©1995 Matthew G. Devost
NATIONAL SECURITY IN THE INFORMATION AGE
A Thesis Presented
by
Matthew G. Devost
to
The Faculty of the Graduate College
of
The University of Vermont
In Partial Fulfillment of the Requirements
for the Degree of Master of Arts
Specializing in Political Science
May, 1995
TABLE OF CONTENTS
[Note: Page Numbers Not Applicable for Electronic Version.]
ABSTRACT
ACKNOWLEDGMENTS ii
CHAPTER 1 – Introduction 1
The Information Age 2
The Knowledge-Based Economy 4
CHAPTER 2 -. New Territory, New Concepts and New Warfare 10
New Concepts: Information Warfare 14
New Weapons 16
HERF Guns 17
EMP/T Bombs 18
System intrusion 18
Emissions capture and espionage 20
Viruses, trojan horses and worms 21
Normal accidents 24
Information Warfare: Isolated Examples 24
Operation Datastream 25
The Hacker Spy 26
Hacker Attacks During Gulf War 28
Infrastructure Attacks 30
The Phone System 31
The Power Grids 33
The Big Picture 34
CHAPTER 3 – The Political Context of Information Warfare 38
What is National Security 38
Political Attractions of Information Warfare 41
Low Cost 41
Timely and Not Location Specific 42
Anonymity 43
Minimal Loss of Human Life 44
First Strike Advantage 47
Offensive Nature of Information Warfare 47
Deterrents to Waging Information Warfare 48
Economic Interdependence 49
Fear of Escalation 52
Lack of Technical Expertise 53
Information Warfare as Terrorism 54
The Realist/Liberal Approach to Information Warfare 56
The Realist Approach to Information Warfare 57
Problems with the Realist Approach 59
The Liberal Approach to Information Warfare 61
Problems with the Liberal Approach 62
The Realist/Liberal Conflict 64
The Strategic and Security Impacts of Technology:
A Historical Perspective 68
Decentralizing the Military: The Conoidal Bullet 69
Information Warfare: The Bushnell Turtle of the Information Age 71
CHAPTER 4 – National Security Solutions for the Information Age 74
The Computer Security Act of 1987 74
Operation Sundevil 76
Information Warfare: A Threat Assessment Portfolio 77
National Security Solutions for the Information Age 80
Step One: Declassify the Threat 80
Step Two: Increase Security 81
Step Three: Increase Vendor Accountability 82
Step Four: Facilitate Private/Public Sector Cooperation 83
Step Five: Conceptualize Our Information Sphere 84
Step Six: Multi-Level Education 88
Step Seven: Use Hackers as a National Resource 90
Step Eight: Global Institutions and International Agreements 95
Conclusion: National Security in the Information Age 96
FOOTNOTES
SELECTED BIBLIOGRAPHY 101
ABSTRACT
This thesis examines the impact information technologies have had on the national security of the United States. It looks at how these technologies have evolved into a significant component of the economic, military, and social construct of the nation resulting in a transition from the Industrial Age to the Information Age.
It introduces a new paradigm for conflict among nations based upon attacking information infrastructures. The political attractions and deterrents to using these new information warfare methods are discussed at great length. The debate is then placed in a traditional realist/liberal context and examined from both perspectives, suggesting ways in which each side would remedy the national security threat. Historical technological developments are explored and contrasted with new technology to develop hypotheses regarding the future strategic impacts that these new technologies will have.
An increased reliance on information technology which is highly vulnerable to failure and sabotage has created a new risk to the national security of the United States. These vulnerabilities will be exploited during any conventional military conflicts between nation states, but several political deterrents including economic interdependence and fear of escalation decrease their attraction during peacetime. Despite this, the political and strategic attractions of information warfare make it a likely terrorist weapon.
The final chapter offers policy prescriptions and solutions for integrating these concerns into the framework of the United States’ grand strategy to decrease the security threat and facilitate international cooperation in this area.
ACKNOWLEDGMENTS
I am greatly indebted to a number of people who have made this thesis
possible. First and foremost, my parents, family and friends who have provided
unlimited support and encouragement. This thesis is dedicated to them.
A special acknowledgment to Robert D. Steele. From the beginning, he has
provided encouragement and opportunity. The scholarship he provided to attend
his International Symposium: “National Security and National
Competitiveness: Open Source Solutions,” allowed me to exchange ideas with
innovators and experts from around the world.
Special thanks to Dr. Mich Kabay and the National Computer Security
Association for giving me the opportunity to speak at the Second International
Conference on Information Warfare.
Within the University of Vermont: Professor Cherie Steele, for her patience
and dedication as my thesis advisor; Professors Tony Gierzynski and Tom
Streeter, for sitting on my thesis committee; and Professor Tom Rice and the
rest of the Political Science department for providing support and funding for
my graduate research.
Many others were helpful, perhaps without realizing it: Winn Schwartau, Bob
Stratton, Eric Hughes, Emmanuel Goldstein, and numerous members of the digital
underground.
Chapter 1
Introduction
Conceptions of national security can and do change. A series of new threats
to American national security have developed with our transition into the
Information Age. New technological developments and an increased reliance on
computer-based technology will cause a shift in conceptions of national security
for all advanced post-industrial societies. Nations face the danger of having
their information infrastructures destroyed, altered, or incapacitated by new
offensive technologies. Accordingly, grand strategies must integrate these new
threats and vulnerabilities into their general framework. Although Eugene
Skolnikoff argues that the vulnerability of large systems is rarely noticed
until disruption or catastrophe occurs(1), this thesis argues that these issues
must be dealt with pre-emptively to minimize their economic and political costs.
Political scientists and political leaders must recognize and examine the
threats posed by new technology and how it will effect both national and
international political relationships. This thesis provides an introduction to
these new technologies and suggests ways they have been utilized in the past to
threaten the national security of the United States. The threat is also placed
in a theoretical political context by examining how it relates to
paradigm-shifting technologies of the past, what its political attractions and
deterrents are, and how it would be analyzed and addressed within traditional
realist/liberal national security schools. It concludes with policy
prescriptions to assist policy makers in the transition to a new national
security agenda that includes the concepts examined in this thesis.
The need for work in this area is great. Very little work has been done in
the political science field to examine security issues related to information
technology.(2) David Ronfeldt argues that “with few exceptions, policy
makers and analysts are just beginning to discern how government and politics
may ultimately be affected by the information revolution.”(3) As a result,
this thesis draws from a wide range of material that has been taken from
multiple disciplines and weaves it all to reveal national security
vulnerabilities and what can be done about them.
The Information Age
The United States is making a transition to a new age. Alvin Toffler
referred to this transition as the Third Wave(4), in his 1980 book of the same
title.(5) According to Toffler, the pattern of societal development follows a
series of waves, each of a lesser timespan than the previous. Toffler writes:
Until now the human race has undergone two great waves of change, each
one largely obliterating earlier cultures or civilizations and replacing them
with ways of life inconceivable to those who came before. The First Wave of
change – the agricultural revolution – took thousands of years to play itself
out. The Second Wave – the rise of industrial civilization – took a mere three
hundred years. Today, history is even more accelerative, and it is likely that
the Third Wave will sweep across history and complete itself in a few
decades.(6)
Toffler’s predictions about the coming Third Wave were written over fifteen
years ago, and the societal revolution he predicted is readily acknowledged
today as the Information Revolution.
This terminology is used by the leaders of the United States to describe the
transition to a knowledge-based economy. Vice President Al Gore argues that “we
are in the midst of an Information Revolution.”(7) President Clinton often
speaks of the Information Age and during his presidency he has created various
working groups and committees to develop the foundations for a National
Information Infrastructure.(8) Various scholars argue that the United States
has already made the transition into the Information Age and that a majority of
our jobs are already knowledge-based jobs.(9) In fact the decline in industrial
based jobs looks very similar to the decline in agricultural jobs brought about
by the transition from the First to the Second Wave. The swell of the Third
Wave is already visible and its crest no longer unimaginable.
The Knowledge-Based Economy
If this coming Sunday, you were to sit down and read the entire New York
Times, you would absorb more information in that one reading that the average
person absorbed in a lifetime in Thomas Jefferson’s Day.(10)
Information revolutions are not new. Gutenberg’s printing press launched an
information revolution over five hundred years ago. His invention allowed for
the mass distribution of information, permitting common men to posses otherwise
scarce texts like the Bible. This created less reliance on hierarchical sources
of authority for interpretation of texts and granted anyone with the resources
to operate a printing press access to large audiences. To take the argument
even further, author Kevin Kelly argues that cultural advances, like the
printing press “prepared a possibility space that allowed human minds and
bodies to shift so that some of what it once did biologically would afterwards
be done culturally.”(11) Under this view, the printing press served a dual
purpose. It revolutionized the way human beings interact and it contributed to
our evolution by decreasing the amount of information our minds needed to store.
In this regard, the Information Revolution is similar to the printing
revolution. Computers increase our capacity to store and search for information
externally.
Other mediums of communication might be considered revolutionary as
well.(12) One need only think of the changes brought about by the invention of
the telephone, radio, and television to realize that information revolutions
have their place in history. Each of these technologies increased our capacity
to communicate over great distances. In some cases, the communication took
place over physical cables, and in other cases the communication took place over
frequency waves with no physical connection required. How does this
information revolution promise to be different?
The difference is our increased ability to access, distribute and store
incredibly large quantities of information in very little time. It is now
possible to send the entire Encyclopedia Brittanica across the country in about
two seconds.(13) Access to large quantities of information through electronic
communications is a realizable goal anywhere there is access to a standard phone
line or cellular cell. In the near future, a series of low orbit satellites
will allow electronic communications technology to be utilized from any location
on earth.(14) In addition to this, the Internet, currently the world’s
information backbone, is increasing at a rate of twenty-five percent per month
and the World Wide Web has been experiencing growth rates of 341,634 percent per
year.(15)
With this increase in interconnectivity and information resources, the labor
force of a Third Wave nation becomes knowledge-based. Peter Drucker writes:
The basic economic resource – “the means of production,” to
use the economist’s term – is no longer capital, nor natural resources, nor
labor. It is and will be knowledge. The central wealth making activities will
be neither the allocation of capital to productive uses, not labor – the two
poles of nineteenth and twentieth century economic theory, whether classical,
Marxist, Keynesian, or neo-classical. Value is now created by productivity and
innovation, both applications of knowledge to work. The leading social groups
of the knowledge society will be knowledge workers and knowledge executives who
know how to allocate knowledge to productive use, just as the capitalists knew
how to allocate capital to productive use…Yet, unlike the employees under
Capitalism, they will own both the means of production and the tools of
production.(16)
Other scholars have expressed similar sentiments. Daniel Bell echoes
Drucker’s argument when he proposes that “the crucial point about a
post-industrial society is that knowledge and information become the strategic
and transforming resources of the society, just as capital and labor have been
the strategic and transforming resources of the industrial society.”(17)
The key financial institutions of knowledge-based societies also become
information-based. A majority of the financial transactions within the United
States do not involve the physical transfer of capital or physical
representations of money such as gold or currency, but rather the transfer of
information. For example, when money is loaned between institutions no physical
transfer of funds takes place. Instead, the informational representation of
money is exchanged. Information now represents money and “finance no
longer has anything to do with money, but with information.”(18) Whereas
industrial societies were concerned with protecting physical capital and
providing safe routes for the transport of resources, information societies must
be concerned with protecting information and the transfer of information. Where
the destruction of bridges was a threat to the national security of an
industrial society, the destruction of information networks, especially those
involved with financial transactions, is a threat to the national security of
information societies.
This is the nature of conflict of the Information Age. Where the politics
of the last one hundred years centered around Industrial Age technology, the
politics of the future will be based on Information Age concerns oriented
towards the storage, protection and exchange of information. The premiere issue
of the magazine designed for the Information Age, appropriately named Wired,
had this to say about the emergence of new technology.
The medium, or process, of our time – electronic technology – is
reshaping and restructuring patterns of social interdependence and every aspect
of our personal life. It is forcing us to reconsider and re-evaluate
practically every thought, every action, and every institution formerly taken
for granted.(19)
The purpose of this thesis is take this concept one step further. It will
demonstrate that with the Information Age comes new threats to the
infrastructure of the United States. It will show that our reliance on computer
technology and our quick transition into a knowledge-based economy has left us
vulnerable to attack, and that vulnerability creates difficult political
dilemmas that must be dealt with should we wish to continue following the
currents of the Third Wave.
In Chapter Two, a new paradigm for conflict based upon attacking information
infrastructures is introduced and examples are given to demonstrate how this new
paradigm is rapidly developing to threaten the security of Third Wave nations.
Chapter Three then places the issue in a theoretical context by examining the
political advantages and deterrents to nations utilizing the capabilities of new
technology for offensive purposes. The issue is then examined from both the
realist and liberal perspective to speculate how each side would respond to the
acknowledged national security threat. Similarities to historical technological
developments are explored and contrasted with new technology to develop
hypotheses regarding the future strategic impacts that these new technologies
will have. The final chapter offers policy prescriptions and solutions for
integrating these concerns into the framework of the United States’ grand
strategy in order to decrease the security threat and facilitate international
cooperation in this area.
Chapter 2
New Territory, New Concepts and New Warfare
What is the National Information Infrastructure? For the purposes of this
paper, the NII is defined as the physical and virtual backbone of an information
society and includes, at a minimum, all of the following:(20)
- Financial networks: used for the transfer of information between
financial institutions. - Private corporate and institutional networks: Used for the exchange of
information between international components of the same organization. - Public fee accessed networks: Telephone networks and other privately
provided communications networks. - Cooperative networks: Used to link educational and research facilities
for mutual benefit, as is the case with the Internet. - Subscription networks: Fee based access to enclosed virtual communities
as is the case with Prodigy, Compuserve and America On-line. Also, increasingly
connected to cooperative networks to create large national networks for the
exchange of information. - Government and defense networks: Used for government and defense
communications. Department of Defense networks used for C3I (command, control,
communications and intelligence.) - Computer reliant public utilities: Power plants, water and sewage,
transportation vehicles and traffic systems. - Computer reliant technology: Environment and security control in large
buildings, chip reliant cars, and a plethora of other conveniences.
This rather broad list has been compiled to demonstrate our current reliance
on computer technology. The National Information Infrastructure is usually
described as a utopian network for the cooperative exchange of information.
However, from a security perspective, the NII encompasses a much more extensive
sphere. Not only does it include systems required for the flow of information,
but the hardware those information flows have helped create, as well.
Where information flows are concerned, one might separate information
content into three distinct groupings with occasional overlaps:
1) Military information, which deals with actual military developments, top
secret operations, intelligence, systems control, correspondence between high
ranking officials, troop files and credit ratings, general troop activities and
lower level correspondence.
2) Business information, which consists of business records, bank
transactions, individual credit records, business systems, and other financial
transactions.
3) Personal information, which includes individual credit records, personal
systems, files and correspondence between individuals.
An attack or threat on lower levels of information, credit card fraud for
example, is more of an inconvenience than a national security threat.
Replacement costs may be high for this type of information, but the costs are
not nearly as high as they are for military or business information. A
successful attack on just a few business information systems could cause a
severe lag in the American economy. Robert Steele notes that “It costs a
billion dollars and takes six weeks to recover from a one day bank failure and
we have them all the time.”(21) If Wall Street suddenly closed down, or if
bank transactions suddenly disappeared the United States would lose hundreds of
billions of dollars. It is estimated that the daily value of telephone
transactions on Wall Street alone, is in excess of one trillion dollars.(22)
A potential attack on military information, especially that which is
classified, poses a national security threat from a strategic standpoint. From
a command and control perspective, denying communications capability or altering
and destroying intelligence can have profound effects on the capabilities of
modern militaries. General Colin Powell notes that “A downsized force and
a shrinking defense budget result in an increased reliance on technology, which
must provide the force multiplier required to ensure a viable military
deterrent… Battlefield information systems became the ally of the warrior.
They did much more than provide a service. Personal computers were force
multipliers.”(23) Whereas Sun Tzu regarded the skillful command of troops
as having the potential “of round boulders which roll down from mountain
heights,”(24) in today’s military it would be round boulders capable of
rolling by themselves, both on flat ground and up steep grades. Soldiers in
battle are less reliant on a hierarchical command structure and are capable of
making more autonomous decisions based on an increased ability to receive and
analyze real-time information regarding the condition of the battlefield. In
this situation, the emphasis is not on the function of command, but on
maintaining the supply and value of the information.(25)
Robert Steele argues that information warfare is “about applied
intellect – it is about harnessing intellect and protecting intellect, and it is
above all about providing the commander – including the civil commander in the
role of political, economic, or cultural leader – with survivable, reliable,
decision-support through war and operations other than war, on the home front as
well as on the traditional front line – and to do so largely with ‘out of
control’ civil resources.”(26) With military command and control placed in
this context, threats to national security are present not only when military
communications are targeted, but also when civilian support to operations is
targeted. One cannot harness the distributed intelligence of a nation if the
information content is diverted or destroyed.
What threat is posed to American national security if, during a war, the
enemy were able to get information on troop movements or discover flaws in one
of our weapons systems? Or if the Soviets, during the Cold War, had been able
to access information on the Strategic Defense Initiative or stealth aircraft
designs? What if one fourth of all the computer systems in America stopped
working one day?
