Please adjust the frame on the left to read the following story to avoid using the stroll bars at the bottom.
(c)1995 Matthew G. Devost _________________________________________________________________


A Thesis Presented
Matthew G. Devost
The Faculty of the Graduate College
The University of Vermont
In Partial Fulfillment of the Requirements
for the Degree of Master of Arts
Specializing in Political Science
May, 1995
_________________________________________________________________ TABLE OF CONTENTS
   [Note: Page Numbers Not Applicable for Electronic Version.]
   CHAPTER 1 - Introduction 1
   The Information Age 2
   The Knowledge-Based Economy 4
   CHAPTER 2 -. New Territory, New Concepts and New Warfare 10
   New Concepts: Information Warfare 14
   New Weapons 16
   HERF Guns 17
   EMP/T Bombs 18
   System intrusion 18
   Emissions capture and espionage 20
   Viruses, trojan horses and worms 21
   Normal accidents 24
   Information Warfare: Isolated Examples 24
   Operation Datastream 25
   The Hacker Spy 26
   Hacker Attacks During Gulf War 28
   Infrastructure Attacks 30
   The Phone System 31
   The Power Grids 33
   The Big Picture 34
   CHAPTER 3 - The Political Context of Information Warfare 38
   What is National Security 38
   Political Attractions of Information Warfare 41
   Low Cost 41
   Timely and Not Location Specific 42
   Anonymity 43
   Minimal Loss of Human Life 44
   First Strike Advantage 47
   Offensive Nature of Information Warfare 47
   Deterrents to Waging Information Warfare 48
   Economic Interdependence 49
   Fear of Escalation 52
   Lack of Technical Expertise 53
   Information Warfare as Terrorism 54
   The Realist/Liberal Approach to Information Warfare 56
   The Realist Approach to Information Warfare 57
   Problems with the Realist Approach 59
   The Liberal Approach to Information Warfare 61
   Problems with the Liberal Approach 62
   The Realist/Liberal Conflict 64
   The Strategic and Security Impacts of Technology:
   A Historical Perspective 68
   Decentralizing the Military: The Conoidal Bullet 69
   Information Warfare: The Bushnell Turtle of the Information Age 71
   CHAPTER 4 - National Security Solutions for the Information Age 74
   The Computer Security Act of 1987 74
   Operation Sundevil 76
   Information Warfare: A Threat Assessment Portfolio 77
   National Security Solutions for the Information Age 80
   Step One: Declassify the Threat 80
   Step Two: Increase Security 81
   Step Three: Increase Vendor Accountability 82
   Step Four: Facilitate Private/Public Sector Cooperation 83
   Step Five: Conceptualize Our Information Sphere 84
   Step Six: Multi-Level Education 88
   Step Seven: Use Hackers as a National Resource 90
   Step Eight: Global Institutions and International Agreements 95
   Conclusion: National Security in the Information Age 96
   This thesis examines the impact information technologies have had on
   the national security of the United States. It looks at how these
   technologies have evolved into a significant component of the
   economic, military, and social construct of the nation resulting in a
   transition from the Industrial Age to the Information Age.
   It introduces a new paradigm for conflict among nations based upon
   attacking information infrastructures. The political attractions and
   deterrents to using these new information warfare methods are
   discussed at great length. The debate is then placed in a traditional
   realist/liberal context and examined from both perspectives,
   suggesting ways in which each side would remedy the national security
   threat. Historical technological developments are explored and
   contrasted with new technology to develop hypotheses regarding the
   future strategic impacts that these new technologies will have.
   An increased reliance on information technology which is highly
   vulnerable to failure and sabotage has created a new risk to the
   national security of the United States. These vulnerabilities will be
   exploited during any conventional military conflicts between nation
   states, but several political deterrents including economic
   interdependence and fear of escalation decrease their attraction
   during peacetime. Despite this, the political and strategic
   attractions of information warfare make it a likely terrorist weapon.
   The final chapter offers policy prescriptions and solutions for
   integrating these concerns into the framework of the United States'
   grand strategy to decrease the security threat and facilitate
   international cooperation in this area.
   I am greatly indebted to a number of people who have made this thesis
   possible. First and foremost, my parents, family and friends who have
   provided unlimited support and encouragement. This thesis is dedicated
   to them.
   A special acknowledgment to Robert D. Steele. From the beginning, he
   has provided encouragement and opportunity. The scholarship he
   provided to attend his International Symposium: "National Security and
   National Competitiveness: Open Source Solutions," allowed me to
   exchange ideas with innovators and experts from around the world.
   Special thanks to Dr. Mich Kabay and the National Computer Security
   Association for giving me the opportunity to speak at the Second
   International Conference on Information Warfare.
   Within the University of Vermont: Professor Cherie Steele, for her
   patience and dedication as my thesis advisor; Professors Tony
   Gierzynski and Tom Streeter, for sitting on my thesis committee; and
   Professor Tom Rice and the rest of the Political Science department
   for providing support and funding for my graduate research.
