often argued that in order to protect certain aspects or sections of the information sphere we must make them autonomous. Fortunately, this is not a valid proposition, lest we wish to discard the benefits of the Information Age. A vital component of any information society is distributed information networks sharing and storing information. The existence of networks increases the value of computer technology because one does not have to store every piece of information he or she needs. Instead it is only necessary to be able to retrieve it from the collective intelligence of the network. To disconnect from the network is to decrease the value of your computer exponentially. Robert Steele, while working in the employ of the Central Intelligence Agency, found that most of the information stored on autonomous classified networks was available through open source networks and could be found in half the time at a lesser cost. Though there may be security through autonomy, the benefits of that security do not necessarily exceed the costs of disconnecting from the global network. In some instances, like in the case of single purpose financial networks, secure autonomous networks might be desired, but in general they will hinder the information stream upon which Information Age nations rely. Al Gore, the Vice President of the United States puts it succinctly: "To realize the full benefit of the Information Age, high-speed networks that tie together millions of computers must be built."(126)
Once we have conceptualized our information sphere, we must develop methods to asses damage incurred within it. Upon suffering an information warfare attack, the United States must be able to evaluate and assess the damage that its information sphere has sustained. Not only is this essential for repair, but it also allows us to gauge our possible responses based on the extent of the damage we have suffered. We must be able to place realistic values on the information that our networks contain. Bob Stratton notes that "one of the most significant problems we have right now is that people have not decided how much their information is worth and because they have not made that decision they have decided how much it is worth protecting."(127) By conceptualizing an information sphere we are placing information in a hierarchical value system based on strategic national security importance. We must also be able to use alternative measures of value on information to judge, not only strategic importance, but economic and social importance. We must be able to judge what sort of damage is incurred based on the overall significance of the target. Military systems have a different value than banks, and likewise, banks have a different value than the computers that house the nation's Social Security data. We must make sure our measures of value include all the information contained on the networks.
Similarly, for strategic purposes we must be able to measure the damage the United States inflicts on other nations should it utilize offensive information warfare capabilities. What is the strategic value of destroying an enemy's communications network versus the strategic value of manipulating it for our own purposes? What sort of damage is inflicted on the target nation and its allies or trading partners if its financial system is demolished? Can we trace the links to ensure that economic aftershocks are not felt by the United States or any of its trading partners? These are difficult questions, but each must be examined if we are to take the threat and capabilities of information warfare seriously.
Step Six: Multi-Level Education
Education can take place at several levels. First, policy makers can be made aware of the threat and what they can do about it. It is their public obligation to do so. It was suggested in a Congressional hearing that Members of Congress rent and watch the movie War Games in order to understand the threat and techniques used by hackers.(128) Granted, War Games was a revealing movie, but policy makers must have a better understanding of the threat to American national security than this movie provides. The fact that Speaker Gingrich is discussing the implications of information warfare with the media is a positive sign, but his is a unique case of having friends interested in the topic. Most likely, the military will act as educator to the policy makers where this issue is concerned, but we must balance them with public sector opinions in order to equalize any parochial interests the military might put forth in order to gain increased funding.
The policy makers must also be made aware of what they can do to solve the problem. When discussing HERF Guns at the above mentioned hearing, one Member of Congress asked if such weapons might fall under the auspices of the Brady Bill and if they should be outlawed. Luckily, Mr. Schwartau was able to convince them that to do so "would be banning the microwave and communications industry from existence."(129) Though the threat of information warfare is very real, we should not react with ill-conceived responses, especially if it means sacrificing individual liberties.
At another level, those who run the systems or are in charge of security must be educated to understand and deal with the threats. The largest security hole in computer systems is the human factor. A whole book has been written devoted to this aspect of computer intrusion.(130) If you place a computer in a locked room with no outside connections you have a secure computer, give one person access and security is reduced. Give another person access and security is reduced even further. Now the two people can be used against each other with a little social engineering. Consider the following true anecdote where a hacker named Susan demonstrates her social engineering skills:
As Susan later told the story, a team of military brass...from three services sat at a long conference table with a computer terminal, a modem, and a telephone. When Susan entered the room, they handed her a sealed envelope containing the name of computer system and told her to use any abilities or resources that she had to get into that system. Without missing a beat, she logged on to an easily accessible military computer directory to find out where the system was. Once she found the system in the directory, she could see what operating system it ran and the name of the officer in charge of that machine. Next, she called the base and put her knowledge of military terminology to work to find out who the commanding officer was at the SCIF, a secret compartmentalized information facility. Oh yes, Major Hastings. She was chatty, even kittenish. Casually, she told the person she was talking to that she couldn't think of Major Hasting's secretary's name. "Oh" came the reply. "You mean Specialist Buchanan." With that, she called the data center and switching from nonchalant to authoritative, said, "This is Specialist Buchanan calling on behalf of Major Hastings. He's been trying to access his account on the system and hasn't been able to get through and he'd like to know why" ...Within twenty minutes she had what she later claimed was classified information up on the screen. Susan argued "I don't care how many millions of dollars you spend on hardware, if you don't have people trained properly I'm going to get in if I want to get in."(131)
There are fundamental security measures that can be taught to system users to ensure that the security of the system is not compromised and scenarios like the one above are not repeated. It might be necessary, as argued in other papers, to create a centralized agency in charge of coordinating education and providing support for system administrators in patching known security holes.(132)
Finally, the public must be educated to understand the threat of information warfare so that it can endorse the actions taken by the government to deal with this problem. Mr. Schwartau's book does a great service in this area, but more effort is needed to bring information warfare into the public discourse. Citizens have to understand the reliance they have on information technology and the purpose it serves within society before we can justify protecting it.