New Concepts: Information Warfare
Information warfare is about destroying information, reducing information
flows, reducing the reliability of information content, and denying access to
services. Author and security expert Winn Schwartau writes:
Information warfare is waged against industries, political spheres of
influence, global economic forces, or even against entire countries. It is the
use of technology against technology; it is about secrets and the theft of
secrets; it is about turning information against its owners; it is about denying
an enemy the ability to use both his technology and his information.(27)
Historical patterns reveal that information warfare is undoubtedly warfare
of the future. Traditionally, warfare has followed the different waves of
development in society. Science has always been applied to war.(28) Agrarian
society saw the development of the crossbow. As scientific capacity increased,
so did the weapons societies used in warfare. As nations industrialized, they
used their factories to create tanks. As our capacity to understand physics
increased, we used nuclear fission to deal devastating blows from high
altitudes. Today, computer-guided electronics allow us to deal even more damage
from the comfort of an underground bunker thousands of miles away. As we move,
or have already moved, into the Third Wave or Information Age, it is only
natural that our weapons or means of warfare will follow.
Information warfare, as a concept, is not entirely new. In 1912, when the
British cableship Telconia hauled up and cut the five cables that linked Germany
to the outside world: (two to the Azores and North America, one to Vigo, one to
Tenerife, and one to Brest); the British were waging information warfare.(29)
The British recognized the strategic significance of wartime communications and
utilized their capabilities to hinder Germany’s ability to communicate.
Likewise, when the United States intercepted and decrypted Japanese
communications intelligence during wartime operations and diplomatic
negotiations, the United States was waging information warfare.(30)
The only problem with these examples is that the environment in which they
took place is not as relevant today. These attempts at information warfare were
waged against industrial societies in which information was just one valuable
asset, ranked lower on the hierarchy of strategic importance than protection of
the industrial base. Today’s Third Wave societies are no longer based entirely
on industrial concepts and information has a higher strategic value now than it
has had at any point in history. This means that information warfare poses a
greater threat to national security in the Information Age than it did in the
Industrial Age. In fact, for several reasons illustrated later, information
warfare may become the preferred method of conflict among Third Wave nations.
General Gordon Sullivan and Colonel James Dubik acknowledge that “To
succeed against an industrial state generally requires the destruction not only
of its army, but also of the military infrastructure, resources and
manufacturing base of the total war-making capability. Achieving victory
against an information-based state will entail destroying that country’s armed
forces, as well as destroying its war-making capability (which may well include
industrial and information-related targets) and its information systems.”(31)
Not only is information warfare an entirely new paradigm for waging war, it
must also be adopted as a supplement to traditional and conventional means of
warfare if successful campaigns are to be waged.
New Weapons
With a new type of warfare comes a new breed of weapons. In order to
understand the vulnerabilities of systems and the capabilities of possible
adversaries, a brief overview of offensive information warfare weaponry is
required.
HERF Guns. High Energy Radio Frequency guns allow adversaries to create
denial-of-service scenarios against a wide variety of targets. The concept
behind the HERF Gun is very simple and they are incredibly easy to build.
Depending upon the size of the power source used and range or accuracy desired,
HERF guns can be designed to take many different shapes and forms. HERF Guns
direct a blast of high energy radio signals at a pre-selected target. Schwartau
explains:
Electronic circuits are more vulnerable to overload than most people
realize, and that weakness is exploited by a HERF Gun. A HERF Gun is nothing
more than a radio transmitter, conceptually similar to the real tall ones with
blinking red lights on top to keep planes from hitting them. Your portable CB
or cellular phone are also radio transmitters, with different purposes, working
at different power levels. The HERF Gun shoots enough energy at its target to
disable it, at least temporarily. A HERF Gun can shoot down a computer, cause
an entire network to crash, or send a telephone switch into electronic orbit.
The circuitry within modern computer and communications equipment is designed
for low-level signals; nice quiet 1s and 0s which operate within normal limits.
The HERF Gun is designed to overload this electronic circuitry so that the
information system under attack will become, at least temporarily, a meaningless
string of babbling bytes.(32)
The damage that a HERF Gun can do when directed at a variety of creatively
selected targets is clearly obvious. Not only is a situation created in which
information systems fail, but it becomes extremely difficult to identify the
cause of failure.
EMP/T Bombs. Electromagnetic Pulse Transformer Bombs operate under the same
principle as HERF Guns; however, they are thousand times more powerful.(33)
Also, the damage induced by EMP/T Bombs is permanent. Governments have been
concerned with the threat of electromagnetic pulse since the invention of the
atomic bomb. A 1980 Federal Emergency Management Agency report concluded that
the following hardware would be most susceptible to failure from EMP:
computers, computer power supplies, transistorized power supplies, semiconductor
components terminating long cable runs (especially between sites), alarm
systems, intercom systems, life support system controls, telephone equipment,
transistorized receivers and transmitters, transistorized process control
systems, power control systems, and communications links.(34)
If EMP/T Bombs were detonated over densely populated urban areas, the
results would be disastrous. Not only would all communications and electronic
equipment fail, but the city would also experience a blackout, thus creating a
prime environment for civil unrest and riots.
System intrusion. Interconnected communications and computer systems are
also susceptible to intrusion. Commonly referred to as hacking, system
intrusion creates a wide variety of security concerns. Hacked systems can be
utilized for information gathering purposes, information alteration, and
sabotage. Vulnerabilities exist in almost every externally networked computer
in the United States. A report prepared by the Computer Security division of
the National Institute of Standards and Technology notes that “connectivity
allows the hacker unlimited, virtually untraceable access to computer systems.”(35)
An entire subculture dedicated to the issues concerning hacking has developed
and its numbers increase substantially every year. In the summer of 1994, over
one thousand people from around the world descended on New York city for an
organized convention called “Hackers on Planet Earth.”(36) Being a
sensational subject, computer hacking has also generated a lot of attention in
the American media. The recent apprehension of known computer hacker Kevin
Mitnick generated a plethora of front page stories across the nation.
Unfortunately, with this media attention, the term hacker itself has taken on an
entirely new meaning. Steven Levy first described hackers as computer
explorers, “adventurers, visionaries, risk-takers, artists… and the ones
who most clearly saw why the computer was a truly revolutionary tool.”(37)
Levy’s hackers were the pioneers of the computer industry: Steven Jobs, Bill
Gates and Stephen Wozniak. These are men who are recognized today as
establishing a competitive advantage in personal computer hardware and software
for the United States. Today, the term hacker is often used to indicate a
computer criminal. This creates a difficult dilemma for those who wish to use
the term with positive connotations. For the purposes of this paper, the term
is used in both capacities, with the focus not on the intent of hackers or
computer criminals, but on their capabilities. Intent, reliability and
disposition only come into play when computer explorers are considered a
potential national security asset in Chapter Four.
Emissions capture and espionage. Computer hackers can also utilize several
tools for the capture of vital information secrets such as passwords or data.
Van Eck emissions enable hackers to capture the contents of computer screens
from up to two hundred meters away.(38) Devices designed to capture these
emissions can be developed at very low cost. To further complicate the matter,
current government regulations prevent non-governmental organizations from
protecting themselves by installing TEMPEST(39) equipment.(40) Information and
telecommunication networks are also easily monitored for information that might
be utilized for system intrusion.(41)
Viruses, trojan horses and worms. Viruses, trojan horses and worms have huge
destructive potential. Perhaps the greatest threat of the three is the computer
virus, a program which has the ability to attach itself to legitimate files and
then propagate, spreading much like an infectious disease from computer to
computer as files are exchanged between them. The more interactivity a computer
has with other computers the higher the chance of it contracting a virus. The
virus continues to hide itself until a certain criterion is met. These criteria
change from virus to virus, but some of the most deadly are viruses that wait a
certain length of time before initiating their destructive capabilities. This
insures that the virus has had enough time to copy itself to many systems, thus
increasing its damage potential. Once the criteria are met, the virus can
attack a system in one of many ways: by erasing files, destroying hard disk
drives, or corrupting databases.
Imagine a virus that spreads to a bank computer and then randomly modifies
numbers within a database, or simply causes the bank’s computers to shut down.
The potential for damage is enormous, but it is mostly monetary damage. Now
imagine that same virus attacks a hospital computer system. Human lives are at
stake, making that virus a tool of murder no less dangerous than a loaded
weapon. Viruses are very difficult to protect against because a copy of the
virus is often needed to create a vaccine or program to detect it. We do not
usually find copies of the virus until they have caused damage. It has been
estimated the cost of removing the viruses infections over the next five years
will be over $1.5 billion – not taking into account the value of the data that
will be destroyed.(42) There are already many documented cases of companies
losing millions of dollars in business and thousands of hours of computing time
due to viruses attacks.(43) That number will only increase in the future.
By 1992 there were over 1,500 catalogued viruses in the West, with that
number expected to have doubled by the end of 1993(44) One of the most popular
was the Michaelangelo virus, which received news coverage on all the major
television networks. What many Americans do not understand is that
Michaelangelo is just one of many potential attackers of their computer systems.
In Bulgaria, companies have set up virus factories producing more viruses than
the anti-virus industry can combat. How should the U.S. deal with companies
whose only concern is to produce destructive software? This is one of the many
questions we must ask ourselves when creating policies to ensure safe computing
in future years.
The trojan horse derives its name from the famous attack on the city of
Troy, and operates much like the trojan horse of ancient times. A trojan horse
is a program that pretends to be a benign program but is really a program of
destruction. The program tricks the user into running it by proclaiming to
perform some useful function; however, once initiated it can be as destructive
as a virus. Trojan horses are less of a danger because they are easily
destroyed: one simply deletes the program, since they contain no means of
copying themselves independently.
The worm operates much like a virus, but is can travel along a network on
its own. Perhaps the best known worm was the one created in 1988 by Robert
Morris, the son of an National Security Agency official. Morris created a worm
to seek out sites on the Internet by traveling along its many connections and
copying itself onto remote computers. Morris’ worm was not created to damage
any systems, but he made an error in designing the program. This error caused
the worm to begin propagating itself at an exponential rate, slowing down
Internet sites and causing communications to come to a standstill. The reaction
among Internet users and system administrators was mass hysteria. The following
are some highlights of the events as they unfolded over the course of twelve
hours
5:00 p.m. – Morris launches his worm onto the Internet
8:00 p.m. – System operators at computer systems across the nation begin
noticing that something is slowing their computer system down.
2:38 a.m. – The virus has spread onto many systems including the
Lawrence Livermore National Laboratory, NASA Ames Laboratory, Los Alamos
National Laboratory, and the Department of Defense’s Milnet network.
– A worried system operator releases the following message onto the
Internet. “We are currently under attack by a computer virus.”
5:00 a.m. – An estimated 6,200 computers have been infected in the
course of 12 hours. System operators begin breaking network connections to
protect their systems. Later calculations revealed that only around 2000
computers had been attacked.
Days later, system operators were still cleaning up and containing the
Internet worm which had caused over one million dollars in damage.(45) Morris
was convicted for the damage initiated by his worm and sentenced to three year’s
probation, a $10,000 fine and four hundred hours of community service.(46)
Though Morris’s actions were illegal, he managed to expose the vulnerability of
the computer networking system. If one college student could do so much damage
by accident, what could a rogue nation or terrorist group do on purpose?
Normal accidents. In his 1985 book, Charles Perrow discusses threats posed
by accidental failure of advanced technology.(47) The same threats exist with
computer technology and information systems. It is not uncommon to read in the
newspaper about power lines being cut causing airports to shut down for extended
periods of time or for unexplainable electronic gremlins to cause multiple
failures at great cost. This was the case in Chicago in September 1994 when
several unexplainable electronic failures shut down airports and financial
institutions throughout the city.(48)
Information Warfare: Isolated Examples
Although there have been several examples in which national security has
been breached in the past five years, no single event constitutes an enduring
national security threat. But collectively, these events highlight a national
security threat based upon internal weaknesses in the security of information
technology systems in the United States.
Operation Datastream
Recently released information reveals that a sixteen-year-old computer
hacker from Britain was able to infiltrate United States Department of Defense
computer systems for seven months without being detected. He obtained access to
ballistic weapons research, aircraft design, payroll, procurement, personnel
records and electronic mail. In all, over one million passwords were
compromised. The Ottawa Citizen reports that “the U.S. Defense Information
Systems Agency admitted in a private briefing, which has been confirmed, that
the hackers had affected the departments’ ‘military readiness’.”(49)
It is also believed that the hacker had access to sensitive and classified
computer databases regarding nuclear inspection details in North Korea.(50) The
security implications in this case are intensified by the fact that information
could have been altered. Had the North Korean government had access to this
information, it is possible that they might have altered databases and
communications to assist their development of nuclear weapons. In fact, there
is no evidence to suggest that North Korea was not involved in operations of
this sort on its own. It is acknowledged that the only reason the British
hacker was caught is because he left his computer terminal connected to a U.S.
defense computer overnight.
This is obviously a case where information warfare techniques have
substantial implications. Nuclear weapons are regarded as one of the most
devastating threats to the physical security of nation states. This case
demonstrates that information warfare can be used to assist nuclear
proliferation, creating two major security concerns. North Korea might have
been able to alter inspection reports and falsify data to cover up their nuclear
proliferation efforts, or it might have utilized the information to find out
which sites the United States was targeting for inspection.
The Hacker Spy
Perhaps the best publicized account of a hacker breaking into U.S. military
computer systems took place in 1986 when Cliff Stoll at the Lawrence Berkeley
Laboratory (LBL) discovered a German hacker using the university’s computer to
access sensitive databases. Stoll’s adventure began when he found a
seventy-five cent error in the LBL accounting system that tracks system usage
and then bills the correct party. By exploring the accounting software, Stoll
found that a user named Hunter had used seventy-five cents worth of computing
time in the last month. Stoll also discovered that Hunter did not have a valid
billing address, so he had not been properly charged. Through much work, Stoll
discovered that Hunter was in fact a computer intruder, a hacker using LBL’s
system to access other systems. In most cases the user would have been shut
out, but Stoll, an astronomer by trade, not a computer security expert, decided
to track the activity of the hacker.(51)
When Stoll first discovered that the hacker was accessing military
computers, no one believed him. The people in charge of maintaining these
sensitive systems did not know, nor did they believe, that a hacker had entered
their system. Stoll had a even harder time trying to convince law enforcement
agencies that this was indeed a crime worthy of having the hacker’s call traced.
This one hacker attempted to break into many military computer installations
including the Redstone Missile Command in Alabama, the Jet Propulsion Laboratory
in Pasadena, and the Anniston Army Depot. In many of the cases the hacker
successfully gained full access to computer systems and searched for keywords
like stealth, nuclear, White Sands and SDI.(52) When he found the files he
copied them to his home computer.
The search for the hacker continued for almost a year. The activity was
eventually traced to a West German citizen named Markus Hess. Hess, a member of
the hacker group called the German Chaos Computer Club, used the pseudonym Pengo
among his colleagues. He was known as one of the best hackers in the Hannover
area. On February 15, 1990, Hess and two colleagues were convicted of espionage
for selling secrets to the KGB.(53)
Surely one must look at this case as a threat to U.S. national security,
especially in the context of the Cold War. Gone are the days of searching for
Ivans in elite factions of the U.S. military. Now any twenty-year-old German
drug addict can accomplish the same thing from an apartment in West Germany. The
vast computer networks gives him the means, and the lax security of the United
States computer systems allows him to gain access to them and compromise
national interests.
Hacker Attacks During Gulf War
The United States inability to protect its computer systems was demonstrated
by attacks on Department of Defense computer systems during the war with Iraq.
Testimony before a Senate committee confirmed that during April and May of 1991,
computer hackers from the Netherlands penetrated thirty-four Department of
Defense computer sites. Here are few highlights from the report:
At many of the sites, the hackers had access to unclassified, sensitive
information on such topics as (1) military personnel–personnel performance
reports, travel information, and personal reductions; (2) logistics –
descriptions of the type and quantity of equipment being moved; and (3) weapons
system development data. Although the information is unclassified, it can be
highly sensitive, particularly during times of international conflict. For
example, information from at least one system, which was successfully penetrated
at several sites, directly supported Operation Desert Storm/Shield. In
addition, according to one DOD official, personnel information can be used to
target employees who may be willing to sell classified information.(54)
U.S. soldiers put their lives on the line to fight a war for a country that
cannot even protect the sensitive information related to their activities, let
alone personal data that could be used against their families. What is most
distressing about the report is its conclusion that the hackers exploited known
security holes to gain access to a majority of these systems. The United States
government knew that these security holes were there, yet it did nothing to fix
them. The report also indicates that the hackers “modified and copied
military information,”(55) and that many of the sites were warned of their
vulnerability but failed to realize the implications. The report ended with a
warning of things to come: “Without the proper resources and attention,
these weaknesses will continue to exist and be exploited, thus undermining the
integrity and confidentiality of government information.”(56)
The Dutch hackers are one of the most respected hacking groups in the world.
Luckily for the United States, the Dutch exploits were for educational purposes
only. Their attacks were blatant, open and recorded by video.(57) In order to
ensure that their explorations were noticed they created a user account named
after Vice President Quayle. Had the Dutch hackers been acting with malicious
intent, or under the sponsorship of another nation state, who knows how much
damage they could have inflicted on Allied operations in the Gulf War.
Infrastructure Attacks
The three examples given above demonstrate instances where sensitive
military information was accessed, erecting a breach of security with serious
national security implications. Although these attacks were dangerous, they
caused very little damage to the flow of information. Attacks that target
information infrastructures with the intent to damage information flows are of
equal, if not greater, concern.