   Many others were helpful, perhaps without realizing it: Winn
   Schwartau, Bob Stratton, Eric Hughes, Emmanuel Goldstein, and numerous
   members of the digital underground.
                                 Chapter 1
   Conceptions of national security can and do change. A series of new
   threats to American national security have developed with our
   transition into the Information Age. New technological developments
   and an increased reliance on computer-based technology will cause a
   shift in conceptions of national security for all advanced
   post-industrial societies. Nations face the danger of having their
   information infrastructures destroyed, altered, or incapacitated by
   new offensive technologies. Accordingly, grand strategies must
   integrate these new threats and vulnerabilities into their general
   framework. Although Eugene Skolnikoff argues that the vulnerability of
   large systems is rarely noticed until disruption or catastrophe
   occurs(1), this thesis argues that these issues must be dealt with
   pre-emptively to minimize their economic and political costs.
   Political scientists and political leaders must recognize and examine
   the threats posed by new technology and how it will effect both
   national and international political relationships. This thesis
   provides an introduction to these new technologies and suggests ways
   they have been utilized in the past to threaten the national security
   of the United States. The threat is also placed in a theoretical
   political context by examining how it relates to paradigm-shifting
   technologies of the past, what its political attractions and
   deterrents are, and how it would be analyzed and addressed within
   traditional realist/liberal national security schools. It concludes
   with policy prescriptions to assist policy makers in the transition to
   a new national security agenda that includes the concepts examined in
   this thesis.
   The need for work in this area is great. Very little work has been
   done in the political science field to examine security issues related
   to information technology.(2) David Ronfeldt argues that "with few
   exceptions, policy makers and analysts are just beginning to discern
   how government and politics may ultimately be affected by the
   information revolution."(3) As a result, this thesis draws from a wide
   range of material that has been taken from multiple disciplines and
   weaves it all to reveal national security vulnerabilities and what can
   be done about them.
   The Information Age
   The United States is making a transition to a new age. Alvin Toffler
   referred to this transition as the Third Wave(4), in his 1980 book of
   the same title.(5) According to Toffler, the pattern of societal
   development follows a series of waves, each of a lesser timespan than
   the previous. Toffler writes:
   Until now the human race has undergone two great waves of change, each
   one largely obliterating earlier cultures or civilizations and
   replacing them with ways of life inconceivable to those who came
   before. The First Wave of change - the agricultural revolution - took
   thousands of years to play itself out. The Second Wave - the rise of
   industrial civilization - took a mere three hundred years. Today,
   history is even more accelerative, and it is likely that the Third
   Wave will sweep across history and complete itself in a few
   Toffler's predictions about the coming Third Wave were written over
   fifteen years ago, and the societal revolution he predicted is readily
   acknowledged today as the Information Revolution.
   This terminology is used by the leaders of the United States to
   describe the transition to a knowledge-based economy. Vice President
   Al Gore argues that "we are in the midst of an Information
   Revolution."(7) President Clinton often speaks of the Information Age
   and during his presidency he has created various working groups and
   committees to develop the foundations for a National Information
   Infrastructure.(8) Various scholars argue that the United States has
   already made the transition into the Information Age and that a
   majority of our jobs are already knowledge-based jobs.(9) In fact the
   decline in industrial based jobs looks very similar to the decline in
   agricultural jobs brought about by the transition from the First to
   the Second Wave. The swell of the Third Wave is already visible and
   its crest no longer unimaginable.
   The Knowledge-Based Economy
   If this coming Sunday, you were to sit down and read the entire New
   York Times, you would absorb more information in that one reading that
   the average person absorbed in a lifetime in Thomas Jefferson's
   Information revolutions are not new. Gutenberg's printing press
   launched an information revolution over five hundred years ago. His
   invention allowed for the mass distribution of information, permitting
   common men to posses otherwise scarce texts like the Bible. This
   created less reliance on hierarchical sources of authority for
   interpretation of texts and granted anyone with the resources to
   operate a printing press access to large audiences. To take the
   argument even further, author Kevin Kelly argues that cultural
   advances, like the printing press "prepared a possibility space that
   allowed human minds and bodies to shift so that some of what it once
   did biologically would afterwards be done culturally."(11) Under this
   view, the printing press served a dual purpose. It revolutionized the
   way human beings interact and it contributed to our evolution by
   decreasing the amount of information our minds needed to store. In
   this regard, the Information Revolution is similar to the printing
   revolution. Computers increase our capacity to store and search for
   information externally.
   Other mediums of communication might be considered revolutionary as
   well.(12) One need only think of the changes brought about by the
   invention of the telephone, radio, and television to realize that
   information revolutions have their place in history. Each of these
   technologies increased our capacity to communicate over great
   distances. In some cases, the communication took place over physical
   cables, and in other cases the communication took place over frequency
   waves with no physical connection required. How does this information
   revolution promise to be different?
   The difference is our increased ability to access, distribute and
   store incredibly large quantities of information in very little time.