Step Seven: Use Hackers as a National Resource
The digital underground should be viewed as an asset to the United States. They use illegal means to satisfy their curiosity about the workings of computer technology because the system has denied them other means of accessing the digital realm they love. Harvard Law professor Laurence H. Tribe even suggests that access to technology may be a required goal of democratic society. He states:
It's true that certain technologies may become socially indispensable -- so that equal or at least minimal access to basic computer power, for example, might be as significant a constitutional goal as equal or minimal access to the franchise, or to dispute resolution through the judicial system, or to elementary and secondary education. But all this means (or should mean) is that the Constitution's constraints on government must at times take the form of imposing "affirmative duties": to assure access rather than merely enforcing "negative prohibitions" against designated sorts of invasion or intrusion.(133)
Some hackers are loyal to the ideals of their nation. For example, when news of Stoll's German hacker selling U.S. secrets to the KGB hit the underground many hackers responded with hatred towards the guy who had associated their movement with national espionage and threats to national security. They were willing to use their abilities to combat this problem, and were even willing to target Soviet computers for the Central Intelligence Agency. One case of a hacker making a contribution to society is the story of Michael Synergy and his quest for presidential credit information. Synergy decided one day that it would be interesting to look at the credit history of then President Ronald Reagan. He easily found the information he was looking for and noticed that 63 other people had requested the same information that day. In his explorations he also noticed that a group of about 700 Americans all appeared to hold one credit card, even though they had no personal credit history. Synergy soon realized that he had stumbled upon the names and addresses of people in the U.S. government's Witness Protection Program. A good citizen, he informed the FBI of his discoveries and the breach of security in the Witness Protection Program.(134)
One of the basic benefits to United States national security is the lack of a coherent movement among the members of the digital underground. Hackers are by nature individualistic. They lack a common bond that allows them to focus their energies on one target. If there is a common target among hackers, it is corporate America, especially the telephone companies. These corporations have become targets because hackers rely on their service to access cyberspace, which can be a very expensive proposition. The United States government has a vested interest in not providing them with another target, especially if that target is the government itself. The United States should utilize hackers, and give them recognition in exchange for the service they provide by finding security holes in computer systems.
The United States should not discontinue efforts to stop credit fraud and other computer activities that are unquestionably criminal. But, the United States should allow the hackers to conditionally roam the realm of cyberspace. These conditions would include the following: (1) If computer access is gained, the security hole should be immediately reported to the government or centralized agency and should not be given to anyone else, and (2) information files should not be examined, modified or stolen from the site. In return the United States acknowledges the hackers' accomplishments, thus feeding their competitive egos.
Why should the United States government trust hackers? No trust is necessary. The United States is not offering the hackers anything that they don't already have, except recognition for their ability to discover security flaws. The hackers will remain on the networks regardless of what policy the United States follows concerning their activity. It is simply giving them the forum they need to meet people with similar interests on a legitimate basis, rather than a secret one. Robert Steele argues, "If someone gets into a system, that is not a violation of law, it is poor engineering. When we catch a hacker, rather than learn from him, we kick him in the teeth. When the Israelis catch a hacker, they give him a job working for the Mossad."(135)
Many U.S. corporations already allow the hackers to identify security weaknesses in their computer systems. The Legion of Doom, the most notorious group of hackers in the U.S., briefly entered the computer security business with the formation of their company called Comsec Security. Bruce Sterling reports, "The Legion boys are now digital guns for hire. If you're a well-heeled company, and you can cough up enough per diem and air-fare, the most notorious computer hackers in America will show up right on your doorstep and put your digital house in order - guaranteed."(136) Some argue that this is simply extortion, but individuals are not saying "pay up or else we will enter your system." They are offering their skills to secure vulnerable computer systems from possible electronic intrusion.
Hackers can be used to secure the United States' digital interests. Every effort should be made not to alienate them from the newly emerging digital infrastructure. In the same Congressional hearing where his publication was branded as manual for computer crime, Emmanuel Goldstein made the following remarks about access to technology and computer crime:
This represents a fundamental change in our society's outlook. Technology as a way of life, not just another way to make money. After all, we encourage people to read books even if they can't pay for them because to our society literacy is a very important goal. I believe technological literacy is becoming increasingly important. But you cannot have literacy of any kind without having access.... If we continue to make access to technology difficult, bureaucratic, and illogical, then there will also be more computer crime. The reason being that if you treat someone like a criminal they will begin to act like one.(137)
It is ridiculous to assume that the entire hacker subculture is motivated by criminal intentions. Hackers, like all other groups or subcultures, contain a diverse array of individuals. Every group has a criminal element and the hackers' criminal element is no different than the criminal element that exists within the law enforcement community. A General Accounting Office report on threats to the nations National Crime Information Center, found that the greatest threat to this centralized criminal database was not from outside hackers but from corrupt insiders.(138)
Most hackers are still young and have not formulated complete ideologies regarding right and wrong behavior. Bob Stratton, a former hacker who now works as a highly trusted security expert, argues that "These people (hackers) haven't decided in some cases, to be good or evil yet and it is up to us to decide which way we want to point them."(139) Mr. Stratton argues that we can mentor these individuals and thereby utilize their technological skills.
Mitch Kapor, founder of one of America's most successful software companies notes that "the image of hackers as malevolent is purchased at the price of ignoring the underlying reality - the typical teenage hacker is simply tempted by the prospect of exploring forbidden territory...A system in which an exploratory hacker receives more time in jail than a defendant convicted of assault violates our sense of justice."(140)
There does seem to be a trend in the past year to utilize hacker capabilities, both in the public and private sectors. This needs to increase, and perhaps some evaluation of our own laws might be necessary if we wish to continue knowing where the holes in the United States' information infrastructure are.