In an information-based or knowledge-based economy, denying access to
information transfers causes economic instability. However, due to the infancy
of the information-based economy and an increased hesitance to report instances
where damage is incurred, there are very few examples in which individual actors
have inflicted this sort of damage. Instead, this section will focus on
examples of accidental failure that demonstrate vulnerabilities in the
infrastructure of Information Age societies.
The Phone System
On January 15, 1990 seventy million phone calls went uncompleted.(58) In
Queens, New York two teenage hackers wondered if they were to blame for the
outage.(59) The phone company also wondered if hackers might be at fault as
well. In fact, several hackers were being closely monitored for illegally
accessing, altering and using various phone switches. As it turned out, a
programming error was to blame for the failure, however, a sense of urgency
regarding the security of the phone networks was established.(60)
Crashes since then have not been uncommon. Steven Bowman writes:
Telephone switching stations which are scattered about the U.S. cities
are crucial to our communications network. They are squeezed into any number of
unprotected locations. In 1992, a failed AT&T switching station in New York
put both Wall Street and the New York Stock Exchange out of business for an
entire day, with an estimated loss of billions of dollars in trading value. The
failure resulted in 4.5 million blocked domestic long distance calls, nearly
500,000 interrupted international calls, and the loss of 80 percent of the
Federal Aviation Administration’s circuits. A similar failure on November 5,
1991, in Boston resulted in a 60 percent loss of calls in that area.(61)
Today, the security of the phone networks upon which rely for everyday
communications and business transactions is still questionable. Reports,
detailing the recent arrest of America’s most wanted computer hacker, Kevin
Mitnick noted that Mr. Mitnick manipulated telephone company switches to
disguise his whereabouts.(62)
We rely on telephone communications daily. Many American businesses would
be unable to function without them. Not only is there an inherent vulnerability
of this service being denied, but phone lines can also be manipulated to divert
calls to competitors or can be eavesdropped upon. In what has been called the
Hacker Wars, competing hacker groups within the United States used such
techniques on a daily basis. Not only did they manipulate phone switches, but
they also gained access to numerous private computer networks, including some
military sites. Though losses were minimal, it is only because phone system
crashes have been isolated and uncoordinated. Should someone target several
large phone networks at once, the results would be more than an inconvenience.
It would have a devastating effect on the economic prosperity of many
businesses. Should the denial of service be maintained for extended periods of
time, many businesses, government agencies, and even some military installations
would be electronically paralyzed.
The Power Grids
Power grids, like telephone networks, are prone to failure, both accidental
and intentional. Stephen Bowman writes:
The United States power system is divided into four electrical grids
supplying Texas, the eastern states, the midwestern states and the northwestern
states. They are all interconnected in Nebraska. A unique aspect of the
electrical grids, as with communication grids, is that most built-in
computerized security is designed to anticipate no more than two disruptions
concurrently. In other words, if a primary line went down, the grid would
ideally shut off power to a specific section while it rerouted electricity
around that problem area. If it ran into two such problems however, the grid is
designed to shut down altogether.(63)
The national security implications of major power failures are obvious.
Blacking out several large cities at once would result not only in large
economic losses, but would likely spawn civil unrest and chaos. One need only
think of the damage inflicted by the Los Angeles riots in 1992. For social
reasons, outside the realm of this paper, our cities have become highly unstable
and prone to disruption. Amory B. and L. Hunter Lovins note that “However
caused, a massive power-grid failure would be slow and difficult to repair,
would gravely endanger national security and would leave lasting economic and
political scars.”(64)
The Big Picture
Are you telling me that we spend almost $4 trillion dollars, four goddam
trillion dollars on defense, and we are not prepared to defend our
computers?(65)
Isolated incidents of electronic communications, computer, and power
failures are inconveniences with heavy price tags, but they are not a threat to
the national security of the United States. Accidents happen. We are prepared
to deal with most. We are not, however, prepared to deal with an internal or
external attack on our entire information infrastructure as defined earlier in
this chapter. Nor are we prepared to deal with the domestic and international
political consequences that such vulnerabilities create, as will be discussed in
chapter three.
I wish to conclude this chapter by bringing all the pieces together in a
hypothetical threat assessment so that an in depth evaluation of the security
implications can be discussed. It is estimated that with as little as 1 million
dollars and less than twenty well trained men, the infrastructure of this nation
can be brought to its knees.(66) More conservative figures estimate it at 100
million dollars and 100 men.(67) Never before in history, has new technology
created such vulnerabilities to national security at so low a cost to the
attacker.
Imagine a well trained team of saboteurs, operating over several years,
infiltrating several high technology companies like Microsoft or Novell, a few
major automobile manufacturers, or a couple of airlines. Viruses or trojan
horses are timed to detonate on a certain day, rendering computer systems
inoperable. A small team of hackers infiltrates large computer,
telecommunications and power centers preparing them for denial of service
attacks. Another team constructs several large EMP/T bombs and HERF Guns to be
directed at targets like the Federal Reserve and Wall Street. Doomsday arrives
and the countries electronic blood stops flowing. No transfer of electronic
funds, no stock exchange, no communications and power in a majority of
locations, no traffic control, no air travel. At this point, what is the
situation? Our physical integrity has been maintained, the loss of life has
been minimal, and we have no one to blame. Has our national security been
breached? Information warfare and intelligence expert Robert Steele argues that
the United States can not recover from a similar, even if much smaller, attack:
We can not afford the luxury of waiting for an electronic Pearl Harbor
to mobilize public opinion, for two reasons: first, because the catastrophic
outcome of a major electronic disaster, one which degrades or destroys major
financial centers – eliminating trillions of digital dollars- or other key
elements of our national fabric, is not supportable by our existing economies.
We cannot afford the cost of the time to reconstitute our civil sector. The
second reason is more frightening: it is highly unlikely that we will be able
to prove with any certainty which nation, organization or individual was
responsible for the attack.(68)
Consider the following report by Robert Ayers, Chief of the Center for
Information Systems Security. Mr. Ayers group recently used readily available
hacker tools freely available on the Internet to test the vulnerability of U.S.
systems. He found that:
88% of the time they are effective in penetrating the system,
96% of all system penetrations are undetected, and
95% of the instances where penetration is detected, nothing is done.(69)
According to a report in OSS Notices, Mr. Ayers “estimates that only 1
in 1000 successful system penetrations is ever reported and that in any given
year government systems are illegally accessed, though not necessarily
maliciously so, at least 300,000 times.”(70)
On the virus front one U.S. government organization found 500 software and
hardware viruses in a single year, all of which were intercepted and scanned at
its loading dock in the original shrink-wrapped packaging.(71) These problems
will only continue as information networks continue to grow at exponential rates
and as viruses are created faster than we can detect them.
Ivan Bloch has stated that the “future of war [would be] not fighting,
but famine, not the slaying of men but the bankruptcy of nations and the
break-up of the whole social organization.”(72) The transition into the
Information Age makes such a vision all the more plausible. Where national
security is concerned, information networks have created a tunnel to the center
of our vulnerability, usable by any nation or collective of individuals at their
discretion.
Chapter 3
The Political Context of Information Warfare
Ultimately, information warfare must be seen in a political context. How
should nations deal with the threat posed by information warfare, both
internally and internationally? What are the political and strategic
attractions of waging information warfare? What are the deterrents? Should
nations be concerned with capabilities or intentions? How does information
warfare compare with traditional concepts of national security and the
development of other new technologies? The purpose of this chapter is to answer
these questions, demonstrating how the concept of information warfare fits
within the framework of traditional national security studies, but, in order to
find solutions, we must move beyond them.
What is National Security
Much work has been dedicated to the study of what comprises national
security. At its simplest level, a nation’s security has been defined as “no
more than the total of the individual’s perceived sense of security.”(73)
More encompassing definitions suggest that national security entails the “range
of physical threats that might arise for the nation and the force structures,
doctrines and military policies mobilized to meet those threats… also those
internal and external factors – such as economic or technological change – that
might arise and whose direct or indirect effect would be to diminish or to
enhance the nation’s capacity to meet physical threats.”(74)
Using this definition alone, information warfare can be categorized as a
national security threat. Given the vulnerability of military information
networks and the military’s reliance on commercial communications paths for
ninety-five percent of its communications,(75) information warfare can hamper
the military’s ability to respond to conventional threats. The military’s
reliance on computer technology for digital mapping and intelligence also
creates a vulnerability to our conventional military forces. It took two months
to meet the digital mapping requirements to use Tomahawks in Gulf War.(76) Had
the threat been immediate, the United States would not have been able to utilize
its smart weapons capabilities and collateral damage would have been higher.
Also, EMP/T bombs can be used to destroy radar installations with little to no
human deaths, as they were in the Gulf War,(77) thus decreasing a nation’s
ability to respond to missile and aircraft threats.
To fully realize the potential threat of information warfare, the definition
of national security must be broadened. The economic arguments of scholars like
Luttwak, Thurow and Prestowitz(78) must be included in our definition of
national security. Is United States national security threatened if our ability
to maintain a prosperous economic system declines? If so, how might other
nations gain competitive advantages against U.S. industries and financial
markets using information warfare techniques? How might electronic
eavesdropping through Van Eck emissions capture and communications interception
be used to threaten national security by threatening American prosperity? The
recent expulsion of five alleged American spies from France demonstrates that
other nations consider industrial espionage a serious threat.(79)
Unfortunately, this area is too large to deal with in the confines of this
paper, but this prosperity aspect must be drawn into an expanded definition of
national security to realize the threat posed by information warfare.
Information warfare endangers not only our ability to respond to physical
threats, but our economic prosperity, as well. Traditionally, our ability to
remain prosperous has been directly linked to physical threats. In the
Information Age this is no longer true. Economic prosperity, indeed the very
lifeblood of our economic identity, can be destroyed without any physical damage
being inflicted. Once the threat is recognized, one must ask: In this
post-Cold War world, why would states want to wage information warfare against
each other?
Political Attractions of Information Warfare
Politically and strategically there are many attractions to state-sponsored
information warfare. It is low cost, timely, not location specific, provides no
early warning, is not taboo, inflicts low human life costs, and can be waged in
complete anonymity. Each of these must be examined at length before a clear
understanding of how information warfare is strategically and politically
advantageous can be achieved.
Low Cost
Information warfare is relatively cheap to wage. You get a high return on
your investment with information warfare techniques. Both Steele’s and
Schwartau’s estimates of what it would cost to reduce the United States to
information rubble ($1 million and $100 million respectively) are incredibly
cheap when compared to the cost of conventionally military weapons. This makes
offensive information warfare attractive to Third World states and offers them
the same basic capability to inflict damage on information infrastructures as
Second and First World nations.
Timely and Not Location Specific
Information warfare is timely and it is not location specific. Information
warfare can be waged at the drop of pin, to steal an analogy from the
telecommunications industry. There is no early warning system for information
warfare. You don’t know it is coming, so you must always anticipate it. This
creates a high level of paranoia. No radar can pick up a long distance phone
call from overseas, yet that one phone call may cause more monetary damage that
a dozen planes carrying conventional bombs. The World Trade Center is a perfect
example. The damage to the flow of information, estimated at over $1
billion(80), proved to be more costly than the structural damage inflicted on
the building. Viruses can be imported into the United States through
information networks, telephone lines, or on simple floppy disks which do not
attract the attention of U.S. Customs Inspectors.
Although a well-planned information warfare attack might take several years
to orchestrate, it can occur instantaneously. To uncover plans for such an
attack would involve a great deal of investigation and intelligence or a stroke
of luck. Most of the actors would be invisible, both to the victim and to each
other. Most of the preparatory work for lower levels of information warfare can
be done outside the traditional territorial boundaries of the victim nation.
Other forms of information warfare, (HERF Guns, EMP/T Bombs) require the
breaching of international boundaries, thereby allowing greater capabilities to
those nations that have easier access to U.S. visas or are subject to less
stringent immigration regulations. However, as the World Trade Center bombing
proves, our nation’s boundaries are capable of being breached by any foreign
nationals or terrorists with malicious intent.
Anonymity
Information warfare can be waged anonymously. Anonymity is the nature of
new technologies, especially telecommunications. An anonymous attack creates
two problems. Not only has a state’s national security been breached, but there
is no one to hold accountable for the attack. This makes information warfare
very attractive tool to covert operators. However, given the nature and intent
of terrorism, it is highly unlikely that terrorists will remain anonymous while
engaging in information warfare, since it is in their best interest to claim the
damage they have inflicted.
Political dilemmas arise in the victim state when citizens demand
retribution. The government has no target. The result will be political
instability as citizens focus blame on the government for allowing this to
happen. It might even be possible to collapse a particular political system
with prolonged, systematic anonymous attacks.
We need computers in our lives, but we do not trust them. Winn Schwartau
calls these conflicting feelings “binary schizophrenia.”(81) When
used anonymously, information warfare plays on feelings of binary schizophrenia
causing insecurity and chaos. In this regard, anonymous information warfare is
comparable to the German blitzkrieg of World War II. It makes an impact on the
citizenry as well the government. Targets can be strategically selected to
generate the maximum amount of chaos and insecurity possible.
Minimal Loss of Human Life
Information warfare can also be waged to minimize the amount of human life
lost within the target nation. This makes information warfare techniques
politically attractive since there are no global taboos associated with waging
war against machines. Jeff Legro gives three reasons why states might restrain
from using certain weapons or means of warfare. He argues that “countries
may pursue restraint because popular opinion vilifies certain weapons; because
leaders calculate that escalation would damage their domestic and international
political support; or because states fear retaliatory attacks.”(82)
How does information warfare fit within this framework? Because information
warfare causes low levels of human casualties and structural damage, there is
little reason to believe that popular opinion will vilify it. In fact,
populations will not even know information warfare is being waged against them
until it is too late. Even at that point, very few people will understand the
methods used. Therefore it is highly unlikely that information warfare will be
considered an inhuman way to pursue diplomacy by other means.
Also, there is little reason to believe that using information warfare will
be politically damaging to the aggressor country. Information warfare’s
anonymity assures that the aggressor will be identified only if they wish to be.
When information warfare is waged by one nation against another without
anonymity, the political outcomes would resemble those of traditional warfare.
Strategic alliances could be formed and some states could chose to remain
neutral, though it is highly unlikely that neutral states will be able to avoid
the global economic aftershocks of high intensity global information warfare.
If waged without anonymity, it is very likely that a victim nation would
respond to information warfare with retaliatory strikes. In this regard, fear
of retaliation or escalation will act as a deterrent to using information
warfare. However, the first strike advantage of information warfare might
neutralize any fears regarding retaliation using counter information warfare,
leaving victim nations with the difficult decision of responding with
conventional military force.
In Legro’s essay he uses three examples to demonstrate that military culture
is a strong factor determining when alternative or taboo forms of warfare will
be used. Since information warfare is a relatively new concept, it is doubtful
that it has been fully adopted by the military culture. However, recent trends
indicate that information warfare is an area that is getting a great deal of
attention and increased funding in an age of reduced military budgets. This
shows that the military culture perceives information warfare as a reasonable
and perhaps preferable form of warfare. At least three branches of the United
States Armed Services have publicly admitted to concentrating on information
warfare concerns.(83) Aerospace Daily reports that “Major advances in
information technologies are spurring the U.S. Air Force to mainstream
information warfare into its operations by incorporating information warfare
into its doctrine.”(84) With Legro’s thesis in mind, perhaps the military
culture will accelerate the use of information warfare as a method of conflict
resolution. The use of information warfare techniques by the Allied forces in
the Gulf War indicate that the military culture has already accepted information
warfare as a supplement to conventional military tactics.
First Strike Advantage
In information warfare there is a huge first strike advantage, but only if
the goal is unlimited destruction and anonymity is utilized to prevent a
conventional response. There is a high correlation between the extent to which
a nation damages its enemy’s information capabilities and their ability to
respond using purely information warfare techniques. A nation can execute this
first strike anonymously if it so desires, thus delaying retaliation
indefinitely.
The first strike advantage of information warfare complicates matters
further by creating a security dilemma in which those countries exercising the
greatest amount of restraint will likely incur the most damage. In information
warfare, a first strike decreases the likelihood and may even prevent an
adversary from responding. The strategic advantages of waging a first strike
means that nations will always keep a finger on the trigger. In an anarchic
international system, hostilities or conflict might escalate quickly into
information warfare in an effort to generate a strategic advantage over one’s
adversary. If conventional conflict is inevitable, then whoever destroys their
adversary’s information systems first, gains a strategic advantage in battle.
Offensive Nature of Information Warfare
Information technology and computer systems, are vulnerable by nature.
Therefore, taking defensive measures against the information warfare threat will
always be difficult and costly. Improving the defense of information systems
also contributes to the security dilemma since decreasing one’s susceptibility
to information warfare increases the attraction of using information warfare
offensively. There are, however, as will be examined in the next section,
several deterrents to waging state-sponsored information warfare among
technologically advanced nations that will entice states to pursue defensive
postures. In order to neutralize the security dilemma presented by defensive
postures, states may share defensive technologies to ensure that a defensive
equilibrium is maintained. This serves a dual purpose: a relative balance of
power is maintained among states; and the offensive threat of rogue states or
terrorist entities is reduced. Though states will want to maintain offensive “just-in-case”
capabilities, security is best maintained, due to the nature of the threat, by
developing defensive capabilities.