   It is now possible to send the entire Encyclopedia Brittanica across
   the country in about two seconds.(13) Access to large quantities of
   information through electronic communications is a realizable goal
   anywhere there is access to a standard phone line or cellular cell. In
   the near future, a series of low orbit satellites will allow
   electronic communications technology to be utilized from any location
   on earth.(14) In addition to this, the Internet, currently the world's
   information backbone, is increasing at a rate of twenty-five percent
   per month and the World Wide Web has been experiencing growth rates of
   341,634 percent per year.(15)
   With this increase in interconnectivity and information resources, the
   labor force of a Third Wave nation becomes knowledge-based. Peter
   Drucker writes:
   The basic economic resource - "the means of production," to use the
   economist's term - is no longer capital, nor natural resources, nor
   labor. It is and will be knowledge. The central wealth making
   activities will be neither the allocation of capital to productive
   uses, not labor - the two poles of nineteenth and twentieth century
   economic theory, whether classical, Marxist, Keynesian, or
   neo-classical. Value is now created by productivity and innovation,
   both applications of knowledge to work. The leading social groups of
   the knowledge society will be knowledge workers and knowledge
   executives who know how to allocate knowledge to productive use, just
   as the capitalists knew how to allocate capital to productive
   use...Yet, unlike the employees under Capitalism, they will own both
   the means of production and the tools of production.(16)
   Other scholars have expressed similar sentiments. Daniel Bell echoes
   Drucker's argument when he proposes that "the crucial point about a
   post-industrial society is that knowledge and information become the
   strategic and transforming resources of the society, just as capital
   and labor have been the strategic and transforming resources of the
   industrial society."(17)
   The key financial institutions of knowledge-based societies also
   become information-based. A majority of the financial transactions
   within the United States do not involve the physical transfer of
   capital or physical representations of money such as gold or currency,
   but rather the transfer of information. For example, when money is
   loaned between institutions no physical transfer of funds takes place.
   Instead, the informational representation of money is exchanged.
   Information now represents money and "finance no longer has anything
   to do with money, but with information."(18) Whereas industrial
   societies were concerned with protecting physical capital and
   providing safe routes for the transport of resources, information
   societies must be concerned with protecting information and the
   transfer of information. Where the destruction of bridges was a threat
   to the national security of an industrial society, the destruction of
   information networks, especially those involved with financial
   transactions, is a threat to the national security of information
   This is the nature of conflict of the Information Age. Where the
   politics of the last one hundred years centered around Industrial Age
   technology, the politics of the future will be based on Information
   Age concerns oriented towards the storage, protection and exchange of
   information. The premiere issue of the magazine designed for the
   Information Age, appropriately named Wired, had this to say about the
   emergence of new technology.
   The medium, or process, of our time - electronic technology - is
   reshaping and restructuring patterns of social interdependence and
   every aspect of our personal life. It is forcing us to reconsider and
   re-evaluate practically every thought, every action, and every
   institution formerly taken for granted.(19)
   The purpose of this thesis is take this concept one step further. It
   will demonstrate that with the Information Age comes new threats to
   the infrastructure of the United States. It will show that our
   reliance on computer technology and our quick transition into a
   knowledge-based economy has left us vulnerable to attack, and that
   vulnerability creates difficult political dilemmas that must be dealt
   with should we wish to continue following the currents of the Third
   In Chapter Two, a new paradigm for conflict based upon attacking
   information infrastructures is introduced and examples are given to
   demonstrate how this new paradigm is rapidly developing to threaten
   the security of Third Wave nations. Chapter Three then places the
   issue in a theoretical context by examining the political advantages
   and deterrents to nations utilizing the capabilities of new technology
   for offensive purposes. The issue is then examined from both the
   realist and liberal perspective to speculate how each side would
   respond to the acknowledged national security threat. Similarities to
   historical technological developments are explored and contrasted with
   new technology to develop hypotheses regarding the future strategic
   impacts that these new technologies will have. The final chapter
   offers policy prescriptions and solutions for integrating these
   concerns into the framework of the United States' grand strategy in
   order to decrease the security threat and facilitate international
   cooperation in this area.
                                 Chapter 2
                New Territory, New Concepts and New Warfare
   What is the National Information Infrastructure? For the purposes of
   this paper, the NII is defined as the physical and virtual backbone of
   an information society and includes, at a minimum, all of the
     * Financial networks: used for the transfer of information between
       financial institutions.
     * Private corporate and institutional networks: Used for the
       exchange of information between international components of the
       same organization.
     * Public fee accessed networks: Telephone networks and other
       privately provided communications networks.
     * Cooperative networks: Used to link educational and research
       facilities for mutual benefit, as is the case with the Internet.
     * Subscription networks: Fee based access to enclosed virtual
       communities as is the case with Prodigy, Compuserve and America
       On-line. Also, increasingly connected to cooperative networks to
       create large national networks for the exchange of information.
     * Government and defense networks: Used for government and defense
       communications. Department of Defense networks used for C3I
       (command, control, communications and intelligence.)