Step Eight: Global Institutions and International Agreements
Just as this issue has domestic political implications, it also has international political implications that need to be addressed. Once the United States acknowledges the potential threat of information warfare it must be prepared to deal with nations expressing similar concerns. Political deterrents like economic interdependence and fear of escalation must be backed by global institutions and international agreements that set standards and pacts for varying levels of information warfare.
High levels of interdependence will cause technologically advanced trading partners to seek out security agreements in order to guarantee some level of stability in the international financial system. The United States should take the initiative to lead such efforts and place these issues on the international agenda. There are worst case scenarios to be averted and cooperation in this area should be achievable.
Though these institutions do nothing to deter the threat of information terrorism, they may provide justifiable avenues to pursue in seeking retribution. Regimes do not deter terrorists and information warfare is an attractive weapon. However, defining our information sphere and increasing security help to minimize the damage that information terrorism can inflict on the United States. Global agreements would help determine the consensus of the international community where these new technologies are concerned and terrorist violations of this consensus is inevitable. Terrorists do not play by rules, but that does not mean the international community should forestall the development of those rules.
Conclusion: National Security in the Information Age
This thesis has put forth some apocalyptic scenarios regarding the future of information warfare and national security. This was not its ultimate intent. Realistically, there are a number of scenarios, each of varying degree, in which information warfare might be utilized in the future.
In the most apocalyptic scenario, information warfare will be waged in conjunction with conventional warfare, to determine the hegemon of the Information Age. Many scholars have put forth arguments concerning the formation and survivability of hegemonic powers.(141) It is possible, that in this point in time, the instability of information technology requires the constancy only a hegemon can provide. Under this scenario, realist concerns run rampant, as the United States has a vested interest in becoming the hegemon for the next power cycle. However, a full-scale information war will be very costly, and it is highly unlikely that the hegemon will be able to salvage any value from the rubble of battle. A scenario where stability and consistency for information technologies are derived from cooperative international
endeavors to promote and facilitate global prosperity is more likely. In the Information Age, Third Wave nations have legitimate aspirations to create a global information system that adds value to their existing information infrastructures. Information technology is cooperative by nature and tremendous benefits can be derived from greater interconnectivity. Therefore, nations will seek out ways to integrate their networks with the international network. Once that integration takes place, each connected nation will have an interest in maintaining the stability and survivability of the overall network. Each nation has a vested interesting in preventing global information warfare.
Despite collective interests, information terrorism will continue to be a viable national security concern for all Third Wave nations. Unfortunately, our options concerning terrorism are extremely limited. By increasing security and gathering intelligence regarding any plans that might be in consideration, we can ensure that the threat of terrorism is contained to isolated incidents from which the United States can recover. Unfortunately, the environment under which we currently operate can make no such promise, therefore it is essential that we address this issue now.
Other likely scenarios include the use of information warfare for blackmail or for limited short-term gains. These scenarios present other difficult political dilemmas that must be addressed at a global level. Will nations allow information warfare threats to be used as blackmail? Will we allow limited information warfare in order to pursue strategic or comparative political and economic gains? Or is the fear of escalation an adequate deterrent to such ambitions? These questions must also be addressed.
The Information Age promises to change many aspects of our society. Mitchell Kapor writes:
Life in cyberspace is more egalitarian than elitist, more decentralized than hierarchical...it serves individuals and communities, not mass audiences. We might think of cyberspace as shaping up exactly like Thomas Jefferson would have wanted: founded on the primacy of individual liberty and commitment to pluralism, diversity, and community.(142)
As a society we have much to learn about ourselves through this new medium of communication. As a nation the United States must make sure that the structure it is building has a strong foundation and that weaknesses in that structure are not used to destroy it. It is a difficult task, because the constitutionally guaranteed rights of United States citizens must be upheld in the process. However, it is a task we must undertake. These are issues we must address. If we do not address these issues now the future of our country will be jeopardized. A handful of concerned citizens attempt to bring issues surrounding cyberspace to our attention everyday. Some of these issues concern national security, others concern individual privacy.
Cyberspace has empowered the average person to explore and question the structure of our society and those that benefit from the way it is operated. Fundamental issues arise from hacker explorations. We must decide how, as a nation, how we wish to deal with these issues. Recent efforts in cloning produced a human fetus. The scientists that achieved this remarkable feat, immediately halted research arguing that a public debate must arise to deal with the ethical and moral issues surrounding this technology. They argued that before experimentation in cloning continued, we must decide as a society which direction that the new technology will go, what ends we hope to achieve, and what the limits on its use should be. A similar debate on the issues of cyberspace must take place. There is no need to stop the technology, but we must decide what direction we want the technology to take, and what rules will govern its use. We must do this now, before the technology starts dictating the rules to us, before it is too late to make changes in the basic structure of cyberspace without destroying the whole concept.
We certainly are, as Al Gore noted, in the midst of an Information Revolution. Methods of warfare will continue to evolve as the revolution progresses. Conceptions of national security will have to evolve as well. Information warfare and information security must be incorporated into the national security agenda of any nation that is making the transition into the Information Age. Isaac Asimov notes that "Waiting for a crisis to force us to act globally runs the risk of making us wait too long."(143) We can not allow this to be the case where information technologies are concerned, because they are the foundation for that which we aspire to become. Similarly, John Petersen argues that a "philosophy comes bundled with every new technology; when one is embraced, the other is there at well."(144) The United States has already embraced the technology of the Information Age, it must prepare itself to deal with the philosophy that comes with it. The United States must be prepared to deal with a philosophy that changes the distribution of power, changes political relationships, and challenges the essence of nation states. Only then can we rightfully justify a leading role in the Information Age.
(1) Skolnikoff, Eugene B. The Elusive Transformation: Science Technology and the Evolution of International Politics. (New Jersey: Princeton University Press, 1993), 169.