Deterrents to Waging Information Warfare
Among technologically advanced nations, there are several deterrents to
waging information warfare. Factors such as economic interdependence, fear of
escalation, and lack of technical expertise detract from the advantages of state
sponsored information warfare
Economic Interdependence
Perhaps the most useful definition of economic interdependence in any
discussion of information warfare, is the one put forth by Richard Cooper. He
uses the term to “refer to the sensitivity of economic transactions between
two or more nations to economic developments within those nations.”(85)
Focusing on economic sensitivity allows us to disregard conventional measures
such as trade surpluses and deficits and look at the interlinked effects of
economic stability between interdependent nations.
Our focal point, from the information warfare perspective, must be upon the
extent to which interdependent nations will feel the economic aftershocks of
economic instability. Should the U.S. fall victim to information warfare
directed at our financial institutions, what effect would it have on the
economic stability of the European Community or Japan and the Pacific Rim
nations? If interdependence is to act as a deterrent to information warfare,
then levels of interdependence must be high enough as to ensure that the costs
of waging information warfare outweighs the benefits. According to Rosecrance
and Stein, the interdependence of the financial system is now formal because we
have vested interests in not letting the reserves of foreign currencies drop
below a certain threshold which would harm our own economy.(86)
With the realization that information warfare has devastating economic
effects, interdependence will act as a disincentive to state-sponsored
information warfare. Economic interdependence introduces new complex variables
into offensive information warfare strategies. Joseph Nye notes that there is
power to be derived from making oneself less interdependent with other
nations.(87) This is especially true where information warfare is concerned.
The effectiveness of offensive information warfare is increased as benefits
exceed costs. One benefit of less interdependence with the target nation is
that economic aftershocks will have less effects on the aggressor’s economy.
Decreasing economic interdependence might be seen as a precursor to waging
information warfare, but is not a readily realizable goal for most
technologically advanced nations. Reducing levels of economic interdependence
is costly for two reasons: the benefits of interdependence can no longer be
extracted and distributed among the citizenry, perhaps decreasing a nation’s
prosperity; and domestic political constraints can disrupt the nation’s internal
balance of power. The domestic sectors of society that benefit from
interdependence (multi-national corporations, financial institutions, and other
investors) will likely logroll interests to prevent the breaking of
interdependent links.(88)
A decreasing level of economic interdependence also contributes to the
intensity of security dilemmas and increases the likelihood of escalation.
Decreasing economic interdependence might be interpreted as a threatening
posture, especially if one nation is more susceptible to attack than the other,
as is the case with the United States and most of its trade partners.
Increasing economic interdependence, however, might be seen as increasing
relative security, especially for the nations most susceptible to attack. This
creates difficult policy decisions since traditional forms of negative foreign
policy, like economic sanctions, become less effective and perhaps even
threatening. If one nation is perceived as a threat, then the most effective
way of deterring that nation from attacking is to make the costs of information
warfare exceed the benefits. This can be done by threatening to use
conventional military force or increasing levels of economic interdependence.
It must also be noted, that interdependence does nothing to prevent states
from waging information warfare against specific corporations of economic
sectors to increase comparative advantage in those areas. Since such actions
are being taken by allies of the United States such as Germany, France and
Japan(89), interdependence becomes an ineffective deterrent. Fear of escalation
will act as a more effective deterrent, or at least will place limits on the
extent to which limited information warfare can be waged.
Fear of Escalation
It has already been demonstrated that the military culture will probably use
information warfare methods as a strategic supplement to conventional methods in
any military conflict and that the escalation of information warfare is likely.
But does the reverse hold true? Will information warfare escalate to
conventional military conflict? In order for the fear of escalation to act as a
deterrent, information warfare must be allowed to escalate into military
conflict. A country will not wage information warfare, especially against a
country with strong military capabilities, if they fear that the situation might
escalate into military conflict.
Under these circumstances, information warfare becomes highly politicized
and the domestic bases of power can be compromised. It is important that
political leaders declare ahead of time, the value of information systems and
assure the international community that conventional military tactics, even
though they involve the loss of human life, will be used to counter information
warfare attacks.
Given the fact that information warfare causes minimal loss of human life,
response will be difficult for nations without strong information warfare
capabilities. The urge to respond using Industrial Age warfare techniques will
be great, but justifying such responses will be difficult unless the value of
these information systems is declared before they are attacked. A press release
saying “any attack on the information infrastructure of this nation will be
viewed as an act of war and any state sponsored information warfare may be
responded to with military strikes,” may seem a little drastic, but
information warfare can not be taken lightly. This type of warfare erodes a
nation’s strength, destabilizes its economy, and threatens its autonomy. Such
responses might be necessary and will certainly be advocated by many policy
makers should the circumstances arise. In order for the fear of escalation to
work as a deterrent to information warfare, this position must not only be
advocated, but adhered.
Lack of Technical Expertise
Lack of technical expertise is perhaps the weakest deterrent to information
warfare. It is not really a deterrent, but what Bruce Sterling has referred to
as a “protective membrane” of computer literacy.(90) It is foolish to
think that this protective membrane prevents any nation state from developing
information warfare capabilities. If they don’t have the experts in-house, they
can import them from another country, whether it be a scientist from Russia or
hackers from the United States. While interviewing a very prominent U.S.
hacker, I discovered that his most lucrative employment offers came from nations
developing strong offensive information warfare capabilities.(91) This export
of U.S. security experts might be viewed as a security threat in itself.
Information Warfare as Terrorism
Given the offensive nature of information warfare and acknowledging that in
most circumstances the deterrents of waging non-anonymous information warfare
among technologically advanced nations outweighs the advantages, information
warfare becomes a very attractive terrorist tool. When waged anonymously or by
non-state entities, all of the advantages of information warfare are present but
the deterrents are not. Economic interdependence means nothing to terrorist
groups, therefore, the most powerful deterrent becomes neutralized. Fear of
escalation also does little to deter information terrorism since most acts will
be committed anonymously or by groups who do not fear military retaliation.
Lack of technical expertise still acts as a deterrent to some extent. However,
offensive information warfare weapons are easily built using open source
material. Lack of resources does little to prevent information terrorism, but
lack of patience may help minimize and isolate the damage to levels which do not
threaten the autonomy of a nation. Quite possibly, the greatest deterrent to
information warfare being used by terrorists, may be the United States’ lack of
policy regarding these areas. Terrorists may feel that an information warfare
attack will not generate enough controversy and may conclude that bloody bombs
are more effective than EMP/T ones for their purposes. This deterrent, however,
will evaporate as the United States recognizes the importance of its information
systems, and as terrorists realize how much economic damage they can inflict.
Where terrorism is concerned, Legro’s three constraints might have adverse
influences, perhaps causing terrorists or rogue states to pursue information
warfare rather than restrain from it. Within terrorist organizations or rogue
states there is no popular opinion to vilify the use of certain weapons or means
of warfare. Moreover, the popular opinion of those represented by terrorists
may vindicate the use of weapons that maximize damage or inflict the greatest
pain on the target. Leaders of these groups or states may use these weapons to
gain domestic support, and may have little apprehension about loosing
international political support since such support is usually negligible in the
first place. In addition, terrorists or rogue states seek retaliation, rather
than fear it, because retaliation focuses attention on their organization and
their cause.
For these reasons, terrorists are likely to utilize non-anonymous
information warfare because the benefits far exceed the costs. As knowledge
disseminates, the number and locality of the threats will increase as well. Mr.
Schwartau often speaks of cyber-civil disobedience. This disobedience may take
the form of information terrorism. After the California couple who ran the
Amateur Action BBS in California were sentenced to jail in Memphis Tennessee for
violating Tennessee pornography standards(92), messages circulated on the
Internet requesting volunteers to help take down the Memphis phone and power
grids to protest the use of local community standards for information transfers
that take place on phone lines. Whoever posted these messages was soliciting
help to conduct information terrorism. Anarchists have talked about creating
information anarchy should the commercialization of the net continue. Again,
this would be information terrorism in a very limited sense.
This numerous and diverse array of potential threats, substantiates the
proposition that information warfare is best averted by concentrating resources
on defensive initiatives. Information terrorism can be decreased by making the
costs exceed the benefits. This can only be done by reducing the potential for
damage to our information infrastructure should the United States be attacked.
The Realist/Liberal Approach to Information Warfare
Ultimately, information warfare must be addressed in a political context.
How does information warfare fit into traditional conceptions of national
security? How will states approach the problem and what kind of political
conflicts and tensions will develop along the way? This thesis argues that
information warfare fits into traditional national security debates. Several
correlations can be drawn between information warfare and other technologies
that have influenced conceptions of national security in the past. By examining
the influence of these technologies on war strategy and political relationships
within the international system, one might better understand how information
warfare will have similar influences.
The Realist Approach to Information Warfare
Realists perceive security as a relative concept. The realists are
primarily interested in maintaining a relative balance of power or relative
level of security. With nuclear weapons during the Cold War, it was easy to
gauge relative security. If the Soviets had two bombs and we had four, and the
Soviets increased their arsenal to four, then we increased ours to eight. A
relative security balance was maintained.
The problem with the realist perspective is that it is does not usually
include economic prosperity as a component of national security. This makes it
difficult to address the information warfare threat, because it is economic in
nature. However, given the possible impact of information warfare might have on
the United States’ ability to use conventional weapons and its devastating
effects on command and control systems necessary to thwart physical threats,
most realists would recognize information warfare as posing a genuine national
security threat.
Once the threat is acknowledged, the realists would focus on ways to
increase the United States relative security. Since the realists believe that
the international political system exists in a state of anarchy, in which
distrust is a natural component, there is very little use in cooperative
agreements designed to deter information warfare. The realist approach to
information warfare would consist of the following objectives:
1) Increase security of information systems at home. This
objective is easier stated than realized. There are, however, several ways in
which the security of United States’ information systems can be improved through
enhanced security procedures, increased focus on education, and greater vendor
accountability. These suggestions will be expanded upon in chapter four.
2) Constant evaluation of possible adversaries information systems for
weaknesses. The difficulty with the realist approach is that you need a way
to measure the security of rival nation states in order to determine your own
level of security. Since security is relative, the realists would create
weaknesses where possible, either through backdoors in software or chipping(93)
of hardware. Offensive information warfare capabilities should be enhanced and
readily available.
3) Formation of possible responses. Develop responses allowing for
the use of both counter information warfare and conventional military warfare.
The United States willingness to use conventional military forces in response to
information warfare should be readily acknowledged and publicized to deter
possible offensive actions against them.
4) Develop methods for assessing information damage. We are not
currently capable of assessing information damage inflicted or information
damage incurred. In order to measure relative security you must have some way
to create scenarios measuring both offensive and defensive capabilities.
5) Decrease levels of interdependence. Since interdependence
decreases relative security, interdependence should be reduced. Interdependence
poses a security threat to realists in two ways. First, it reduces the
effectiveness of offensive information warfare waged by the United States
against other nations, since the economic aftershocks of such an offensive
attack would damage the American economy as well. Second, interdependence
leaves the United States susceptible to third party information warfare waged
either against or between nations that are its trading partners. It possible
for nations to damage the United States’ economy by attacking its economic
allies.
6) Create autonomous networks. Make networks more autonomous in
order to minimize the domino effect of accidental or intentional failure. This
would be carried out first at the military level and then at the commercial
level for those networks that help support C4I (command, control,
communications, computers and intelligence). However, this may be another area,
where the costs of unplugging systems from the global network exceed the
benefits of security through autonomy. This will be discussed at greater length
in Chapter Four.
Problems with the Realist Approach
Since the United States is arguably the most vulnerable to information
warfare, increasing relative security becomes incredibly difficult. Apart from
an all-out conventional war, offensive information warfare is not an alluring
way for the United States’ to pursue its interests. The costs of reducing
interdependence alone greatly exceed any benefits that could be extracted.
These high costs, such as loss of economic prosperity and domestic political
support, make decreasing economic interdependence in today’s highly linked
global economy a non-achievable goal.
Also, under the realist approach, state-sponsored industrial espionage
becomes a necessity if weaknesses are to be implanted in the information systems
of other nations. Given the United States reservations in using state
intelligence agencies for this purpose, the realists would be hard pressed to
create the necessary weakness required by their doctrine. The United States
lacks the linkage between governmental and private sector goals that are an
inherent component of other nations, like Japan and France, that would enable it
to conduct the level of espionage required to reduce relative balances of
security among possible adversaries. The United States also faces the
possibility of losing global political prestige should such operations be
discovered.
Realism’s greatest contribution to the debate is its suggestion that
internal security be increased. Given offensive capabilities should hostilities
occur, as long as the United States increases its level of internal security at
a rate that is equal to, or greater than its neighbors, it will be able to
maintain a relative balance of power. By decreasing vulnerabilities the United
States is decreasing the threat, regardless of where it originates.
The Liberal Approach to Information Warfare
The liberal perspective is better equipped to recognize the threat to
national security imposed by information warfare based on information warfare’s
potential to decrease the United States ability to remain prosperous. For the
liberals, the international political system is not as anarchic as it is for the
realists and it is possible to achieve order through cooperative policy. The
liberal approach to reducing the threat of information warfare is based more on
cooperative measures than offensive or defensive abilities. The liberal would
pursue the following initiatives:
1) Increase levels of interdependence. Recognizing interdependence
as the greatest deterrent to offensive information warfare the liberals would
seek to increase U.S. interdependence with other nations. Not only does this
promote prosperity, but it reduces the attraction of using offensive information
warfare against the United States.
2) Create global institutions and international agreements. Though
some liberals argue that international agreements and institutions should not be
necessary if states act in their best interest, the reality is that we rely on
regimes for many aspects of cooperative international relations.(94) Global
institutions and agreements ensure a somewhat stable environment in which states
can pursue their self interests and exchange information with reduced
transaction costs. Regardless, treaties designed to prevent the waging of
information warfare might be difficult to establish as traditional U.S. allies
openly admit to waging Class II(95) information warfare. However, precautions
to prevent Class III(96) information warfare might be negotiated and would prove
beneficial, especially to the United States, since we are the nation most
susceptible to attack.
Technologically advanced nations are likely to join in these cooperative
measures in order to avert the worst case scenario. In the worst case scenario,
offensive information warfare is waged and the international economy collapses,
possibly, but not necessarily, leading to conventional military conflict. In
this case, regimes are created out of a common aversion to a particular outcome.
The benefits of cheating are outweighed by the possible costs of the worst case
scenario; therefore the regime will survive.
Problems with the Liberal Approach.
Increasing levels of interdependence, or facilitating one-way dependence,
with nations that pose information warfare threats seems akin to succumbing to
bribery. Could developing nations use the threat of offensive information
warfare as a method of integrating their economies with the global economy? In
a true free-market global economy, increasing interdependence is inevitable.
However, the instability within many developing nations, might motivate
developed nations to keep the number of unstable links to their economy to a
minimum. Increasing interdependence as a deterrent to information warfare only
works if the developed nations are willing to extend feelers to the entire
developing world.
Increasing interdependence only decreases the threat from other nation
states. It does nothing to decrease the threat from terrorists organizations.
Since terrorists have already been cited as those most likely to engage in
information warfare, increasing interdependence might be viewed as very
ineffective policy as far as information security is concerned.
The problem with creating international regimes is that cheating is
difficult to define. What qualifies as an offensive information warfare tactic?
Is state sponsored industrial espionage a violation or exception to the
guidelines of the regime? Since information warfare is defined differently by
different states, these are all difficult questions that would need to be
mediated. In addition to this, the liberal approach does very little to prepare
the United States for the possibility of other nations cheating. The security
problem is still greatest for the United States, since it is the most vulnerable
to attack and the costs of the worst case scenario are highest for it.
Stein uses the acceptance of a global language among air traffic controllers
and pilots as an example of common aversion.(97) By Stein’s example, a worst
case scenario would be two planes crashing into each other, causing equal losses
for both sides. To apply the same example for information warfare, the worst
case scenario would be that the two planes crash, but the United States’ plane
is carrying 400 people, while the other plane is only carrying 50. Both states
have suffered losses by not avoiding the worst case scenario, but the cost for
the United States is greater.
The Realist/Liberal Conflict
The greatest conflict between the realists and the liberals centers around
the formation of international regimes. Stein writes that “realists hold
that since sovereign nations act autonomously in their own self interest,
international institutions are inherently irrelevant to world politics.”(98)
The liberals, on the other hand, accept regimes as methods to cooperatively
avoid a worst case scenario. Is there any middle ground to be found?
The answer is yes, if the formation of regimes are perceived more as acts of
self interest than cooperative agreements. By forming regimes, in this case,
the United States is pursuing its own self interest. Since the United States
has the most to lose in the worst case scenario, it also has the most to gain
from the aversion of the worst case scenario. The regime might be viewed as the
United States forcing its self interest on the rest of the international
community. Robert Keohane argues that “rational self-interested actors, in
a situation of interdependence, will value international regimes as a way of
increasing their ability to make mutually beneficial agreements with one
another.”(99)
One can argue strongly that regimes designed to prevent state sponsored
information warfare, from the United States’ perspective, are actions of
self-interest in an anarchic international system and therefore are acceptable
under the auspices of both realism and liberalism.