     * Computer reliant public utilities: Power plants, water and sewage,
       transportation vehicles and traffic systems.
     * Computer reliant technology: Environment and security control in
       large buildings, chip reliant cars, and a plethora of other
   This rather broad list has been compiled to demonstrate our current
   reliance on computer technology. The National Information
   Infrastructure is usually described as a utopian network for the
   cooperative exchange of information. However, from a security
   perspective, the NII encompasses a much more extensive sphere. Not
   only does it include systems required for the flow of information, but
   the hardware those information flows have helped create, as well.
   Where information flows are concerned, one might separate information
   content into three distinct groupings with occasional overlaps:
   1) Military information, which deals with actual military
   developments, top secret operations, intelligence, systems control,
   correspondence between high ranking officials, troop files and credit
   ratings, general troop activities and lower level correspondence.
   2) Business information, which consists of business records, bank
   transactions, individual credit records, business systems, and other
   financial transactions.
   3) Personal information, which includes individual credit records,
   personal systems, files and correspondence between individuals.
   An attack or threat on lower levels of information, credit card fraud
   for example, is more of an inconvenience than a national security
   threat. Replacement costs may be high for this type of information,
   but the costs are not nearly as high as they are for military or
   business information. A successful attack on just a few business
   information systems could cause a severe lag in the American economy.
   Robert Steele notes that "It costs a billion dollars and takes six
   weeks to recover from a one day bank failure and we have them all the
   time."(21) If Wall Street suddenly closed down, or if bank
   transactions suddenly disappeared the United States would lose
   hundreds of billions of dollars. It is estimated that the daily value
   of telephone transactions on Wall Street alone, is in excess of one
   trillion dollars.(22)
   A potential attack on military information, especially that which is
   classified, poses a national security threat from a strategic
   standpoint. From a command and control perspective, denying
   communications capability or altering and destroying intelligence can
   have profound effects on the capabilities of modern militaries.
   General Colin Powell notes that "A downsized force and a shrinking
   defense budget result in an increased reliance on technology, which
   must provide the force multiplier required to ensure a viable military
   deterrent... Battlefield information systems became the ally of the
   warrior. They did much more than provide a service. Personal computers
   were force multipliers."(23) Whereas Sun Tzu regarded the skillful
   command of troops as having the potential "of round boulders which
   roll down from mountain heights,"(24) in today's military it would be
   round boulders capable of rolling by themselves, both on flat ground
   and up steep grades. Soldiers in battle are less reliant on a
   hierarchical command structure and are capable of making more
   autonomous decisions based on an increased ability to receive and
   analyze real-time information regarding the condition of the
   battlefield. In this situation, the emphasis is not on the function of
   command, but on maintaining the supply and value of the
   Robert Steele argues that information warfare is "about applied
   intellect - it is about harnessing intellect and protecting intellect,
   and it is above all about providing the commander - including the
   civil commander in the role of political, economic, or cultural leader
   - with survivable, reliable, decision-support through war and
   operations other than war, on the home front as well as on the
   traditional front line - and to do so largely with 'out of control'
   civil resources."(26) With military command and control placed in this
   context, threats to national security are present not only when
   military communications are targeted, but also when civilian support
   to operations is targeted. One cannot harness the distributed
   intelligence of a nation if the information content is diverted or
   What threat is posed to American national security if, during a war,
   the enemy were able to get information on troop movements or discover
   flaws in one of our weapons systems? Or if the Soviets, during the
   Cold War, had been able to access information on the Strategic Defense
   Initiative or stealth aircraft designs? What if one fourth of all the
   computer systems in America stopped working one day?
   New Concepts: Information Warfare
   Information warfare is about destroying information, reducing
   information flows, reducing the reliability of information content,
   and denying access to services. Author and security expert Winn
   Schwartau writes:
   Information warfare is waged against industries, political spheres of
   influence, global economic forces, or even against entire countries.
   It is the use of technology against technology; it is about secrets
   and the theft of secrets; it is about turning information against its
   owners; it is about denying an enemy the ability to use both his
   technology and his information.(27)
   Historical patterns reveal that information warfare is undoubtedly
   warfare of the future. Traditionally, warfare has followed the
   different waves of development in society. Science has always been
   applied to war.(28) Agrarian society saw the development of the
   crossbow. As scientific capacity increased, so did the weapons
   societies used in warfare. As nations industrialized, they used their
   factories to create tanks. As our capacity to understand physics
   increased, we used nuclear fission to deal devastating blows from high
   altitudes. Today, computer-guided electronics allow us to deal even
   more damage from the comfort of an underground bunker thousands of
   miles away. As we move, or have already moved, into the Third Wave or
   Information Age, it is only natural that our weapons or means of
   warfare will follow.