(2) Skolnikoff, Elusive Transformation; Arquilla, John & Ronfeldt, David. "Cyberwar and Netwar: Warfare Between Networks." Comparative Strategy. vol. 12, no. 2, 1993, 141-165.; Petersen, John L. The Road to 2015: Profiles of the Future. (California, Waite Group Press, 1994.)
(3) Ronfeldt, David. "Cyberocracy is Coming," The Information Society Journal, vol. 8, num. 4 (1992), 243-296.
(4) Qualifying this new pattern of societal development as the "third" wave, Toffler naively accepts the fact the Agrarian Age was the first developmental stage of modern society, a view not held by many scholars. However, the sequential allocation of numbers is not important for the purposes of this thesis, but rather the premonition that a new wave of development is occurring.
(5)Toffler, Alvin The Third Wave (New York, William Morrow and Company, Inc., 1980)
(6)Ibid, 26.
(7)Gore, Al "Remarks at the Federal-State-Local Telecomm Summit, [Online]. (1994, January 9). Available WWW: http://www.whitehouse.gov.
(8) Examples include the National Telecommunications and Information Administration and the Information Infrastructure Task Force. Other government agencies involved with these issues include the General Accounting Office, the Federal Communications Commission, the National Institute of Standards and Technology, and the Advanced Research Projects Agency.
(9)Petersen, Road to 2015, 39-70.
(10)Ibid, 4.
(11) Kelly, Kevin. Out of Control: The Rise of Neo-Biological Civilization. (New York, Addison-Wesley Publishing, 1994), 359.
(12) Solnick, Steven L. "Revolution, Reform and the Soviet Telephone System, 1917-1927." Soviet Studies. vol. 43, no. 1, 1991, 157-176.; Sreberny-Mohammadi, Annabelle. "Small Media for a Big Revolution."
(13)Big Dummies Guide to the Internet [Online]. Available FTP: ftp.eff.org Directory: pub File: bigdummy.txt.
(14)Petersen, Road to 2015, 37.
(15)Carroll, Bonnie. "Harsh Realities: S&T Acquisition Costs, Obstacles, and Results." Remarks at the Third International Symposium on National Security and National Competitiveness: Open Source Solutions, Washington DC, November 10, 1994.
(16)Drucker, Peter. Post-Capitalist Society (New York, Harper Business, 1993), 8.
(17)Ronfeldt, "Cyberocracy", 243-296.
(18)Ibid.
(19)"Introduction." Wired. Premiere Issue, 1993.
(20)I have drawn from and expanded on the definition put forth by Ronfeldt, "Cyberocracy is Coming."
(21)Steele, Robert D. "Hackers and Crackers: Using and Abusing the Networks." Presentation at the Fourth Annual Conference on Computers, Freedom and Privacy, Chicago, IL., March 1994.
(22) United States General Accounting Office. Information Superhighway: An Overview of Technology Challenges. Report to Congress. January, 1995.
(23)Arquilla & Ronfeldt, "Cyberwar is Coming!", 141-165.
(24) Sun Tzu. The Art of War. Translated by Samuel B. Griffith. (New York, Oxford University Press, 1971), 95.
(25) See U.S. Army Field Manual 100-5: Fighting Future Wars. (Washington, Brassey's Press, 1994); Sullivan, General Gordon R. & Dubik, Colonel James M. "War in the Information Age." U.S. Army War College, Strategic Studies Institute, 6 June 1994.
(26) Steele, Robert D. "The Military Perspective on Information Warfare: Apocalypse Now." Keynote address at the Second International Conference on Information Warfare: Chaos on the Electronic Superhighway, Montreal, 19 January 1995.
(27)Schwartau, Information Warfare, 291.
(28)Brodie, Bernard & Fawn. From Crossbow to H-Bomb. (London, Indiana University Press, 1973)
(29)Headrick, Daniel R. The Invisible Weapon: Telecommunications and International Politics 1851-1945. (New York, Oxford University Press, 1991), 141.
(30)Bramford, James. The Puzzle Palace. (Boston, Houghton Mifflin Company, 1982), 1-56.
(31) Sullivan & Dubik. "War in the Information Age," 12.
(32)Schwartau, Information Warfare, 179.
(33)Schwartau, Information Warfare, 180.
(34)Federal Emergency Management Agency. EMP Threat and Protective Measures. Report for public distribution. April 1980, 11.
(35) National Institute for Standards and Technology Computer Security Division. Threat Assessment of Malicious Code and Human Threats. Report to the U.S. Army Computer Vulnerability/Survivability Study Team. October 1992, 10.
(36) Goldstein, Emmanuel. "Opening Doors." 2600: The Hacker Quarterly. vol. 11, no. 3, Autumn 1994, 4-6.; Platt, Charles. "Hackers: Threat or Menace?" Wired. November 1994, 82-90.
(37) Levy, Steven. Hackers: Heroes of the Computer Revolution. (New York, Dell Publishing, 1984)
(38) Schwartau, Information Warfare, 137-148. The threats of electromagnetic emissions capture was first outlined by Wim Van Eck in his paper "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?" (PTT Dr. Neher Laboratories, Leidschendam, Netherlands, 16 April 1985). Though this paper is classified within the United States, Van Eck's concepts have been accepted and proven by many security experts.
(39) The Transient Electromagnetic Pulse Emanation Standard established by the United States government is used to label all electronic equipment whose level of electromagnetic emissions is low enough as to prevent their capture by eavesdropping devices.
(40) Seline, Christopher J. "Eavesdropping on the Electromagnetic Emanations of Digital Equipment: The Laws of Canada, England and the United States," (Unpublished draft, 1990).
(41) Schwartau, Information Warfare, 114-137.