Regimes also pose the problem of what cryptographer Eric Hughes calls “regulatory
arbitrage.”(100) There will always some states that will not participate
in the regimes and this will offer a favorable legal climate for individual
information warfare efforts. If, as part of the regime, states agree to outlaw
systems intrusion originating in one country but directed at another, what do
you do with the states that do not participate in the agreement? A perfect
example of this is the Netherlands delay in establishing anti-hacking laws. A
lot of attacks on United States Department of Defense systems originated in the
Netherlands because hacking was legal under Dutch law. The Netherlands provided
a safe legal environment for those individuals wishing to hack. This left the
United States’ options limited to increasing internal security without being
able to eliminate the source of the threat. Is intervention justified at this
point?
In order for regimes to work, they must include standardized laws regarding
systems intrusion that transcend all national boundaries. This problem may be
exacerbated in June of 1995 when a team of U.S. hackers invades the computers of
France.(101) After extensively verifying that they have no legal liability if
they violate the hacking laws of France from within the United States, this
group has decided to test the waters. Hacker Erik Bloodaxe explains that “International
law is so muddled that the chances of getting extradited by a country like
France for breaking into systems in Paris from Albuquerque is slim at best.
Even more slim when factoring in that the information gained was given to the
CIA and American corporations.”(102) This case will provide an excellent
test for how states can resolve international telecommunications violations and
work towards cooperative agreements to prevent such behavior. It may, in fact,
be the catalyst for the first formation of international regimes dedicated to
preventing low levels of information warfare. It may also provide the United
States with a useful bargaining chip to help deter government sponsored
industrial espionage in countries like France and Germany.
Where interdependence is concerned, neither the realist or liberal approach
offer a viable proposal to decrease the threat of information warfare.
Decreasing interdependence is not an attainable goal in today’s highly
interlinked global economy, because interdependence yields innumerable benefits.
Increasing levels of interdependence in order to deter information warfare
threats is ineffective policy, because it is too focused on specific states and
does not encompass the broad range of threats that exist.
Since, the realist suggestion to create information weaknesses in the
systems of possible adversaries would be a violation of any global agreements
that are likely to be developed, this objective would have to be abandoned or
pursued covertly in violation of the regime.
Increasing internal security through various methods would not threaten the
regime, since it is organized to prevent offensive information warfare. The
security of systems is likely to increase as technological advances in the area
of cryptography are utilized by individuals and organizations. However, in
order to prevent a security dilemma, the United States would have to terminate
export restrictions on encryption technology.(103)
The remaining realist suggestions dealing with autonomous networks,
strategic planning and developing measures for damage assessment are possible
under liberal regimes as well. Each of these initiatives fall into defensive
categories, however, the creation of autonomous networks is disadvantageous to
technologically advanced nations. Since distributed information networks
contribute to the economic prosperity of Third Wave nations, any movement
towards autonomy may have negative effects.
Realism and liberalism offer balanced approaches to dealing with the
national security implications presented by information warfare. Taken alone,
neither of them offers a satisfactory blueprint for dealing with the threat.
Combined, they might offer an adequate strategy for realizing national security
in the Information Age. This will be discussed at length in the policy
prescriptions offered in Chapter Four.
The Strategic and Security Impacts of Technology: A Historical
Perspective
It is useful to examine how past technological developments have changed
military strategy and conceptions of security in the past. By studying the
effects of other technologies, we might increase our capacity to understand the
impact information warfare will have on strategy and security concerns in the
future. Although a nuclear analogy is inevitable due to the offensive nature of
information warfare, there are several other comparisons which demonstrate how
information warfare can change the distribution of power on the battlefield.
Decentralizing the Military: The Conoidal Bullet
Manuel De Landa argues that changes in information technology will cause a
shift towards decentralization in the military very similar to the changes
introduced by the conoidal bullet in the nineteenth century battlefield.
Just as the critical point in speed can mark the beginning of
turbulence, so a critically new technology may set the art of war into flux for
decades. Today’s computerized networks, for instance, are imposing on the
military the need to decentralize control schemes, just as the conoidal bullet
forced it in the nineteenth century to decentralize its tactical schemes. When
breech-loading rifles and their spinning bullets made their appearance on the
battlefield, they allowed infantry to outrange artillery, disrupting the balance
of power that was several centuries old, and forced commanders to develop new
tactical doctrines. Before the advent of the conoidal bullet, infantry were
allowed no initiative on the battlefield, individual marksmanship was
discouraged in favor of synchronized volleys of collective fire. With the
rifle, individual initiative returned to the battlefield and with these, and
increased role for snipers and skirmishers in the new tactics. Similarly,
modern command networks, after using a central computer to regulate the traffic
of messages, have been forced to grant “local responsibility” to the
messages: in the ARPANET, the messages find their own destination.(104)
In the Information Age, not only is the autonomy of soldiers increased as
command is decentralized, but the weapons have become self-capable as well.
Using vast information systems, we have created weapons that seek out their own
destination. Where the infantry men of nineteenth century were capable of
outdistancing artillery with the advent of the conoidal bullet, smart weapons
allow the United States’ military to outdistance entire countries. The soldier
trained to program coordinates and digital mapping software into Tomahawk
missiles now becomes as effective as a jetfighter pilot, without placing
American lives at risk. This is, no doubt, a comforting notion for those policy
makers initiating hostilities.
However, properly administered information warfare can decrease or nullify
the effectiveness of smart weapons technology. Digital mapping data can be
altered to cause random errors or synchronization satellites can be jammed to
reduce accuracy. Therefore, minimal investment in open source technology
utilized with information warfare tactics can render the United States’
technologically advanced weapons systems practically useless. Information
technology changes the hierarchical characteristics of military strategy by
enabling more autonomy on the battlefield and by further distancing the role of
man. Attacks upon information systems upset that balance, by rendering new
technologies ineffective and forcing technologically advanced nations to revert
to Industrial Age combat.
The duality of information warfare presents itself again. Not only is it a
new method for waging warfare, but it also effects the way conventional warfare
is waged among technologically advanced nations. The threat posed by
information warfare is multiplied when military leaders focus more upon
strategic threats than tactical ones. General James Clapper, Director of the
Defense Intelligence Agency, concedes: “I think in this context there
potentially is great danger here, not so much in the context of on the
battlefield as much as the thing that concerns me is the potential danger, the
potential vulnerabilities to our commercial systems, our banking. The very
dependence that this nation has on computers – I think there is clearly a
vulnerability in a strategic sense, not so much perhaps in a battlefield combat
situation.”(105) In General Clapper’s statement, we can see how concerned
the military is with the impact information warfare could have on the United
States’ internal infrastructure.
Information Warfare: The Bushnell Turtle of the Information Age
Regarded as the first working submarine, David Bushnell’s “Turtle”,
a propeller-driven submersible vessel with a single operator, introduced a new
dimension to naval warfare. Utilized during the American Revolution, the Turtle
carried torpedoes loaded with 150 pounds of gun powder that were covertly
attached underneath British ships and detonated with timed switches.(106) The
British ships were vulnerable because they operated in an environment where
threats were based on optical observations of the horizon. If there was a ship
visible in the horizon then there was a perception of threat, especially if that
ship adorned an enemy flag. Threats from below the ocean’s surface were both
inconceivable and unexpected.
In terms of resources required, it was much cheaper to build and man the
Turtle than it was to build and man British fighting ships. Similar to
information warfare, the Turtle yielded high benefits at relatively little cost,
thereby increasing its attraction despite its unconventional appearance and
design. The analogy can be taken one step further.
Think of the United States as a British ship and the Turtle as any nation
state or organized terrorist group practicing information warfare. The ocean is
the United States information infrastructure upon which we maintain our
buoyancy. The Turtle, itself, derives its usefulness from the mobility allowed
by the existence of the ocean. However, the Turtle is able to maneuver
alongside the ship with complete undetected anonymity and place a torpedo along
our hull. The torpedo detonates and the ship faces a crisis. Can the ship
survive? Perhaps, but only because its skilled crew has always demonstrated an
enhanced capacity for remedying problems. The damage will be costly and will
affect the operations of the ship, but with a little ingenuity, the crisis can
be overcome. Now, what if the Turtle had not placed one torpedo but several,
programmed to detonate at precisely the same time? Such a challenge the ship’s
crew can not overcome.
To the captain of the ship, the very existence of the Turtle is a threat.
He has several ways to increase the security of his ship. Hulls can be
reinforced to reduce the impact of torpedoes, crews can be educated to recognize
shadows in the oceans surface indicating the presence of the Turtle, and the
ship can build Turtles of their own to patrol its perimeter and neutralize
threatening Turtles as they arrive.
Although this analogy has been oversimplified, its moral is still poignant.
Vulnerabilities in the information infrastructure and capabilities to exploit
them do exist, creating a dire security threat. The fact that these
capabilities have not been exploited yet does not reduce their potential.
Napoleon dismissed the advanced submarine designs presented to him by Robert
Fulton fifty years after Bushnell’s Turtle first saw action.(107) Fulton later
approached the British who utilized his inventions with little success then
dismissed his predictions regarding the future impact of torpedo warfare.(108)
Today, reality has exceeded even Fulton’s expectations. Submarines and torpedo
warfare are considered vital instruments for protecting national security,
especially for waterbound nations like Britain. Likewise, information warfare
will have profound national security implications for nations that rely heavily
on information technology.
Chapter 4
National Security Solutions for the Information Age
Eventually, these issues must be dealt with on a political level. A threat
to the nations security can not be dealt with until it has been acknowledged by
those in power. Dr. J.F. Holden-Rhodes, in his remarkable book describing the
use of open source intelligence for the war on drugs, describes how President
Reagan signed a National Security Decision Directive that “equated the
impact of drug trafficking as a threat to the national security of the United
States and directed all federal agencies with a role in drug enforcement,
including the DOD, to pursue counter-narcotics efforts more actively.”(109)
Although information technology security warrants a place on the national
agenda, it has yet to be incorporated into United States grand strategy.
In order to better formulate policy prescriptions dealing with the
information warfare threat, it is useful to examine past government actions in
this area and evaluate their effectiveness.
The Computer Security Act of 1987
The United States Congress passed a law titled the Computer Security Act of
1987 which required federal agencies to identify systems that contain sensitive
information and to develop plans to safeguard them. Agencies were required to
(1) identify all developmental and operational systems with sensitive
information, (2) develop and submit to NIST and NSA for advice and comment a
security and privacy plan for each system identified, and (3) establish computer
security training programs.
Finally, the United States was taking seriously the threat to national
security posed by computer vulnerabilities. The Computer Security Act was a
step in the right direction, but holes in the infrastructure still exist. In
1990, the General Accounting Office examined the response and implementation of
the act. The GAO reports, that as of January 1990, only 38 percent of the 145
planned controls had been implemented.(110) The GAO report makes the following
conclusion:
The government faces new levels of risk in information security because
of increased use of networks and computer literacy and a greater dependence on
information technology overall. As a result, effective computer security
programs are more critical than ever in safeguarding the systems that provide
essential government services.(111)
With only a 38 percent compliance more needs to be done if the United States
is to fully protect its valuable informational assets. But, instead of
concentrating on making the systems more secure, the government chose to focus
on the intruders of these systems. Time, energy and money that should have been
spent discovering and fixing security bugs was used to design and implement an
attack on the hackers themselves instead. This was an attack that focused only
on domestic hackers and did little to thwart the threat to United States
national security. The result: Operation Sundevil.
Operation Sundevil
Law enforcement agencies had already begun to focus their attack on the
digital underground when Operation Sundevil was initiated, but it was by far the
largest clamp down on computer crime in the United States. The focus of
Operation Sundevil was the hackers’ system of information distribution which
consisted of hundreds of underground computer systems that housed information on
how to break into computer systems, files stolen from major U.S. corporations,
and files that contained credit card access numbers used to commit credit fraud.
Around forty-two computers were seized along with 23,000 floppy disks of
information during the May 7, 8, and 9, 1990 raids.(112)
Across the United States teenagers and their parents were awakened by the
Secret Service, followed by a search of their house and the confiscation of
anything that looked remotely electronic. Misinformation led to mistakes.
Perhaps the most publicized of these was the raid on Steve Jackson Games.
Jackson owned a small company that ran a bulletin board system allowing game
players to call in and ask questions, arrange meetings, etc. Jackson
unknowingly employed a computer hacker. The Secret Service tied the two
together and as a result Steve Jackson Games was raided and its computer
equipment was seized, only to be returned several years later. This greatly
effected Jackson’s business and he nearly went bankrupt. Jackson recently won a
law suit against the Secret Service in the amount of $52,000 plus legal
fees.(113)
The United States has a vested interest in preventing computer crime and
fraud, and Operation Sundevil was surely a huge attack on such crimes, but it
was greatly misdirected. While teenage hackers were arrested and tried, U.S.
military systems and business systems remained open to attack. Hackers will
always exist. The only true way to stop them is to plug the holes they use to
gain access to systems. The solution lies not in ignoring domestic computer
crime, but in giving a higher priority to increasing computer security.
Today, five years after Operation Sundevil, most large federal and state law
enforcement agencies have units dedicated to thwarting computer crime. While,
most focus on credit card and phone fraud, the domestic hacker is still viewed
as the primary threat. As noted earlier, the Computer Security Act has also
been relatively ineffective. Security holes still exist and the government has
yet to design an integrated approach for maintaining security standards on its
computers.
Information Warfare: A Threat Assessment Portfolio
Winn Schwartau, in his breakthrough book on the subject, identified three
levels of information warfare: Class I, Class II, and Class III.(114) These
three classes are similar to the three levels of information I developed in
1993(115), as described in Chapter Two. In order to develop a threat assessment
portfolio for information warfare, one must focus on the levels of information
warfare that are currently being waged today.
As exemplified in Chapter Two, both Class I and Class II information warfare
are being waged actively today against individuals and corporations. Perhaps
the best example of Class I information warfare in recent months was the attack
on Michelle Slatalla and Joshua Quittner after they released their book
describing the “hacker wars” of 1990. A group of technically adept
individuals calling themselves the Internet Liberation Front jammed Quittner and
Slatalla’s Internet e-mail accounts rendering them useless, and forwarded
incoming phone calls to an out-of-state number “where friends and relatives
heard a recorded greeting laced with obscenities.”(116) This is just one
isolated incident of what has been a recurring problem on the Internet recently.
Class II information warfare is also currently being waged at the corporate
level. Intellectual property has been stolen and shipped to foreign
nations.(117) Arguably, even the collapse of one of Britain’s oldest financial
institutions, the Barings Bank was the result of Class II information
warfare.(118) Without the reliance on information technology, the financial
damage inflicted on Barrings by risky investments would never have been possible
to achieve by one man.
On the Class III level, we have seen where military systems are targeted up
to 300,000 times per year and how those targeted systems are penetrated 88
percent of the time. Only one infiltration of military and government systems
was traced back to indicate sponsorship by another nation state. This does not
mean, however, that such infiltration’s are not taking place with state backing
now. It only shows that we have not caught them. We know that nations like
France, Germany and Israel have information warfare operations in place, but
they have not used them to wage Class III information warfare, yet. We have
also seen where nations have used offensive information warfare as a supplement
to conventional military tactics, and how most advanced weapons systems are
heavily reliant on information technology.
In the past six months, information warfare concerns have started to work
their way into public discourse. Aerospace Daily recounts a recent report by
the Defense Science Task Force on Information Architecture for the Battlefield:
Of utmost concern to the task force is the fact that U.S. information
systems are “highly vulnerable” to information warfare. The task
force was “briefed on activities and capabilities that caused concern over
the integrity of the information systems that are a key enabler of military
superiority…” Creating a strategy to be able to wage information warfare
“may be the most important facet of military operations since the
introduction of stealth,” the report said.(119)
The findings of this report indicate that our national security portfolio is
lacking substance where information warfare is concerned. Speaker of the House,
Newt Gingrich asks “What if Saddam Hussein had hired 20 hackers in August
[1990, just before Desert Storm] to disrupt the American economy…He could have
shut down the phone system by crippling AT&T’s network and destroyed the
financial network, which would have changed drastically how the Gulf War was
waged.”(120) In order to deal with this problem, the United States, and
all technologically advanced nations, must develop a national security strategy
for information warfare.
National Security Solutions for the Information Age
Several steps must be taken to put the United States’ digital house in
order, and begin dealing with the threat to national security posed by
information warfare. Though the following list is not completely inclusive, it
should serve as a useful framework for dealing with the problem.
Step One: Declassify the Threat
Before dealing with the threat posed by information warfare, we must
acknowledge that it exists. It is wrong to assume that security through
obscurity will work indefinitely. Offensive information weapons can be
developed using open source material and assembled using readily available
electronic components. In fact, some offensive information warfare weapons,
namely a HERF gun, have been assembled completely by accident.(121)
The existence of offensive information warfare capabilities coupled with the
United States’ heavy reliance on information technologies, has introduced a new
threat to our national security. It has been shown that information warfare,
most likely in the form of terrorism, is probable because the costs, both
politically and economically, are lower than the benefits derived. If an
autonomous nation or political group wishes to inflict damage, chaos and fear on
American society with minimal costs, then its most rational option is to use
offensive information warfare capabilities.
If this threat is acknowledged, the response options available to the United
States increase. Actions to decrease the impact of an information warfare
attack can be undertaken in advance to minimize the damage incurred. Political
scientist James Wyllie argues that “Deterrence demands that an adversary be
made completely aware of the value of the issue in dispute to the deterrer, and
the willingness to collect a price should the rival not be dissuaded from its
unwelcome course of action.”(122) Acknowledging the threat acts as a
deterrent for several reasons. First, it increases the number of responses
available to the United States because the issue has been addressed at a
political level, and it demonstrates to the international community that this is
an important issue. Our capabilities to deal with such an attack are increased
because we are prepared for it. Second, it motivates the military and private
industry to deal with this problem and create viable security solutions that
minimize the vulnerability of the United States’ information infrastructure.