   Information warfare, as a concept, is not entirely new. In 1912, when
   the British cableship Telconia hauled up and cut the five cables that
   linked Germany to the outside world: (two to the Azores and North
   America, one to Vigo, one to Tenerife, and one to Brest); the British
   were waging information warfare.(29) The British recognized the
   strategic significance of wartime communications and utilized their
   capabilities to hinder Germany's ability to communicate. Likewise,
   when the United States intercepted and decrypted Japanese
   communications intelligence during wartime operations and diplomatic
   negotiations, the United States was waging information warfare.(30)
   The only problem with these examples is that the environment in which
   they took place is not as relevant today. These attempts at
   information warfare were waged against industrial societies in which
   information was just one valuable asset, ranked lower on the hierarchy
   of strategic importance than protection of the industrial base.
   Today's Third Wave societies are no longer based entirely on
   industrial concepts and information has a higher strategic value now
   than it has had at any point in history. This means that information
   warfare poses a greater threat to national security in the Information
   Age than it did in the Industrial Age. In fact, for several reasons
   illustrated later, information warfare may become the preferred method
   of conflict among Third Wave nations. General Gordon Sullivan and
   Colonel James Dubik acknowledge that "To succeed against an industrial
   state generally requires the destruction not only of its army, but
   also of the military infrastructure, resources and manufacturing base
   of the total war-making capability. Achieving victory against an
   information-based state will entail destroying that country's armed
   forces, as well as destroying its war-making capability (which may
   well include industrial and information-related targets) and its
   information systems."(31) Not only is information warfare an entirely
   new paradigm for waging war, it must also be adopted as a supplement
   to traditional and conventional means of warfare if successful
   campaigns are to be waged.
   New Weapons
   With a new type of warfare comes a new breed of weapons. In order to
   understand the vulnerabilities of systems and the capabilities of
   possible adversaries, a brief overview of offensive information
   warfare weaponry is required.
   HERF Guns. High Energy Radio Frequency guns allow adversaries to
   create denial-of-service scenarios against a wide variety of targets.
   The concept behind the HERF Gun is very simple and they are incredibly
   easy to build. Depending upon the size of the power source used and
   range or accuracy desired, HERF guns can be designed to take many
   different shapes and forms. HERF Guns direct a blast of high energy
   radio signals at a pre-selected target. Schwartau explains:
   Electronic circuits are more vulnerable to overload than most people
   realize, and that weakness is exploited by a HERF Gun. A HERF Gun is
   nothing more than a radio transmitter, conceptually similar to the
   real tall ones with blinking red lights on top to keep planes from
   hitting them. Your portable CB or cellular phone are also radio
   transmitters, with different purposes, working at different power
   levels. The HERF Gun shoots enough energy at its target to disable it,
   at least temporarily. A HERF Gun can shoot down a computer, cause an
   entire network to crash, or send a telephone switch into electronic
   orbit. The circuitry within modern computer and communications
   equipment is designed for low-level signals; nice quiet 1s and 0s
   which operate within normal limits. The HERF Gun is designed to
   overload this electronic circuitry so that the information system
   under attack will become, at least temporarily, a meaningless string
   of babbling bytes.(32)
   The damage that a HERF Gun can do when directed at a variety of
   creatively selected targets is clearly obvious. Not only is a
   situation created in which information systems fail, but it becomes
   extremely difficult to identify the cause of failure.
   EMP/T Bombs. Electromagnetic Pulse Transformer Bombs operate under the
   same principle as HERF Guns; however, they are thousand times more
   powerful.(33) Also, the damage induced by EMP/T Bombs is permanent.
   Governments have been concerned with the threat of electromagnetic
   pulse since the invention of the atomic bomb. A 1980 Federal Emergency
   Management Agency report concluded that the following hardware would
   be most susceptible to failure from EMP: computers, computer power
   supplies, transistorized power supplies, semiconductor components
   terminating long cable runs (especially between sites), alarm systems,
   intercom systems, life support system controls, telephone equipment,
   transistorized receivers and transmitters, transistorized process
   control systems, power control systems, and communications links.(34)
   If EMP/T Bombs were detonated over densely populated urban areas, the
   results would be disastrous. Not only would all communications and
   electronic equipment fail, but the city would also experience a
   blackout, thus creating a prime environment for civil unrest and
   System intrusion. Interconnected communications and computer systems
   are also susceptible to intrusion. Commonly referred to as hacking,
   system intrusion creates a wide variety of security concerns. Hacked
   systems can be utilized for information gathering purposes,
   information alteration, and sabotage. Vulnerabilities exist in almost
   every externally networked computer in the United States. A report
   prepared by the Computer Security division of the National Institute
   of Standards and Technology notes that "connectivity allows the hacker
   unlimited, virtually untraceable access to computer systems."(35) An
   entire subculture dedicated to the issues concerning hacking has
   developed and its numbers increase substantially every year. In the
   summer of 1994, over one thousand people from around the world
   descended on New York city for an organized convention called "Hackers
   on Planet Earth."(36) Being a sensational subject, computer hacking
   has also generated a lot of attention in the American media. The
   recent apprehension of known computer hacker Kevin Mitnick generated a
   plethora of front page stories across the nation. Unfortunately, with
   this media attention, the term hacker itself has taken on an entirely
   new meaning. Steven Levy first described hackers as computer
   explorers, "adventurers, visionaries, risk-takers, artists... and the
   ones who most clearly saw why the computer was a truly revolutionary
   tool."(37) Levy's hackers were the pioneers of the computer industry:
   Steven Jobs, Bill Gates and Stephen Wozniak. These are men who are
   recognized today as establishing a competitive advantage in personal
   computer hardware and software for the United States. Today, the term
   hacker is often used to indicate a computer criminal. This creates a
   difficult dilemma for those who wish to use the term with positive
   connotations. For the purposes of this paper, the term is used in both
   capacities, with the focus not on the intent of hackers or computer
   criminals, but on their capabilities. Intent, reliability and
   disposition only come into play when computer explorers are considered
   a potential national security asset in Chapter Four.