(42)Mungo, Paul and Clough, Bryan. Approaching Zero: The Extra-ordinary Underworld of Hackers, Phreakers, Virus Writers & Keyboard Criminals. (New York, Random House, 1992), 107.
(43)Ibid, 107-110.
(44)Ibid, 108.
(45)Ibid, 98.
(46)Hafner, Katie, and Markoff, John. Cyberpunk: Outlaws & Hackers on the Computer Frontier. (New York, Simon & Schuster, 1991), 345.
(47)Perrow, Charles. Normal Accidents: Living with High-Risk Technologies. (New York, Basic Books, 1984).
(48) Knowles, Francine. "Technology Glitches Can Take Big Toll," Chicago Sun-Times, 16 Sept. 1994, 47.
(49) Kelsey, Tim. "Teen Hacks Top-secret U.S. Computer; British Boy Posted Military Information on Internet," The Ottawa Citizen, 3 Jan. 1995, A1.
(50) Ibid, A1.
(51)Stoll, Clifford. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. (New York, Doubleday, 1989).
(52)Hafner & Markoff, Cyberpunk, 172.
(53)Denning, Peter J. Computers Under Attack: Intruders, Worms & Viruses. (New York, ACM Press, 1991), 183.
(54)Brock, Jack L. (1991). Testimony in Hackers Penetrate D.O.D. Computer Systems: Hearings before the Subcommittee on Government Information & Regulation, Committee on Governmental Affairs, United States Senate, 20 November 1991.
(55)Ibid.
(56)Ibid.
(57) Private VHS Video, supplied by Emmanuel Goldstein.
(58) Sterling, Bruce. The Hacker Crackdown: Law and Disorder on the Electronic Frontier. (New York, Bantam Books, 1992), 1.
(59) Quittner, Joshua and Slatalla, Michelle. Masters of Deception: The Gang that Ruled Cyberspace. (New York, Harper Collins, 1995), 6-21.
(60) Sterling, Hacker Crackdown, 1-43.
(61) Bowman, Stephen. When the Eagle Screams: America's Vulnerability to Terrorism. (New York, Carol Publishing Group, 1994), 155.
(62) Markoff, John. "A Most-Wanted Cyberthief is Caught in his Own Web." The New York Times, 16 Feb. 1995. A1.
(63) Bowman, Eagle Screams, 125.
(64) As quoted in Bowman, Eagle Screams, 124.
(65) Schwartau, Winn. Terminal Compromise: Computer Terrorism: When Privacy and Freedom are Victims. (United State, Inter.Pact Press, 1991), 1. This is a work of fiction.
(66) Steele, Robert. "War and Peace in the Age of Information. Superintendent's Guest Lecture, Naval Post Graduate School, 17 August 1993.
(67) Schwartau, Information Warfare, 293.
(68) Steele, "Military Perspective on Information Warfare", 9.
(69) Ayers, Robert. "Defensive Information Warfare: A Maginot Line in Hyperspace." Presentation given at the First TMSA Conference on the Revolutionary New Paradigm for Modern Warfare, Washington, DC, 8-9 December 1994. As reported in OSS Notices, vol. 2, issue 10, 30 December 1994, 10.
(70) Ayers, as paraphrased in OSS Notices, vol. 2, Is. 10, 10.
(71) Steele, "Military Perspective on Information Warfare", 11.
(72) Jervis, Robert. The Meaning of the Nuclear Revolution. (Ithaca, Cornell University Press, 1989), 10.
(73) Peterson, John, as cited by Steele, "War and Peace in the Age of Information."
(74) Weltman, John J., Nacht, Michael and Quester, George H. Challenges to American National Security in the 1990's. (New York, Plenum Press, 1991), xi.
(75) Steele, "Military Perspective on Information Warfare", 5.; Gertz, Bill. "Electronic Crime Threatens Integrity of Long Distance Phone System," The Washington Times, 24 Oct. 1994, A3.
(76) Steele, "War and Peace in the Age of Information."
(77) Schwartau, Winn. "Technical Discussion of High Energy Radio Frequency Guns, and Video Demonstration of Van Eck Emissions Capture: How to Obtain Insider Information from 200 Meters Away Without Physical Connection." Presentation at the Third International Symposium on National Security and National Competitiveness: Open Source Solutions. Washington, DC, 9 November 1994.
(78) Luttwak, Edward. The Endangered American Dream: How to Stop the United States from Becoming a Third World Country and How to Win the Geo-Economic Struggle for Industrial Supremacy. (New York, Simon & Schuster, 1993); Thurow, Lester. Head to Head: The Coming Economic Battle Among Japan, Europe, and America. (New York, Warner Books, 1992); Prestowitz, Clyde V. Jr. Trading Places: How We Are Giving Our Future to Japan and How to Reclaim It. (New York, Basic Books, 1988).
(79) Ganley, Elaine. "French Oust Five as Spies," The Burlington Free Press. 23 February 1995, A6.
(80) Bowman, Eagle Screams, 7.
(81) Schwartau, Information Warfare, 65-82.
(82) Legro, Jeffrey W. "Military Culture and Inadvertent Escalation in World War II," International Security, vol. 18, no. 4, Spring 1994, 108.
(83) Mann, Paul. "Dialing for 'Info War'," Aviation Week and Space Technology, vol. 142, no. 4, 23 Jan. 1995, 31.; Holzner, Robert. "U.S. Navy to Tie Requirements, Acquisition," Defense News, 23 Jan. 1995, 6.; "Services Gear Up for Information War," Defense Daily, vol. 184, no. 48, 8 Sept. 1994, 377.
(84) "USAF Doctrine to Include 'Virtual Battle Space'," Aerospace Daily, vol. 173, no. 12, 19 Jan. 1995, 85B.
(85) Cooper, Richard N. "Economic Interdependence and Foreign Policy in the Seventies," World Politics, Jan. 1972, 159.