Third, it gives the United States a political catalyst to deal with this issue
on a global level and to enter into treaties and agreements to protect the
global information infrastructure and to avert common worst case scenarios. Let
us examine each of these in greater detail.
Step Two: Increase Security
As technological advancements in information technology continue, security
must be a vital component. Perhaps, easier said than done. The security of our
information systems must be continually increased. Security experts and hackers
agree that encryption will be the critical component used to secure computer
systems and information transfers of the future.
Increasing security quells realist concerns about information warfare by
decreasing the United States’ vulnerability to attack. Unfortunately, it also
contributes to the security dilemma, because defensive actions might be
construed as intentions to attack other nations. Because of this security
dilemma, it is important that the United States be able to export this
technology to allies and enemies alike. This is similar to Ronald Reagan’s
suggestion that should his Strategic Defense Initiative prove successful, the
technology would be given to the Soviet Union in an effort to attenuate their
fears of a U.S. attack.(123) In order for this to occur, the United States
government will have to release its stranglehold on encryption technology and
allow U.S. companies to export this technology without restriction. Not only
does this increase security and stability, but it will also generate growth in
the software industry and allow U.S. companies to maintain a comparative
advantage in this area.
The American people have always displayed an ability to be innovative and
tenacious in the face of adversity. Given the opportunity and incentive, they
will rise to deal with the threat of information warfare in ways we are not yet
capable of predicting. The important aspect is that the American people at
least be given the opportunity. The rest will follow.
Step Three: Increase Vendor Accountability
Step three is closely linked with step two. In order to increase security
and not just manifest an illusion of having done so, vendors must be held
accountable for the “secure” products they distribute. Though it is
impossible to eliminate all security holes and to find every bug, more must be
done to ensure the reliability of systems and software before they are shipped.
Also, vendors should be required to create patches and fixes for security holes
as they are found and distribute them to all customers.
Security expert Bob Stratton argues that “if you ask the vendors, they
will say: nobody told us this was important. Nobody told us security was
important.”(124) The United States must assure the vendors that security
is important and must be a required component of those technologies that will
constitute our information infrastructure.
On the virus front, more must be done to ensure consumers that merchandise
will be shipped virus-free. Some level of accountability must be determined for
those companies that fail to verify the integrity of the software or hardware
they are shipping. Perhaps, some sort of criminal or monetary liability for
vendors is needed to stimulate active virus checking at the shipping end of
software distribution. One thing remains certain: we can not allow viruses to
spread within shrink-wrapped software. It ensures too great a distribution
within American society to be taken lightly.
Step Four: Facilitate Private/Public Sector Cooperation
Both the public and private sectors of the United States have a vested
interest in the creation of a secure information infrastructure. The military
is incredibly reliant on private sector communications lines and does not have
the resources to create new secure information technologies on its own. Robert
Steele argues that the relationship between the private and public sector with
regards to new technology has reversed. Where technology used to migrate from
the military into the private sector, it now migrates in the opposite direction.
Steele argues that the military and civil sector must now cooperate and that “the
military must acknowledge that it cannot dominate information warfare and that
it must completely recast its understanding of information warfare to enable
joint operations with civil sector organizations including law enforcement,
businesses with needed skills, and universities.”(125)
The military must be able to define its security needs and work with the
private sector to meet them. Both sectors will benefit. The military will get
increased security and the private sector will get funding for research and
development and profits from the marketable products it develops. Not only does
this increase the security of military systems, it also increases the security
of the private sector upon which they are reliant for communications and open
source intelligence gathering and storage. In this way, the United States can
expand the umbrella of security over a larger part of its information sphere.
Step Five: Conceptualize Our Information Sphere
Using a term borrowed from Air Force information warfare doctrine, an
information sphere is an assessment of those information technologies that are
vital to national security. At the core of the sphere are those technologies
that are of greatest value: classified military networks and vital financial
networks like the Federal Reserve. As you move away from the core, importance
decreases to include non-classified military sites, communications networks and
intelligence systems, other financial networks and transaction centers, other
communication networks, power grids, private sector information systems and
non-operational military information. The outer edge of the sphere contains the
least important information such as personal information and communications.
In order to formulate an integrated approach to addressing the threat of
information warfare, the United States must define its information sphere.
Granted, different organizations and branches of the military are going to have
different conceptions of what the information sphere contains, but all of these
conceptions must be drawn into a centralized sphere in order to address the
problem at a national level. Those information systems at the core of the
sphere must be protected first and foremost. As technological capabilities
progress, the shield of protection must be extended over other parts of the
sphere until the entire information sphere is sheltered.
Under the best case scenario, parallel efforts to protect each component of
the sphere are executed simultaneously with varying intensity. It is foolish to
focus entirely on the core of the sphere until we feel it has been adequately
protected because it is highly likely that we will never arrive at that
conclusion, and in the meantime we are leaving other vital components of our
information sphere unprotected. In the Information Age, different components or
levels of the information sphere are likely be interconnected as well,
increasing their importance to each other.
It is often argued that in order to protect certain aspects or sections of
the information sphere we must make them autonomous. Fortunately, this is not a
valid proposition, lest we wish to discard the benefits of the Information Age.
A vital component of any information society is distributed information networks
sharing and storing information. The existence of networks increases the value
of computer technology because one does not have to store every piece of
information he or she needs. Instead it is only necessary to be able to
retrieve it from the collective intelligence of the network. To disconnect from
the network is to decrease the value of your computer exponentially. Robert
Steele, while working in the employ of the Central Intelligence Agency, found
that most of the information stored on autonomous classified networks was
available through open source networks and could be found in half the time at a
lesser cost. Though there may be security through autonomy, the benefits of
that security do not necessarily exceed the costs of disconnecting from the
global network. In some instances, like in the case of single purpose financial
networks, secure autonomous networks might be desired, but in general they will
hinder the information stream upon which Information Age nations rely. Al Gore,
the Vice President of the United States puts it succinctly: “To realize
the full benefit of the Information Age, high-speed networks that tie together
millions of computers must be built.”(126)
Once we have conceptualized our information sphere, we must develop methods
to asses damage incurred within it. Upon suffering an information warfare
attack, the United States must be able to evaluate and assess the damage that
its information sphere has sustained. Not only is this essential for repair,
but it also allows us to gauge our possible responses based on the extent of the
damage we have suffered. We must be able to place realistic values on the
information that our networks contain. Bob Stratton notes that “one of the
most significant problems we have right now is that people have not decided how
much their information is worth and because they have not made that decision
they have decided how much it is worth protecting.”(127) By
conceptualizing an information sphere we are placing information in a
hierarchical value system based on strategic national security importance. We
must also be able to use alternative measures of value on information to judge,
not only strategic importance, but economic and social importance. We must be
able to judge what sort of damage is incurred based on the overall significance
of the target. Military systems have a different value than banks, and
likewise, banks have a different value than the computers that house the
nation’s Social Security data. We must make sure our measures of value include
all the information contained on the networks.
Similarly, for strategic purposes we must be able to measure the damage the
United States inflicts on other nations should it utilize offensive information
warfare capabilities. What is the strategic value of destroying an enemy’s
communications network versus the strategic value of manipulating it for our own
purposes? What sort of damage is inflicted on the target nation and its allies
or trading partners if its financial system is demolished? Can we trace the
links to ensure that economic aftershocks are not felt by the United States or
any of its trading partners? These are difficult questions, but each must be
examined if we are to take the threat and capabilities of information warfare
seriously.
Step Six: Multi-Level Education
Education can take place at several levels. First, policy makers can be
made aware of the threat and what they can do about it. It is their public
obligation to do so. It was suggested in a Congressional hearing that Members
of Congress rent and watch the movie War Games in order to understand
the threat and techniques used by hackers.(128) Granted, War Games was
a revealing movie, but policy makers must have a better understanding of the
threat to American national security than this movie provides. The fact that
Speaker Gingrich is discussing the implications of information warfare with the
media is a positive sign, but his is a unique case of having friends interested
in the topic. Most likely, the military will act as educator to the policy
makers where this issue is concerned, but we must balance them with public
sector opinions in order to equalize any parochial interests the military might
put forth in order to gain increased funding.
The policy makers must also be made aware of what they can do to solve the
problem. When discussing HERF Guns at the above mentioned hearing, one Member
of Congress asked if such weapons might fall under the auspices of the Brady
Bill and if they should be outlawed. Luckily, Mr. Schwartau was able to
convince them that to do so “would be banning the microwave and
communications industry from existence.”(129) Though the threat of
information warfare is very real, we should not react with ill-conceived
responses, especially if it means sacrificing individual liberties.
At another level, those who run the systems or are in charge of security
must be educated to understand and deal with the threats. The largest security
hole in computer systems is the human factor. A whole book has been written
devoted to this aspect of computer intrusion.(130) If you place a computer in a
locked room with no outside connections you have a secure computer, give one
person access and security is reduced. Give another person access and security
is reduced even further. Now the two people can be used against each other with
a little social engineering. Consider the following true anecdote where a
hacker named Susan demonstrates her social engineering skills:
As Susan later told the story, a team of military brass…from three
services sat at a long conference table with a computer terminal, a modem, and a
telephone. When Susan entered the room, they handed her a sealed envelope
containing the name of computer system and told her to use any abilities or
resources that she had to get into that system. Without missing a beat, she
logged on to an easily accessible military computer directory to find out where
the system was. Once she found the system in the directory, she could see what
operating system it ran and the name of the officer in charge of that machine.
Next, she called the base and put her knowledge of military terminology to work
to find out who the commanding officer was at the SCIF, a secret
compartmentalized information facility. Oh yes, Major Hastings. She was
chatty, even kittenish. Casually, she told the person she was talking to that
she couldn’t think of Major Hasting’s secretary’s name. “Oh” came the
reply. “You mean Specialist Buchanan.” With that, she called the
data center and switching from nonchalant to authoritative, said, “This is
Specialist Buchanan calling on behalf of Major Hastings. He’s been trying to
access his account on the system and hasn’t been able to get through and he’d
like to know why” …Within twenty minutes she had what she later claimed
was classified information up on the screen. Susan argued “I don’t care
how many millions of dollars you spend on hardware, if you don’t have people
trained properly I’m going to get in if I want to get in.”(131)
There are fundamental security measures that can be taught to system users
to ensure that the security of the system is not compromised and scenarios like
the one above are not repeated. It might be necessary, as argued in other
papers, to create a centralized agency in charge of coordinating education and
providing support for system administrators in patching known security
holes.(132)
Finally, the public must be educated to understand the threat of information
warfare so that it can endorse the actions taken by the government to deal with
this problem. Mr. Schwartau’s book does a great service in this area, but more
effort is needed to bring information warfare into the public discourse.
Citizens have to understand the reliance they have on information technology and
the purpose it serves within society before we can justify protecting it.
Step Seven: Use Hackers as a National Resource
The digital underground should be viewed as an asset to the United States.
They use illegal means to satisfy their curiosity about the workings of computer
technology because the system has denied them other means of accessing the
digital realm they love. Harvard Law professor Laurence H. Tribe even suggests
that access to technology may be a required goal of democratic society. He
states:
It’s true that certain technologies may become socially indispensable —
so that equal or at least minimal access to basic computer power, for example,
might be as significant a constitutional goal as equal or minimal access to the
franchise, or to dispute resolution through the judicial system, or to
elementary and secondary education. But all this means (or should mean) is that
the Constitution’s constraints on government must at times take the form of
imposing “affirmative duties”: to assure access rather than merely
enforcing “negative prohibitions” against designated sorts of invasion
or intrusion.(133)
Some hackers are loyal to the ideals of their nation. For example, when
news of Stoll’s German hacker selling U.S. secrets to the KGB hit the
underground many hackers responded with hatred towards the guy who had
associated their movement with national espionage and threats to national
security. They were willing to use their abilities to combat this problem, and
were even willing to target Soviet computers for the Central Intelligence
Agency. One case of a hacker making a contribution to society is the story of
Michael Synergy and his quest for presidential credit information. Synergy
decided one day that it would be interesting to look at the credit history of
then President Ronald Reagan. He easily found the information he was looking
for and noticed that 63 other people had requested the same information that
day. In his explorations he also noticed that a group of about 700 Americans
all appeared to hold one credit card, even though they had no personal credit
history. Synergy soon realized that he had stumbled upon the names and
addresses of people in the U.S. government’s Witness Protection Program. A good
citizen, he informed the FBI of his discoveries and the breach of security in
the Witness Protection Program.(134)
One of the basic benefits to United States national security is the lack of
a coherent movement among the members of the digital underground. Hackers are
by nature individualistic. They lack a common bond that allows them to focus
their energies on one target. If there is a common target among hackers, it is
corporate America, especially the telephone companies. These corporations have
become targets because hackers rely on their service to access cyberspace, which
can be a very expensive proposition. The United States government has a vested
interest in not providing them with another target, especially if that target is
the government itself. The United States should utilize hackers, and give them
recognition in exchange for the service they provide by finding security holes
in computer systems.
The United States should not discontinue efforts to stop credit fraud and
other computer activities that are unquestionably criminal. But, the United
States should allow the hackers to conditionally roam the realm of cyberspace.
These conditions would include the following: (1) If computer access is gained,
the security hole should be immediately reported to the government or
centralized agency and should not be given to anyone else, and (2) information
files should not be examined, modified or stolen from the site. In return the
United States acknowledges the hackers’ accomplishments, thus feeding their
competitive egos.
Why should the United States government trust hackers? No trust is
necessary. The United States is not offering the hackers anything that they
don’t already have, except recognition for their ability to discover security
flaws. The hackers will remain on the networks regardless of what policy the
United States follows concerning their activity. It is simply giving them the
forum they need to meet people with similar interests on a legitimate basis,
rather than a secret one. Robert Steele argues, “If someone gets into a
system, that is not a violation of law, it is poor engineering. When we catch a
hacker, rather than learn from him, we kick him in the teeth. When the Israelis
catch a hacker, they give him a job working for the Mossad.”(135)
Many U.S. corporations already allow the hackers to identify security
weaknesses in their computer systems. The Legion of Doom, the most notorious
group of hackers in the U.S., briefly entered the computer security business
with the formation of their company called Comsec Security. Bruce Sterling
reports, “The Legion boys are now digital guns for hire. If you’re a
well-heeled company, and you can cough up enough per diem and air-fare, the most
notorious computer hackers in America will show up right on your doorstep and
put your digital house in order – guaranteed.”(136) Some argue that this
is simply extortion, but individuals are not saying “pay up or else we
will enter your system.” They are offering their skills to secure
vulnerable computer systems from possible electronic intrusion.
Hackers can be used to secure the United States’ digital interests. Every
effort should be made not to alienate them from the newly emerging digital
infrastructure. In the same Congressional hearing where his publication was
branded as manual for computer crime, Emmanuel Goldstein made the following
remarks about access to technology and computer crime:
This represents a fundamental change in our society’s outlook.
Technology as a way of life, not just another way to make money. After all, we
encourage people to read books even if they can’t pay for them because to our
society literacy is a very important goal. I believe technological literacy is
becoming increasingly important. But you cannot have literacy of any kind
without having access…. If we continue to make access to technology
difficult, bureaucratic, and illogical, then there will also be more computer
crime. The reason being that if you treat someone like a criminal they will
begin to act like one.(137)
It is ridiculous to assume that the entire hacker subculture is motivated by
criminal intentions. Hackers, like all other groups or subcultures, contain a
diverse array of individuals. Every group has a criminal element and the
hackers’ criminal element is no different than the criminal element that exists
within the law enforcement community. A General Accounting Office report on
threats to the nations National Crime Information Center, found that the
greatest threat to this centralized criminal database was not from outside
hackers but from corrupt insiders.(138)
Most hackers are still young and have not formulated complete ideologies
regarding right and wrong behavior. Bob Stratton, a former hacker who now works
as a highly trusted security expert, argues that “These people (hackers)
haven’t decided in some cases, to be good or evil yet and it is up to us to
decide which way we want to point them.”(139) Mr. Stratton argues that we
can mentor these individuals and thereby utilize their technological skills.
Mitch Kapor, founder of one of America’s most successful software companies
notes that “the image of hackers as malevolent is purchased at the price of
ignoring the underlying reality – the typical teenage hacker is simply tempted
by the prospect of exploring forbidden territory…A system in which an
exploratory hacker receives more time in jail than a defendant convicted of
assault violates our sense of justice.”(140)
There does seem to be a trend in the past year to utilize hacker
capabilities, both in the public and private sectors. This needs to increase,
and perhaps some evaluation of our own laws might be necessary if we wish to
continue knowing where the holes in the United States’ information
infrastructure are.
Step Eight: Global Institutions and International Agreements
Just as this issue has domestic political implications, it also has
international political implications that need to be addressed. Once the United
States acknowledges the potential threat of information warfare it must be
prepared to deal with nations expressing similar concerns. Political deterrents
like economic interdependence and fear of escalation must be backed by global
institutions and international agreements that set standards and pacts for
varying levels of information warfare.
High levels of interdependence will cause technologically advanced trading
partners to seek out security agreements in order to guarantee some level of
stability in the international financial system. The United States should take
the initiative to lead such efforts and place these issues on the international
agenda. There are worst case scenarios to be averted and cooperation in this
area should be achievable.