   Emissions capture and espionage. Computer hackers can also utilize
   several tools for the capture of vital information secrets such as
   passwords or data. Van Eck emissions enable hackers to capture the
   contents of computer screens from up to two hundred meters away.(38)
   Devices designed to capture these emissions can be developed at very
   low cost. To further complicate the matter, current government
   regulations prevent non-governmental organizations from protecting
   themselves by installing TEMPEST(39) equipment.(40) Information and
   telecommunication networks are also easily monitored for information
   that might be utilized for system intrusion.(41)
   Viruses, trojan horses and worms. Viruses, trojan horses and worms
   have huge destructive potential. Perhaps the greatest threat of the
   three is the computer virus, a program which has the ability to attach
   itself to legitimate files and then propagate, spreading much like an
   infectious disease from computer to computer as files are exchanged
   between them. The more interactivity a computer has with other
   computers the higher the chance of it contracting a virus. The virus
   continues to hide itself until a certain criterion is met. These
   criteria change from virus to virus, but some of the most deadly are
   viruses that wait a certain length of time before initiating their
   destructive capabilities. This insures that the virus has had enough
   time to copy itself to many systems, thus increasing its damage
   potential. Once the criteria are met, the virus can attack a system in
   one of many ways: by erasing files, destroying hard disk drives, or
   corrupting databases.
   Imagine a virus that spreads to a bank computer and then randomly
   modifies numbers within a database, or simply causes the bank's
   computers to shut down. The potential for damage is enormous, but it
   is mostly monetary damage. Now imagine that same virus attacks a
   hospital computer system. Human lives are at stake, making that virus
   a tool of murder no less dangerous than a loaded weapon. Viruses are
   very difficult to protect against because a copy of the virus is often
   needed to create a vaccine or program to detect it. We do not usually
   find copies of the virus until they have caused damage. It has been
   estimated the cost of removing the viruses infections over the next
   five years will be over $1.5 billion - not taking into account the
   value of the data that will be destroyed.(42) There are already many
   documented cases of companies losing millions of dollars in business
   and thousands of hours of computing time due to viruses attacks.(43)
   That number will only increase in the future.
   By 1992 there were over 1,500 catalogued viruses in the West, with
   that number expected to have doubled by the end of 1993(44) One of the
   most popular was the Michaelangelo virus, which received news coverage
   on all the major television networks. What many Americans do not
   understand is that Michaelangelo is just one of many potential
   attackers of their computer systems. In Bulgaria, companies have set
   up virus factories producing more viruses than the anti-virus industry
   can combat. How should the U.S. deal with companies whose only concern
   is to produce destructive software? This is one of the many questions
   we must ask ourselves when creating policies to ensure safe computing
   in future years.
   The trojan horse derives its name from the famous attack on the city
   of Troy, and operates much like the trojan horse of ancient times. A
   trojan horse is a program that pretends to be a benign program but is
   really a program of destruction. The program tricks the user into
   running it by proclaiming to perform some useful function; however,
   once initiated it can be as destructive as a virus. Trojan horses are
   less of a danger because they are easily destroyed: one simply deletes
   the program, since they contain no means of copying themselves
   The worm operates much like a virus, but is can travel along a network
   on its own. Perhaps the best known worm was the one created in 1988 by
   Robert Morris, the son of an National Security Agency official. Morris
   created a worm to seek out sites on the Internet by traveling along
   its many connections and copying itself onto remote computers. Morris'
   worm was not created to damage any systems, but he made an error in
   designing the program. This error caused the worm to begin propagating
   itself at an exponential rate, slowing down Internet sites and causing
   communications to come to a standstill. The reaction among Internet
   users and system administrators was mass hysteria. The following are
   some highlights of the events as they unfolded over the course of
   twelve hours
   5:00 p.m. - Morris launches his worm onto the Internet
   8:00 p.m. - System operators at computer systems across the nation
   begin noticing that something is slowing their computer system down.
   2:38 a.m. - The virus has spread onto many systems including the
   Lawrence Livermore National Laboratory, NASA Ames Laboratory, Los
   Alamos National Laboratory, and the Department of Defense's Milnet
   - A worried system operator releases the following message onto the
   Internet. "We are currently under attack by a computer virus."