(86) Rosecrance, Richard and Stein, Arthur. "Interdependence: Myth or Reality?" World Politics, vol. 26, no. 1, 1973, 1-27.
(87) Nye, Joseph S. Understanding International Conflicts. (New York, Harper Collins, 1993), 166.
(88) See Snyder, Jack. Myths of Empire: Domestic Politics and International Ambition. (Ithaca: Cornell University Press, 1991).
(89) See Schweizer, Peter. Friendly Spies: How America's Allies are Using Economic Espionage to Steal out Secrets. (New York, Atlantic Monthly Press, 1993).
(90) Sterling, Bruce. "Speaking for the Unspeakable," Presentation at the Second Conference on Computers, Freedom and Privacy. Washington DC, March 1992.
(91) Anonymous. Interview with author. Chicago, IL. March 1994.
The countries interested in this hacker's services were France and Israel.
(92) Those interested in the case can find further information on-line via the Internet's World Wide Web at: http://www.eff.org/.
(93) Chipping of hardware is used to describe a process in which design flaws or timed failures are programmed into computer chips during production.
(94) Stein, Arthur A. "Coordination and Collaboration: Regimes in an Anarchic World," International Organization, vol. 36, Spring 1982, 299-324.
(95) Class II information warfare is targetted at industries for espionage or competitive purposes. See Schwartau, Information Warfare, 271-291.
(96) Class III information warfare is waged with political intentions by state or terrorist entities. See Schwartau, Information Warfare, 291-312.
(97) Stein, "Coordination and Collaboration," 43.
(98) Ibid, 25.
(99) Keohane, Robert O. After Hegemony: Cooperation and Discord in the World Political Economy. (New Jersey, Princeton University Press, 1984), 135.
(100) Hughes, Eric. (20 Nov. 1994). Re: Clipper Questions. [e-mail to Matthew G. Devost], [On-line]. Available e-mail: mdevost@moose.uvm.edu.
(101) Though there has been a lot of discussion regarding this operation, there is no evidence to ensure that it actually will take place.
(102) Bloodaxe, Eric. "Phrack Editorial," Phrack Magazine, vol. 5, Is. 46, file 2a. [On-line] Available FTP: freeside.com /pub/phrack/.
(103) Currently, the exportation of encryption technology is regulated in the United States under the State Department's International Traffic in Arms Regulations. (ITAR)
(104) De Landa, Manuel. War in the Age of Intelligent Machines. (New York, MIT Press, 1991), 45.
(105) U.S. Congress. Senate. Armed Services Committee. Threats to National Security: Hearing. Testimony of General James R. Clapper, Director, Defense Intelligence Agency. 17 January 1995.
(106) Brodie, Crossbow to H-Bomb, 115-118.
(107) It should also be noted that the Turtle was never utilized successfully, but this was do more to chance than flaws in design.
(108) Brodie, Crossbow to H-Bomb, 117-118.
(109) Holden-Rhodes, J.F. Sharing the Secrets: Open Source Intelligence and the War on Drugs. (USA, The University of New Mexico Printing Services, 1994), 32.
(110)United States General Accounting Office. Report on Implementation of Computer Security Act. (Washington, D.C. , U.S. Government Printing Office, 1990).
(111)Ibid.
(112)Sterling, Hacker Crackdown, 158.
(113)Nathan, Paco Xander. "Jackson Wins, Feds Lose." Wired. May 1993, 20.
(114) Schwartau, Information Warfare, 258-312.
(115) Devost, Matthew G. "The Digital Threat: United States National Security and Computers." Presentation at the Annual Meeting of the New England Political Science Association, Salem MA, 22 April 1994.
(116) Elmer-Dewitt, Philip. "Terror on the Internet: A Pair of Electronic Mail Bombings Underscores the Fragility of the World's Largest Computer Network." Time. 4 December 1994, 15.
(117) Carley, William M. "Of High-Tech Spying: Did the French Steal Secrets from Texas Instruments, or is the Story Just Bull." The Wall Street Journal. 19 January 1995, A1.; Schweizer, Friendly Spies.
(118) Powell, Bill. "The Boy Who Lost Billions." Newsweek. 13 March 1995, 37-52.
(119) "Defense Science Board Calls for Improvements in Information Systems." Aerospace Daily. vol. 173, no. 2, 4 Jan. 1995, 10.
(120) Cooper, Pat. "In Cyberspace, U.S. Confronts and Illusive Foe." Defense News. 19 Feb. 1995, 1.
(121) Schwartau, Winn. "Class II Information Warfare: Corporate Espionage and Sabotage." Presentation at the Second International Conference on Information Warfare. Montreal PQ, 18 January 1995.
(122) Wyllie, James H. "The Deterrence Condition." In Carey, Roger & Salmon, Trevor C. International Security in the Modern World. (New York, St. Martin's Press, 1992), 63.
(123) Skolnikoff, Elusive Transformation, 66.
(124) Stratton, Bob. "Hackers and Crackers: Using and Abusing the Networks." Presentation at the Fourth Conference on Computers, Freedom and Privacy: Cyberspace Superhighways: Access, Ethics and Control. Chicago IL, 23 March 1995.
(125) Steele, "Military Perspective on Information Warfare", 11.
(126) Gore, Al. "Infrastructure for the Global Village." Scientific American, Special Issue, 1995, 156-159.
(127) Stratton, "Hackers and Crackers."
(128) U.S. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Technology and Competitiveness. Hearings on Computer Security. 102nd Cong., 1991.
(129) U.S. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Technology and Competitiveness. Hearings on Computer Security. 102nd Cong., 1991.
(130)Van Duyn, J. The Human Factor in Computer Crime. (Princeton, Petrocelli Books, 1985).