Though these institutions do nothing to deter the threat of information
terrorism, they may provide justifiable avenues to pursue in seeking
retribution. Regimes do not deter terrorists and information warfare is an
attractive weapon. However, defining our information sphere and increasing
security help to minimize the damage that information terrorism can inflict on
the United States. Global agreements would help determine the consensus of the
international community where these new technologies are concerned and terrorist
violations of this consensus is inevitable. Terrorists do not play by rules,
but that does not mean the international community should forestall the
development of those rules.
Conclusion: National Security in the Information Age
This thesis has put forth some apocalyptic scenarios regarding the future of
information warfare and national security. This was not its ultimate intent.
Realistically, there are a number of scenarios, each of varying degree, in which
information warfare might be utilized in the future.
In the most apocalyptic scenario, information warfare will be waged in
conjunction with conventional warfare, to determine the hegemon of the
Information Age. Many scholars have put forth arguments concerning the
formation and survivability of hegemonic powers.(141) It is possible, that in
this point in time, the instability of information technology requires the
constancy only a hegemon can provide. Under this scenario, realist concerns run
rampant, as the United States has a vested interest in becoming the hegemon for
the next power cycle. However, a full-scale information war will be very
costly, and it is highly unlikely that the hegemon will be able to salvage any
value from the rubble of battle. A scenario where stability and consistency for
information technologies are derived from cooperative international
endeavors to promote and facilitate global prosperity is more likely. In
the Information Age, Third Wave nations have legitimate aspirations to create a
global information system that adds value to their existing information
infrastructures. Information technology is cooperative by nature and tremendous
benefits can be derived from greater interconnectivity. Therefore, nations will
seek out ways to integrate their networks with the international network. Once
that integration takes place, each connected nation will have an interest in
maintaining the stability and survivability of the overall network. Each nation
has a vested interesting in preventing global information warfare.
Despite collective interests, information terrorism will continue to be a
viable national security concern for all Third Wave nations. Unfortunately, our
options concerning terrorism are extremely limited. By increasing security and
gathering intelligence regarding any plans that might be in consideration, we
can ensure that the threat of terrorism is contained to isolated incidents from
which the United States can recover. Unfortunately, the environment under which
we currently operate can make no such promise, therefore it is essential that we
address this issue now.
Other likely scenarios include the use of information warfare for blackmail
or for limited short-term gains. These scenarios present other difficult
political dilemmas that must be addressed at a global level. Will nations allow
information warfare threats to be used as blackmail? Will we allow limited
information warfare in order to pursue strategic or comparative political and
economic gains? Or is the fear of escalation an adequate deterrent to such
ambitions? These questions must also be addressed.
The Information Age promises to change many aspects of our society.
Mitchell Kapor writes:
Life in cyberspace is more egalitarian than elitist, more decentralized
than hierarchical…it serves individuals and communities, not mass audiences.
We might think of cyberspace as shaping up exactly like Thomas Jefferson would
have wanted: founded on the primacy of individual liberty and commitment to
pluralism, diversity, and community.(142)
As a society we have much to learn about ourselves through this new medium
of communication. As a nation the United States must make sure that the
structure it is building has a strong foundation and that weaknesses in that
structure are not used to destroy it. It is a difficult task, because the
constitutionally guaranteed rights of United States citizens must be upheld in
the process. However, it is a task we must undertake. These are issues we must
address. If we do not address these issues now the future of our country will
be jeopardized. A handful of concerned citizens attempt to bring issues
surrounding cyberspace to our attention everyday. Some of these issues concern
national security, others concern individual privacy.
Cyberspace has empowered the average person to explore and question the
structure of our society and those that benefit from the way it is operated.
Fundamental issues arise from hacker explorations. We must decide how, as a
nation, how we wish to deal with these issues. Recent efforts in cloning
produced a human fetus. The scientists that achieved this remarkable feat,
immediately halted research arguing that a public debate must arise to deal with
the ethical and moral issues surrounding this technology. They argued that
before experimentation in cloning continued, we must decide as a society which
direction that the new technology will go, what ends we hope to achieve, and
what the limits on its use should be. A similar debate on the issues of
cyberspace must take place. There is no need to stop the technology, but we
must decide what direction we want the technology to take, and what rules will
govern its use. We must do this now, before the technology starts dictating the
rules to us, before it is too late to make changes in the basic structure of
cyberspace without destroying the whole concept.
We certainly are, as Al Gore noted, in the midst of an Information
Revolution. Methods of warfare will continue to evolve as the revolution
progresses. Conceptions of national security will have to evolve as well.
Information warfare and information security must be incorporated into the
national security agenda of any nation that is making the transition into the
Information Age. Isaac Asimov notes that “Waiting for a crisis to force us
to act globally runs the risk of making us wait too long.”(143) We can not
allow this to be the case where information technologies are concerned, because
they are the foundation for that which we aspire to become. Similarly, John
Petersen argues that a “philosophy comes bundled with every new technology;
when one is embraced, the other is there at well.”(144) The United States
has already embraced the technology of the Information Age, it must prepare
itself to deal with the philosophy that comes with it. The United States must
be prepared to deal with a philosophy that changes the distribution of power,
changes political relationships, and challenges the essence of nation states.
Only then can we rightfully justify a leading role in the Information Age.
Footnotes
(1) Skolnikoff, Eugene B. The Elusive Transformation: Science
Technology and the Evolution of International Politics. (New Jersey:
Princeton University Press, 1993), 169.
(2) Skolnikoff, Elusive Transformation; Arquilla, John &
Ronfeldt, David. “Cyberwar and Netwar: Warfare Between Networks.”
Comparative Strategy. vol. 12, no. 2, 1993, 141-165.; Petersen, John
L. The Road to 2015: Profiles of the Future. (California, Waite Group
Press, 1994.)
(3) Ronfeldt, David. “Cyberocracy is Coming,” The
Information Society Journal, vol. 8, num. 4 (1992), 243-296.
(4) Qualifying this new pattern of societal development as the “third”
wave, Toffler naively accepts the fact the Agrarian Age was the first
developmental stage of modern society, a view not held by many scholars.
However, the sequential allocation of numbers is not important for the purposes
of this thesis, but rather the premonition that a new wave of development is
occurring.
(5)Toffler, Alvin The Third Wave (New York, William Morrow and
Company, Inc., 1980)
(6)Ibid, 26.
(7)Gore, Al “Remarks at the Federal-State-Local Telecomm Summit,
[Online]. (1994, January 9). Available WWW: http://www.whitehouse.gov.
(8) Examples include the National Telecommunications and Information
Administration and the Information Infrastructure Task Force. Other government
agencies involved with these issues include the General Accounting Office, the
Federal Communications Commission, the National Institute of Standards and
Technology, and the Advanced Research Projects Agency.
(9)Petersen, Road to 2015, 39-70.
(10)Ibid, 4.
(11) Kelly, Kevin. Out of Control: The Rise of Neo-Biological
Civilization. (New York, Addison-Wesley Publishing, 1994), 359.
(12) Solnick, Steven L. “Revolution, Reform and the Soviet Telephone
System, 1917-1927.” Soviet Studies. vol. 43, no. 1, 1991,
157-176.; Sreberny-Mohammadi, Annabelle. “Small Media for a Big
Revolution.”
(13)Big Dummies Guide to the Internet [Online]. Available FTP:
ftp.eff.org Directory: pub File: bigdummy.txt.
(14)Petersen, Road to 2015, 37.
(15)Carroll, Bonnie. “Harsh Realities: S&T Acquisition Costs,
Obstacles, and Results.” Remarks at the Third International Symposium on
National Security and National Competitiveness: Open Source Solutions,
Washington DC, November 10, 1994.
(16)Drucker, Peter. Post-Capitalist Society (New York, Harper
Business, 1993), 8.
(17)Ronfeldt, “Cyberocracy”, 243-296.
(18)Ibid.
(19)”Introduction.” Wired. Premiere Issue, 1993.
(20)I have drawn from and expanded on the definition put forth by Ronfeldt,
“Cyberocracy is Coming.”
(21)Steele, Robert D. “Hackers and Crackers: Using and Abusing the
Networks.” Presentation at the Fourth Annual Conference on Computers,
Freedom and Privacy, Chicago, IL., March 1994.
(22) United States General Accounting Office. Information Superhighway:
An Overview of Technology Challenges. Report to Congress. January, 1995.
(23)Arquilla & Ronfeldt, “Cyberwar is Coming!”, 141-165.
(24) Sun Tzu. The Art of War. Translated by Samuel B. Griffith.
(New York, Oxford University Press, 1971), 95.
(25) See U.S. Army Field Manual 100-5: Fighting Future Wars. (Washington,
Brassey’s Press, 1994); Sullivan, General Gordon R. & Dubik, Colonel James
M. “War in the Information Age.” U.S. Army War College, Strategic
Studies Institute, 6 June 1994.
(26) Steele, Robert D. “The Military Perspective on Information
Warfare: Apocalypse Now.” Keynote address at the Second International
Conference on Information Warfare: Chaos on the Electronic Superhighway,
Montreal, 19 January 1995.
(27)Schwartau, Information Warfare, 291.
(28)Brodie, Bernard & Fawn. From Crossbow to H-Bomb. (London,
Indiana University Press, 1973)
(29)Headrick, Daniel R. The Invisible Weapon: Telecommunications and
International Politics 1851-1945. (New York, Oxford University Press, 1991),
141.
(30)Bramford, James. The Puzzle Palace. (Boston, Houghton Mifflin
Company, 1982), 1-56.
(31) Sullivan & Dubik. “War in the Information Age,” 12.
(32)Schwartau, Information Warfare, 179.
(33)Schwartau, Information Warfare, 180.
(34)Federal Emergency Management Agency. EMP Threat and Protective
Measures. Report for public distribution. April 1980, 11.
(35) National Institute for Standards and Technology Computer Security
Division. Threat Assessment of Malicious Code and Human Threats.
Report to the U.S. Army Computer Vulnerability/Survivability Study Team.
October 1992, 10.
(36) Goldstein, Emmanuel. “Opening Doors.” 2600: The Hacker
Quarterly. vol. 11, no. 3, Autumn 1994, 4-6.; Platt, Charles. “Hackers:
Threat or Menace?” Wired. November 1994, 82-90.
(37) Levy, Steven. Hackers: Heroes of the Computer Revolution.
(New York, Dell Publishing, 1984)
(38) Schwartau, Information Warfare, 137-148. The threats of
electromagnetic emissions capture was first outlined by Wim Van Eck in his paper
“Electromagnetic Radiation from Video Display Units: An Eavesdropping
Risk?” (PTT Dr. Neher Laboratories, Leidschendam, Netherlands, 16 April
1985). Though this paper is classified within the United States, Van Eck’s
concepts have been accepted and proven by many security experts.
(39) The Transient Electromagnetic Pulse Emanation Standard established by
the United States government is used to label all electronic equipment whose
level of electromagnetic emissions is low enough as to prevent their capture by
eavesdropping devices.
(40) Seline, Christopher J. “Eavesdropping on the Electromagnetic
Emanations of Digital Equipment: The Laws of Canada, England and the United
States,” (Unpublished draft, 1990).
(41) Schwartau, Information Warfare, 114-137.
(42)Mungo, Paul and Clough, Bryan. Approaching Zero: The
Extra-ordinary Underworld of Hackers, Phreakers, Virus Writers & Keyboard
Criminals. (New York, Random House, 1992), 107.
(43)Ibid, 107-110.
(44)Ibid, 108.
(45)Ibid, 98.
(46)Hafner, Katie, and Markoff, John. Cyberpunk: Outlaws & Hackers
on the Computer Frontier. (New York, Simon & Schuster, 1991), 345.
(47)Perrow, Charles. Normal Accidents: Living with High-Risk
Technologies. (New York, Basic Books, 1984).
(48) Knowles, Francine. “Technology Glitches Can Take Big Toll,”
Chicago Sun-Times, 16 Sept. 1994, 47.
(49) Kelsey, Tim. “Teen Hacks Top-secret U.S. Computer; British Boy
Posted Military Information on Internet,” The Ottawa Citizen, 3
Jan. 1995, A1.
(50) Ibid, A1.
(51)Stoll, Clifford. The Cuckoo’s Egg: Tracking a Spy Through the Maze
of Computer Espionage. (New York, Doubleday, 1989).
(52)Hafner & Markoff, Cyberpunk, 172.
(53)Denning, Peter J. Computers Under Attack: Intruders, Worms &
Viruses. (New York, ACM Press, 1991), 183.
(54)Brock, Jack L. (1991). Testimony in Hackers Penetrate D.O.D.
Computer Systems: Hearings before the Subcommittee on Government
Information & Regulation, Committee on Governmental Affairs, United States
Senate, 20 November 1991.
(55)Ibid.
(56)Ibid.
(57) Private VHS Video, supplied by Emmanuel Goldstein.
(58) Sterling, Bruce. The Hacker Crackdown: Law and Disorder on the
Electronic Frontier. (New York, Bantam Books, 1992), 1.
(59) Quittner, Joshua and Slatalla, Michelle. Masters of Deception:
The Gang that Ruled Cyberspace. (New York, Harper Collins, 1995), 6-21.
(60) Sterling, Hacker Crackdown, 1-43.
(61) Bowman, Stephen. When the Eagle Screams: America’s Vulnerability
to Terrorism. (New York, Carol Publishing Group, 1994), 155.
(62) Markoff, John. “A Most-Wanted Cyberthief is Caught in his Own
Web.” The New York Times, 16 Feb. 1995. A1.
(63) Bowman, Eagle Screams, 125.
(64) As quoted in Bowman, Eagle Screams, 124.
(65) Schwartau, Winn. Terminal Compromise: Computer Terrorism: When
Privacy and Freedom are Victims. (United State, Inter.Pact Press, 1991), 1.
This is a work of fiction.
(66) Steele, Robert. “War and Peace in the Age of Information.
Superintendent’s Guest Lecture, Naval Post Graduate School, 17 August 1993.
(67) Schwartau, Information Warfare, 293.
(68) Steele, “Military Perspective on Information Warfare”, 9.
(69) Ayers, Robert. “Defensive Information Warfare: A Maginot Line in
Hyperspace.” Presentation given at the First TMSA Conference on the
Revolutionary New Paradigm for Modern Warfare, Washington, DC, 8-9 December
1994. As reported in OSS Notices, vol. 2, issue 10, 30 December 1994,
10.
(70) Ayers, as paraphrased in OSS Notices, vol. 2, Is. 10, 10.
(71) Steele, “Military Perspective on Information Warfare”, 11.
(72) Jervis, Robert. The Meaning of the Nuclear Revolution.
(Ithaca, Cornell University Press, 1989), 10.
(73) Peterson, John, as cited by Steele, “War and Peace in the Age of
Information.”
(74) Weltman, John J., Nacht, Michael and Quester, George H. Challenges
to American National Security in the 1990’s. (New York, Plenum Press,
1991), xi.
(75) Steele, “Military Perspective on Information Warfare”, 5.;
Gertz, Bill. “Electronic Crime Threatens Integrity of Long Distance Phone
System,” The Washington Times, 24 Oct. 1994, A3.
(76) Steele, “War and Peace in the Age of Information.”
(77) Schwartau, Winn. “Technical Discussion of High Energy Radio
Frequency Guns, and Video Demonstration of Van Eck Emissions Capture: How to
Obtain Insider Information from 200 Meters Away Without Physical Connection.”
Presentation at the Third International Symposium on National Security and
National Competitiveness: Open Source Solutions. Washington, DC, 9 November
1994.
(78) Luttwak, Edward. The Endangered American Dream: How to Stop the
United States from Becoming a Third World Country and How to Win the
Geo-Economic Struggle for Industrial Supremacy. (New York, Simon &
Schuster, 1993); Thurow, Lester. Head to Head: The Coming Economic Battle
Among Japan, Europe, and America. (New York, Warner Books, 1992);
Prestowitz, Clyde V. Jr. Trading Places: How We Are Giving Our
Future to Japan and How to Reclaim It. (New York, Basic Books, 1988).
(79) Ganley, Elaine. “French Oust Five as Spies,” The
Burlington Free Press. 23 February 1995, A6.
(80) Bowman, Eagle Screams, 7.
(81) Schwartau, Information Warfare, 65-82.
(82) Legro, Jeffrey W. “Military Culture and Inadvertent Escalation in
World War II,” International Security, vol. 18, no. 4, Spring
1994, 108.
(83) Mann, Paul. “Dialing for ‘Info War’,” Aviation Week and
Space Technology, vol. 142, no. 4, 23 Jan. 1995, 31.; Holzner, Robert. “U.S.
Navy to Tie Requirements, Acquisition,” Defense News, 23 Jan.
1995, 6.; “Services Gear Up for Information War,” Defense Daily,
vol. 184, no. 48, 8 Sept. 1994, 377.
(84) “USAF Doctrine to Include ‘Virtual Battle Space’,” Aerospace
Daily, vol. 173, no. 12, 19 Jan. 1995, 85B.
(85) Cooper, Richard N. “Economic Interdependence and Foreign Policy
in the Seventies,” World Politics, Jan. 1972, 159.
(86) Rosecrance, Richard and Stein, Arthur. “Interdependence: Myth or
Reality?” World Politics, vol. 26, no. 1, 1973, 1-27.
(87) Nye, Joseph S. Understanding International Conflicts. (New
York, Harper Collins, 1993), 166.