   5:00 a.m. - An estimated 6,200 computers have been infected in the
   course of 12 hours. System operators begin breaking network
   connections to protect their systems. Later calculations revealed that
   only around 2000 computers had been attacked.
   Days later, system operators were still cleaning up and containing the
   Internet worm which had caused over one million dollars in damage.(45)
   Morris was convicted for the damage initiated by his worm and
   sentenced to three year's probation, a $10,000 fine and four hundred
   hours of community service.(46) Though Morris's actions were illegal,
   he managed to expose the vulnerability of the computer networking
   system. If one college student could do so much damage by accident,
   what could a rogue nation or terrorist group do on purpose?
   Normal accidents. In his 1985 book, Charles Perrow discusses threats
   posed by accidental failure of advanced technology.(47) The same
   threats exist with computer technology and information systems. It is
   not uncommon to read in the newspaper about power lines being cut
   causing airports to shut down for extended periods of time or for
   unexplainable electronic gremlins to cause multiple failures at great
   cost. This was the case in Chicago in September 1994 when several
   unexplainable electronic failures shut down airports and financial
   institutions throughout the city.(48)
   Information Warfare: Isolated Examples
   Although there have been several examples in which national security
   has been breached in the past five years, no single event constitutes
   an enduring national security threat. But collectively, these events
   highlight a national security threat based upon internal weaknesses in
   the security of information technology systems in the United States.
   Operation Datastream
   Recently released information reveals that a sixteen-year-old computer
   hacker from Britain was able to infiltrate United States Department of
   Defense computer systems for seven months without being detected. He
   obtained access to ballistic weapons research, aircraft design,
   payroll, procurement, personnel records and electronic mail. In all,
   over one million passwords were compromised. The Ottawa Citizen
   reports that "the U.S. Defense Information Systems Agency admitted in
   a private briefing, which has been confirmed, that the hackers had
   affected the departments' 'military readiness'."(49)
   It is also believed that the hacker had access to sensitive and
   classified computer databases regarding nuclear inspection details in
   North Korea.(50) The security implications in this case are
   intensified by the fact that information could have been altered. Had
   the North Korean government had access to this information, it is
   possible that they might have altered databases and communications to
   assist their development of nuclear weapons. In fact, there is no
   evidence to suggest that North Korea was not involved in operations of
   this sort on its own. It is acknowledged that the only reason the
   British hacker was caught is because he left his computer terminal
   connected to a U.S. defense computer overnight.
   This is obviously a case where information warfare techniques have
   substantial implications. Nuclear weapons are regarded as one of the
   most devastating threats to the physical security of nation states.
   This case demonstrates that information warfare can be used to assist
   nuclear proliferation, creating two major security concerns. North
   Korea might have been able to alter inspection reports and falsify
   data to cover up their nuclear proliferation efforts, or it might have
   utilized the information to find out which sites the United States was
   targeting for inspection.
   The Hacker Spy
   Perhaps the best publicized account of a hacker breaking into U.S.
   military computer systems took place in 1986 when Cliff Stoll at the
   Lawrence Berkeley Laboratory (LBL) discovered a German hacker using
   the university's computer to access sensitive databases. Stoll's
   adventure began when he found a seventy-five cent error in the LBL
   accounting system that tracks system usage and then bills the correct
   party. By exploring the accounting software, Stoll found that a user
   named Hunter had used seventy-five cents worth of computing time in
   the last month. Stoll also discovered that Hunter did not have a valid
   billing address, so he had not been properly charged. Through much
   work, Stoll discovered that Hunter was in fact a computer intruder, a
   hacker using LBL's system to access other systems. In most cases the
   user would have been shut out, but Stoll, an astronomer by trade, not
   a computer security expert, decided to track the activity of the
   When Stoll first discovered that the hacker was accessing military
   computers, no one believed him. The people in charge of maintaining
   these sensitive systems did not know, nor did they believe, that a
   hacker had entered their system. Stoll had a even harder time trying
   to convince law enforcement agencies that this was indeed a crime
   worthy of having the hacker's call traced. This one hacker attempted
   to break into many military computer installations including the
   Redstone Missile Command in Alabama, the Jet Propulsion Laboratory in
   Pasadena, and the Anniston Army Depot. In many of the cases the hacker
   successfully gained full access to computer systems and searched for
   keywords like stealth, nuclear, White Sands and SDI.(52) When he found
   the files he copied them to his home computer.
   The search for the hacker continued for almost a year. The activity
   was eventually traced to a West German citizen named Markus Hess.
   Hess, a member of the hacker group called the German Chaos Computer
   Club, used the pseudonym Pengo among his colleagues. He was known as
   one of the best hackers in the Hannover area. On February 15, 1990,
   Hess and two colleagues were convicted of espionage for selling
   secrets to the KGB.(53)
   Surely one must look at this case as a threat to U.S. national
   security, especially in the context of the Cold War. Gone are the days
   of searching for Ivans in elite factions of the U.S. military. Now any
   twenty-year-old German drug addict can accomplish the same thing from
   an apartment in West Germany. The vast computer networks gives him the
   means, and the lax security of the United States computer systems
   allows him to gain access to them and compromise national interests.