(131)Hafner and Markoff, Cyberpunk, 60-61.
(132) Devost, "Digital Threat", 12-18.
(133)Tribe, Laurence H. "The Constitution in Cyberspace." Paper presented at the First Annual Conference on Computers, Freedom and Privacy Conference, Burlingame, CA. 1991.
(134)Mungo & Clough, Approaching Zero, 57.
(135)Steele, " Hackers and Crackers."
(136)Sterling, Bruce. "Cyberview." Phrack, vol. 3, is. 33, phile 10, 1991.
(137)Goldstein, Emmanuel. Testimony before House Subcommittee on Telecommunications and Finance. Washington D.C., 9 June 1993. Goldstein, Emmanuel. "Congress Takes a Holiday." 2600: The Hacker Quarterly. vol. 10, no. 3, Autumn 1993, 14-15.
(138) General Accounting Office. "NCIC Criminal Misuse." Washington DC, GPO, 1993.
(139) Stratton, "Hackers and Crackers."
(140) Kapor, Mitchell. "Civil Liberties in Cyberspace." Scientific American, Special Issue, 1995, 174-178.
(141) See Keohane, Robert O. After Hegemony: Cooperation and Discord in the World Political Economy. (Princeton, Princeton University Press, 1984); Gilpin, Robert. War and Change in World Politics. (Cambridge, Cambridge University Press, 1981); Russet, Bruce M. "The Mysterious Case of Vanishing Hegemony: or, is Mark Twain Really Dead?" International Organization. vol. 39, no. 2, Spring 1985, 207-232.; Cowhey, Peter F. and Long, Edward. "Testing Theories of Regime Change: Hegemonic Decline or Surplus Capacity?" International Organization. vol. 37, no. 2, Spring 1983, 157-188.
(142)Kapor, Mitchell. "Where is the Digital Highway Really Heading? The Case for a Jeffersonian Information Policy." Wired Magazine . July 1993, 53-59.
(143) Asimov, Isaac. As cited in Petersen, Road to 2015, xix.
(144) Petersen, Road to 2015, 68.
Allison, Graham & Treverton, Gregory F. Rethinking America's Security: Beyond the Cold War to New World Order. New York: W.W. Norton & Company, 1992.
Andelman, David A. & Count de Marenches. The Fourth World War: Diplomacy and Espionage in the Age of Terrorism. New York: William Morrow & Company, 1992.
Anthes, Gary H. "Info-terrorist Threat Growing." Computer World, vol. 29, no. 5, 30 January 1995, 1.
Arquilla, John & Ronfeldt, David. "Cyberwar and Netwar: Warfare Between Networks." Comparative Strategy. vol. 12, no. 2, 1993, 141-165.
Barlow, John Perry. "Crime and Puzzlement." Whole Earth Review. Fall 1990, 44- 57.
Beniger, James R. The Control Revolution: Technological and Economic Origins of the Information Society. Cambridge: Harvard University Press, 1986.
Bequai, August. Technocrimes. Lexington: Heath and Company, 1987.
BloomBecker, Buck. Spectacular Computer Crimes: What They Are and How They Cost American Business Half a Billion Dollars a Year. Illinois: Dow Jones- Irwin, 1990.
Bowman, Stephen. When the Eagle Screams: America's Vulnerability to Terrorism. New York: Birch Lane Press, 1994.
Brodie, Bernard & Fawn, M. From Crossbow to H-Bomb. Bloomington: Indiana University Press, 1973.
Carey, Roger & Salmon, Trevor C. International Security in the Modern World. New York: St. Martin's Press, 1992.
Clough, Bryan & Mungo, Paul. Aproaching Zero: The Extra-ordinary Underworld of Hackers, Phreakers, Virus Writers & Keyboard Criminals. New York: Random House, 1992.
Cooper, Richard. "Economic Interdependence and Foreign Policy in the Seventies." World Politics. January 1972, 159-181.
De Landa, Manuel. War in the Age of Intelligent Machines. New York: Swerve Editions, 1991.
Denning, Peter J. Computers Under Attack: Intruders, Worms and Viruses. New York: ACM Press, 1991.
Der Derian, James. "Cyber-Deterrence." Wired, September 1994, 116-122.
Dubik, Colonel James M. & Sullivan, General Gordon R. "War in the Information Age." Stategic Studies Institute, U.S. Army War College, 6 June 1994.
Forester, Tom & Morrison, Perry. Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing. Cambridge: The MIT Press, 1994.
Gore, Al. "Infrastructure for the Global Village." Scientific American, Special Issue, 1995, 156-159.
Hafner, Katie & Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier. New York: Simon & Schuster, 1991.
Headrick, Daniel R. The Invisible Weapon: Telecommunications and International Politics 1851-1945. New York: Oxford University Press, 1991.
Jervis, Robert. "Deterrence Theory Revisted." World Politics. January 1979, 289- 324.
Jervis, Robert. Cooperation under the Security Dilemma." World Politics. January 1978, 167-214.
Jervis, Robert. The Meaning of the Nuclear Revolution: Statecraft and the Prospect of Armageddon. Ithaca: Cornell University Press, 1989.
Kapor, Mitchell. "Civil Liberties in Cyberspace." Scientific American, Special Issue, 1995, 174-178.
Kapor, Mitchell. "Where is the Digital Highway Really Heading?" Wired, July 1993, 53-60.
Kelly, Kevin. Out of Control: The Rise of Neo-Biological Civilization. New York: Addison Wesley Publishing, 1994.
Kennedy, Paul. The Rise and Fall of the Great Powers: Economic Change and Military Conflict from 1500-2000. New York: Vintage Books, 1987.
Keohane, Robert O. After Hegemony: Cooperation and Discord in the World Political Economy. Princeton: Princeton University Press, 1984.