(88) See Snyder, Jack. Myths of Empire: Domestic Politics and
International Ambition. (Ithaca: Cornell University Press, 1991).
(89) See Schweizer, Peter. Friendly Spies: How America’s Allies are
Using Economic Espionage to Steal out Secrets. (New York, Atlantic Monthly
Press, 1993).
(90) Sterling, Bruce. “Speaking for the Unspeakable,”
Presentation at the Second Conference on Computers, Freedom and Privacy.
Washington DC, March 1992.
(91) Anonymous. Interview with author. Chicago, IL. March 1994.
The countries interested in this hacker’s services were France and Israel.
(92) Those interested in the case can find further information on-line via
the Internet’s World Wide Web at: http://www.eff.org/.
(93) Chipping of hardware is used to describe a process in which design
flaws or timed failures are programmed into computer chips during production.
(94) Stein, Arthur A. “Coordination and Collaboration: Regimes in an
Anarchic World,” International Organization, vol. 36, Spring 1982,
299-324.
(95) Class II information warfare is targetted at industries for espionage
or competitive purposes. See Schwartau, Information Warfare, 271-291.
(96) Class III information warfare is waged with political intentions by
state or terrorist entities. See Schwartau, Information Warfare,
291-312.
(97) Stein, “Coordination and Collaboration,” 43.
(98) Ibid, 25.
(99) Keohane, Robert O. After Hegemony: Cooperation and Discord in the
World Political Economy. (New Jersey, Princeton University Press, 1984),
135.
(100) Hughes, Eric. (20 Nov. 1994). Re: Clipper Questions. [e-mail to
Matthew G. Devost], [On-line]. Available e-mail: mdevost@moose.uvm.edu.
(101) Though there has been a lot of discussion regarding this operation,
there is no evidence to ensure that it actually will take place.
(102) Bloodaxe, Eric. “Phrack Editorial,” Phrack Magazine,
vol. 5, Is. 46, file 2a. [On-line] Available FTP: freeside.com /pub/phrack/.
(103) Currently, the exportation of encryption technology is regulated in
the United States under the State Department’s International Traffic in Arms
Regulations. (ITAR)
(104) De Landa, Manuel. War in the Age of Intelligent Machines.
(New York, MIT Press, 1991), 45.
(105) U.S. Congress. Senate. Armed Services Committee. Threats to
National Security: Hearing. Testimony of General James R. Clapper,
Director, Defense Intelligence Agency. 17 January 1995.
(106) Brodie, Crossbow to H-Bomb, 115-118.
(107) It should also be noted that the Turtle was never utilized
successfully, but this was do more to chance than flaws in design.
(108) Brodie, Crossbow to H-Bomb, 117-118.
(109) Holden-Rhodes, J.F. Sharing the Secrets: Open Source
Intelligence and the War on Drugs. (USA, The University of New Mexico
Printing Services, 1994), 32.
(110)United States General Accounting Office. Report on Implementation
of Computer Security Act. (Washington, D.C. , U.S. Government Printing
Office, 1990).
(111)Ibid.
(112)Sterling, Hacker Crackdown, 158.
(113)Nathan, Paco Xander. “Jackson Wins, Feds Lose.”
Wired. May 1993, 20.
(114) Schwartau, Information Warfare, 258-312.
(115) Devost, Matthew G. “The Digital Threat: United States National
Security and Computers.” Presentation at the Annual Meeting of the New
England Political Science Association, Salem MA, 22 April 1994.
(116) Elmer-Dewitt, Philip. “Terror on the Internet: A Pair of
Electronic Mail Bombings Underscores the Fragility of the World’s Largest
Computer Network.” Time. 4 December 1994, 15.
(117) Carley, William M. “Of High-Tech Spying: Did the French Steal
Secrets from Texas Instruments, or is the Story Just Bull.” The Wall
Street Journal. 19 January 1995, A1.; Schweizer, Friendly Spies.
(118) Powell, Bill. “The Boy Who Lost Billions.” Newsweek.
13 March 1995, 37-52.
(119) “Defense Science Board Calls for Improvements in Information
Systems.” Aerospace Daily. vol. 173, no. 2, 4 Jan. 1995, 10.
(120) Cooper, Pat. “In Cyberspace, U.S. Confronts and Illusive Foe.”
Defense News. 19 Feb. 1995, 1.
(121) Schwartau, Winn. “Class II Information Warfare: Corporate
Espionage and Sabotage.” Presentation at the Second International
Conference on Information Warfare. Montreal PQ, 18 January 1995.
(122) Wyllie, James H. “The Deterrence Condition.” In Carey,
Roger & Salmon, Trevor C. International Security in the Modern World.
(New York, St. Martin’s Press, 1992), 63.
(123) Skolnikoff, Elusive Transformation, 66.
(124) Stratton, Bob. “Hackers and Crackers: Using and Abusing the
Networks.” Presentation at the Fourth Conference on Computers, Freedom and
Privacy: Cyberspace Superhighways: Access, Ethics and Control. Chicago IL, 23
March 1995.
(125) Steele, “Military Perspective on Information Warfare”, 11.
(126) Gore, Al. “Infrastructure for the Global Village.” Scientific
American, Special Issue, 1995, 156-159.
(127) Stratton, “Hackers and Crackers.”
(128) U.S. Congress. House. Committee on Science, Space, and Technology.
Subcommittee on Technology and Competitiveness. Hearings on Computer
Security. 102nd Cong., 1991.
(129) U.S. Congress. House. Committee on Science, Space, and Technology.
Subcommittee on Technology and Competitiveness. Hearings on Computer
Security. 102nd Cong., 1991.
(130)Van Duyn, J. The Human Factor in Computer Crime. (Princeton,
Petrocelli Books, 1985).
(131)Hafner and Markoff, Cyberpunk, 60-61.
(132) Devost, “Digital Threat”, 12-18.
(133)Tribe, Laurence H. “The Constitution in Cyberspace.” Paper
presented at the First Annual Conference on Computers, Freedom and Privacy
Conference, Burlingame, CA. 1991.
(134)Mungo & Clough, Approaching Zero, 57.
(135)Steele, ” Hackers and Crackers.”
(136)Sterling, Bruce. “Cyberview.” Phrack, vol. 3, is.
33, phile 10, 1991.
(137)Goldstein, Emmanuel. Testimony before House Subcommittee on
Telecommunications and Finance. Washington D.C., 9 June 1993. Goldstein,
Emmanuel. “Congress Takes a Holiday.” 2600: The Hacker
Quarterly. vol. 10, no. 3, Autumn 1993, 14-15.
(138) General Accounting Office. “NCIC Criminal Misuse.”
Washington DC, GPO, 1993.
(139) Stratton, “Hackers and Crackers.”
(140) Kapor, Mitchell. “Civil Liberties in Cyberspace.” Scientific
American, Special Issue, 1995, 174-178.
(141) See Keohane, Robert O. After Hegemony: Cooperation and Discord
in the World Political Economy. (Princeton, Princeton University Press,
1984); Gilpin, Robert. War and Change in World Politics. (Cambridge,
Cambridge University Press, 1981); Russet, Bruce M. “The Mysterious Case
of Vanishing Hegemony: or, is Mark Twain Really Dead?” International
Organization. vol. 39, no. 2, Spring 1985, 207-232.; Cowhey, Peter F. and
Long, Edward. “Testing Theories of Regime Change: Hegemonic Decline or
Surplus Capacity?” International Organization. vol. 37, no. 2,
Spring 1983, 157-188.
(142)Kapor, Mitchell. “Where is the Digital Highway Really Heading?
The Case for a Jeffersonian Information Policy.” Wired Magazine .
July 1993, 53-59.
(143) Asimov, Isaac. As cited in Petersen, Road to 2015, xix.
(144) Petersen, Road to 2015, 68.
SELECTED BIBLIOGRAPHY
Allison, Graham & Treverton, Gregory F. Rethinking America’s
Security: Beyond the Cold War to New World Order. New York: W.W. Norton &
Company, 1992.
Andelman, David A. & Count de Marenches. The Fourth World War:
Diplomacy and Espionage in the Age of Terrorism. New York: William Morrow
& Company, 1992.
Anthes, Gary H. “Info-terrorist Threat Growing.” Computer
World, vol. 29, no. 5, 30 January 1995, 1.
Arquilla, John & Ronfeldt, David. “Cyberwar and Netwar: Warfare
Between Networks.” Comparative Strategy. vol. 12, no. 2, 1993,
141-165.
Barlow, John Perry. “Crime and Puzzlement.” Whole Earth
Review. Fall 1990, 44- 57.
Beniger, James R. The Control Revolution: Technological and Economic
Origins of the Information Society. Cambridge: Harvard University Press,
1986.
Bequai, August. Technocrimes. Lexington: Heath and Company, 1987.
BloomBecker, Buck. Spectacular Computer Crimes: What They Are and How
They Cost American Business Half a Billion Dollars a Year. Illinois: Dow
Jones- Irwin, 1990.
Bowman, Stephen. When the Eagle Screams: America’s Vulnerability to
Terrorism. New York: Birch Lane Press, 1994.
Brodie, Bernard & Fawn, M. From Crossbow to H-Bomb.
Bloomington: Indiana University Press, 1973.
Carey, Roger & Salmon, Trevor C. International Security in the
Modern World. New York: St. Martin’s Press, 1992.
Clough, Bryan & Mungo, Paul. Aproaching Zero: The Extra-ordinary
Underworld of Hackers, Phreakers, Virus Writers & Keyboard Criminals.
New York: Random House, 1992.
Cooper, Richard. “Economic Interdependence and Foreign Policy in the
Seventies.” World Politics. January 1972, 159-181.
De Landa, Manuel. War in the Age of Intelligent Machines. New
York: Swerve Editions, 1991.
Denning, Peter J. Computers Under Attack: Intruders, Worms and Viruses.
New York: ACM Press, 1991.
Der Derian, James. “Cyber-Deterrence.” Wired, September
1994, 116-122.
Dubik, Colonel James M. & Sullivan, General Gordon R. “War in the
Information Age.” Stategic Studies Institute, U.S. Army War College, 6
June 1994.
Forester, Tom & Morrison, Perry. Computer Ethics: Cautionary Tales
and Ethical Dilemmas in Computing. Cambridge: The MIT Press, 1994.
Gore, Al. “Infrastructure for the Global Village.” Scientific
American, Special Issue, 1995, 156-159.
Hafner, Katie & Markoff, John. Cyberpunk: Outlaws and Hackers on
the Computer Frontier. New York: Simon & Schuster, 1991.
Headrick, Daniel R. The Invisible Weapon: Telecommunications and
International Politics 1851-1945. New York: Oxford University Press,
1991.
Jervis, Robert. “Deterrence Theory Revisted.” World Politics.
January 1979, 289- 324.
Jervis, Robert. Cooperation under the Security Dilemma.” World
Politics. January 1978, 167-214.
Jervis, Robert. The Meaning of the Nuclear Revolution: Statecraft and
the Prospect of Armageddon. Ithaca: Cornell University Press, 1989.
Kapor, Mitchell. “Civil Liberties in Cyberspace.” Scientific
American, Special Issue, 1995, 174-178.
Kapor, Mitchell. “Where is the Digital Highway Really Heading?”
Wired, July 1993, 53-60.
Kelly, Kevin. Out of Control: The Rise of Neo-Biological Civilization.
New York: Addison Wesley Publishing, 1994.
Kennedy, Paul. The Rise and Fall of the Great Powers: Economic Change
and Military Conflict from 1500-2000. New York: Vintage Books, 1987.
Keohane, Robert O. After Hegemony: Cooperation and Discord in the
World Political Economy. Princeton: Princeton University Press, 1984.
Kroker, Arthur & Weinstein, Michael A. Data Trash: The Theory of
the Virtual Class. New York: St. Martin’s Press, 1994.
Levy, Jack. “The Offensive/Defensive Balance in War.”
International Studies Quarterly. June 1984.
Levy, Jack. “Theories of General War.” World Politics.
vol. 37, no. 3, April 1985, 344-374.
Levy, Steven. Hackers: Heroes of the Computer Revolution. New
York: Dell Publishing, 1984.
Luttwak, Edward N. The Endangered American Dream: How to Stop the
United States from Becoming a Third World Country and How to Win the Geo-
Economic Struggle for Industrial Supremacy. New York: Simon &
Schuster, 1993.
May, Timothy C. “Crypto Anarchy and Virtual Communities.”
Extended abstract. Available Online: Email: tcmay@netcom.com.
Nacht, Michael, Quester, George H. & Weltman, John J. Challenges to
American National Security in the 1990s. New York: Plenum Press, 1991.
National Institute of Standards and Technology Computer Security Division.
1992. Threat Assessment of Malicious Code and Human Threats.
Washington: GPO.
Nye, Joseph S. Jr. Understanding International Conflicts. New
York: HarperCollins, 1993.
Parker, Donn B. Crime by Computer. New York: Charles Scribner’s
Sons, 1976.
Petersen, John L. The Road to 2015: Profiles of the Future.
California: Waite Group Press, 1994.
Porteous, Samuel D. “Economic Espionage: Issues Arising from
Increased Government Involvement with the Private Sector.” Intelligence
and National Security. vol. 9, no. 4, October 1994, 735-752.
Quittner, Joshua & Slatalla, Michelle. Masters of Deception: The
Gang That Ruled Cyberspace. New York: HarperCollins, 1995.
Rheingold, Howard. The Virtual Community: Homesteading on the
Electronic Frontier. New York: Addison-Wesley Publishing Company, 1993.
Ronfeldt, David. “Cyberocracy is Coming.” The Information
Society Journal. vol. 8, no. 4, 1992, 243-296.
Rosecrance, Richard & Stein, Arthur. “Interdependence: Myth or
Reality.” World Politics. vol 26, Oct. 1973, 1-27.
Rushkoff, Douglas. Cyberia: Life in the Trenches of Hyperspace.
New York: HarperCollins, 1994.
Schwartau, Winn. Information Warfare: Chaos on the Electronic
Superhighway. New York: Thunder’s Mouth Press, 1994.
Schwartau, Winn. Terminal Compromise. USA: Inter.Pact Press,
1991.
Schwartz, Peter. “Post-Capitalist: Conversation with Peter Drucker.”
Wired, July 1993, 80-84.
Schwartz, Peter. “Warrior in the Age of Intelligent Machines.”
Wired, April 1995, 138.
Schweizer, Peter. Friendly Spies: How America’s Allies Are Using
Economic Espionage to Steal Our Secrets. New York: Atlantic Monthly
Press, 1993.
Skolnikoff, Eugene B. The Elusive Transformation: Science, Technology,
and the Evolution of International Politics. Princeton: Princeton
University Press, 1993.
Snyder, Jack. Myths of Empire: Domestic Politics and International
Ambition. Ithaca: Cornell University Press, 1991.
Steele, Robert D. “The Military Perspective on Information Warfare:
Apocalypse Now.” Keynote Address, Second International Conference on
Information Warfare: Chaos on the Electronic Superhighway, Montreal, 19
January 1995.
Steele, Robert D. “War and Peace in the Age of Information.”
Superintendent’s Guest Lecture, Naval Postgraduate School, 17 August 1993.
Stein, Arthur A. “Coordination and Collaboration: Regimes in an
Anarchic World.” International Organization. Spring 1982,
299-324.
Sterling, Bruce. “War is Virtual Hell.” Wired, Premiere 1993,
46-52.
Sterling, Bruce. The Hacker Crackdown: Law and Disorder on the
Electronic Frontier. New York: Bantam Books, 1992.
Stockton, Paul N. & Tritten, James J. Reconstituting America’s
Defense: The New U.S. National Security Strategy. New York: Praeger
Publishers, 1992.
Stoll, Clifford. The Cuckoo’s Egg: Tracking a Spy Through the Maze of
Computer Espionage. New York: Doubleday, 1989.
Thurow, Lester. Head to Head: The Coming Economic Battle Among Japan,
Europe, and America. New York: Warner Books, 1992.
Toffler, Alvin & Heidi. War and Anti-War: Survival at the Dawn of
the 21st Century. Boston: Little, Brown & Company, 1993.
Toffler, Alvin. The Third Wave. New York: William Morrow &
Company, 1980.
U.S. Congress. House. Committee on Science, Space, and Technology.
Subcommittee on Technology and Competitiveness. Hearings on Computer
Security. 102nd Cong., 1991.
U.S. Congress. Senate. Committee on Governmental Affairs. Subcommittee on
Government Information and Regulation. Hearings on Hackers Penetrate
Department of Defense Computer Systems. 102nd Cong., 1991.
U.S. Congress. Senate. Committee on Governmental Affairs. Subcommittee on
Government Information and Regulation. Hearings on Regarding the Computer
Security Act. 102nd Cong., 1991.
United States General Accounting Office. 1989. Report on Instances of
Unauthorized Access to Space Physics Analysis Networks. Washington: GPO.
United States General Accounting Office. 1990. Report on
Implementation of Computer Security Act. Washington: GPO.
United States General Accounting Office. 1995. Information
Superhighway: An Overview of Technology Challenges. Washington: GPO.
Van Duyn, J. The Human Factor in Computer Crime. Princeton:
Petrocelli Books, 1985.
Wallich, Paul. “Wire Pirates.” Scientific American.
March 1994, 90-102.
Wilson, Kevin G. Technologies of Control: The New Interactive Media
for the Home. Madison: The University of Wisconsin Press, 1988.
Contact the |
Visitors since 17 Nov 96 |