Kroker, Arthur & Weinstein, Michael A. Data Trash: The Theory of the Virtual Class. New York: St. Martin's Press, 1994.
Levy, Jack. "The Offensive/Defensive Balance in War." International Studies Quarterly. June 1984.
Levy, Jack. "Theories of General War." World Politics. vol. 37, no. 3, April 1985, 344-374.
Levy, Steven. Hackers: Heroes of the Computer Revolution. New York: Dell Publishing, 1984.
Luttwak, Edward N. The Endangered American Dream: How to Stop the United States from Becoming a Third World Country and How to Win the Geo- Economic Struggle for Industrial Supremacy. New York: Simon & Schuster, 1993.
May, Timothy C. "Crypto Anarchy and Virtual Communities." Extended abstract. Available Online: Email: tcmay@netcom.com.
Nacht, Michael, Quester, George H. & Weltman, John J. Challenges to American National Security in the 1990s. New York: Plenum Press, 1991.
National Institute of Standards and Technology Computer Security Division. 1992. Threat Assessment of Malicious Code and Human Threats. Washington: GPO.
Nye, Joseph S. Jr. Understanding International Conflicts. New York: HarperCollins, 1993.
Parker, Donn B. Crime by Computer. New York: Charles Scribner's Sons, 1976.
Petersen, John L. The Road to 2015: Profiles of the Future. California: Waite Group Press, 1994.
Porteous, Samuel D. "Economic Espionage: Issues Arising from Increased Government Involvement with the Private Sector." Intelligence and National Security. vol. 9, no. 4, October 1994, 735-752.
Quittner, Joshua & Slatalla, Michelle. Masters of Deception: The Gang That Ruled Cyberspace. New York: HarperCollins, 1995.
Rheingold, Howard. The Virtual Community: Homesteading on the Electronic Frontier. New York: Addison-Wesley Publishing Company, 1993.
Ronfeldt, David. "Cyberocracy is Coming." The Information Society Journal. vol. 8, no. 4, 1992, 243-296.
Rosecrance, Richard & Stein, Arthur. "Interdependence: Myth or Reality." World Politics. vol 26, Oct. 1973, 1-27.
Rushkoff, Douglas. Cyberia: Life in the Trenches of Hyperspace. New York: HarperCollins, 1994.
Schwartau, Winn. Information Warfare: Chaos on the Electronic Superhighway. New York: Thunder's Mouth Press, 1994.
Schwartau, Winn. Terminal Compromise. USA: Inter.Pact Press, 1991.
Schwartz, Peter. "Post-Capitalist: Conversation with Peter Drucker." Wired, July 1993, 80-84.
Schwartz, Peter. "Warrior in the Age of Intelligent Machines." Wired, April 1995, 138.
Schweizer, Peter. Friendly Spies: How America's Allies Are Using Economic Espionage to Steal Our Secrets. New York: Atlantic Monthly Press, 1993.
Skolnikoff, Eugene B. The Elusive Transformation: Science, Technology, and the Evolution of International Politics. Princeton: Princeton University Press, 1993.
Snyder, Jack. Myths of Empire: Domestic Politics and International Ambition. Ithaca: Cornell University Press, 1991.
Steele, Robert D. "The Military Perspective on Information Warfare: Apocalypse Now." Keynote Address, Second International Conference on Information Warfare: Chaos on the Electronic Superhighway, Montreal, 19 January 1995.
Steele, Robert D. "War and Peace in the Age of Information." Superintendent's Guest Lecture, Naval Postgraduate School, 17 August 1993.
Stein, Arthur A. "Coordination and Collaboration: Regimes in an Anarchic World." International Organization. Spring 1982, 299-324.
Sterling, Bruce. "War is Virtual Hell." Wired, Premiere 1993, 46-52.
Sterling, Bruce. The Hacker Crackdown: Law and Disorder on the Electronic Frontier. New York: Bantam Books, 1992.
Stockton, Paul N. & Tritten, James J. Reconstituting America's Defense: The New U.S. National Security Strategy. New York: Praeger Publishers, 1992.
Stoll, Clifford. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. New York: Doubleday, 1989.
Thurow, Lester. Head to Head: The Coming Economic Battle Among Japan, Europe, and America. New York: Warner Books, 1992.
Toffler, Alvin & Heidi. War and Anti-War: Survival at the Dawn of the 21st Century. Boston: Little, Brown & Company, 1993.
Toffler, Alvin. The Third Wave. New York: William Morrow & Company, 1980.
U.S. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Technology and Competitiveness. Hearings on Computer Security. 102nd Cong., 1991.
U.S. Congress. Senate. Committee on Governmental Affairs. Subcommittee on Government Information and Regulation. Hearings on Hackers Penetrate Department of Defense Computer Systems. 102nd Cong., 1991.
U.S. Congress. Senate. Committee on Governmental Affairs. Subcommittee on Government Information and Regulation. Hearings on Regarding the Computer Security Act. 102nd Cong., 1991.
United States General Accounting Office. 1989. Report on Instances of Unauthorized Access to Space Physics Analysis Networks. Washington: GPO.
United States General Accounting Office. 1990. Report on Implementation of Computer Security Act. Washington: GPO.
United States General Accounting Office. 1995. Information Superhighway: An Overview of Technology Challenges. Washington: GPO.
Van Duyn, J. The Human Factor in Computer Crime. Princeton: Petrocelli Books, 1985.
Wallich, Paul. "Wire Pirates." Scientific American. March 1994, 90-102.
Wilson, Kevin G. Technologies of Control: The New Interactive Media for the Home. Madison: The University of Wisconsin Press, 1988.
[ Home] [Info-War] [Terrorism] |
Contact the
Terrorism Research Center |
Visitors since 17 Nov 96 |