   Hacker Attacks During Gulf War
   The United States inability to protect its computer systems was
   demonstrated by attacks on Department of Defense computer systems
   during the war with Iraq. Testimony before a Senate committee
   confirmed that during April and May of 1991, computer hackers from the
   Netherlands penetrated thirty-four Department of Defense computer
   sites. Here are few highlights from the report:
   At many of the sites, the hackers had access to unclassified,
   sensitive information on such topics as (1) military
   personnel--personnel performance reports, travel information, and
   personal reductions; (2) logistics - descriptions of the type and
   quantity of equipment being moved; and (3) weapons system development
   data. Although the information is unclassified, it can be highly
   sensitive, particularly during times of international conflict. For
   example, information from at least one system, which was successfully
   penetrated at several sites, directly supported Operation Desert
   Storm/Shield. In addition, according to one DOD official, personnel
   information can be used to target employees who may be willing to sell
   classified information.(54)
   U.S. soldiers put their lives on the line to fight a war for a country
   that cannot even protect the sensitive information related to their
   activities, let alone personal data that could be used against their
   families. What is most distressing about the report is its conclusion
   that the hackers exploited known security holes to gain access to a
   majority of these systems. The United States government knew that
   these security holes were there, yet it did nothing to fix them. The
   report also indicates that the hackers "modified and copied military
   information,"(55) and that many of the sites were warned of their
   vulnerability but failed to realize the implications. The report ended
   with a warning of things to come: "Without the proper resources and
   attention, these weaknesses will continue to exist and be exploited,
   thus undermining the integrity and confidentiality of government
   The Dutch hackers are one of the most respected hacking groups in the
   world. Luckily for the United States, the Dutch exploits were for
   educational purposes only. Their attacks were blatant, open and
   recorded by video.(57) In order to ensure that their explorations were
   noticed they created a user account named after Vice President Quayle.
   Had the Dutch hackers been acting with malicious intent, or under the
   sponsorship of another nation state, who knows how much damage they
   could have inflicted on Allied operations in the Gulf War.
   Infrastructure Attacks
   The three examples given above demonstrate instances where sensitive
   military information was accessed, erecting a breach of security with
   serious national security implications. Although these attacks were
   dangerous, they caused very little damage to the flow of information.
   Attacks that target information infrastructures with the intent to
   damage information flows are of equal, if not greater, concern.
   In an information-based or knowledge-based economy, denying access to
   information transfers causes economic instability. However, due to the
   infancy of the information-based economy and an increased hesitance to
   report instances where damage is incurred, there are very few examples
   in which individual actors have inflicted this sort of damage.
   Instead, this section will focus on examples of accidental failure
   that demonstrate vulnerabilities in the infrastructure of Information
   Age societies.
   The Phone System
   On January 15, 1990 seventy million phone calls went uncompleted.(58)
   In Queens, New York two teenage hackers wondered if they were to blame
   for the outage.(59) The phone company also wondered if hackers might
   be at fault as well. In fact, several hackers were being closely
   monitored for illegally accessing, altering and using various phone
   switches. As it turned out, a programming error was to blame for the
   failure, however, a sense of urgency regarding the security of the
   phone networks was established.(60)
   Crashes since then have not been uncommon. Steven Bowman writes:
   Telephone switching stations which are scattered about the U.S. cities
   are crucial to our communications network. They are squeezed into any
   number of unprotected locations. In 1992, a failed AT&T switching
   station in New York put both Wall Street and the New York Stock
   Exchange out of business for an entire day, with an estimated loss of
   billions of dollars in trading value. The failure resulted in 4.5
   million blocked domestic long distance calls, nearly 500,000
   interrupted international calls, and the loss of 80 percent of the
   Federal Aviation Administration's circuits. A similar failure on
   November 5, 1991, in Boston resulted in a 60 percent loss of calls in
   that area.(61)
   Today, the security of the phone networks upon which rely for everyday
   communications and business transactions is still questionable.
   Reports, detailing the recent arrest of America's most wanted computer
   hacker, Kevin Mitnick noted that Mr. Mitnick manipulated telephone
   company switches to disguise his whereabouts.(62)
   We rely on telephone communications daily. Many American businesses
   would be unable to function without them. Not only is there an
   inherent vulnerability of this service being denied, but phone lines
   can also be manipulated to divert calls to competitors or can be
   eavesdropped upon. In what has been called the Hacker Wars, competing
   hacker groups within the United States used such techniques on a daily
   basis. Not only did they manipulate phone switches, but they also
   gained access to numerous private computer networks, including some
   military sites. Though losses were minimal, it is only because phone
   system crashes have been isolated and uncoordinated. Should someone
   target several large phone networks at once, the results would be more
   than an inconvenience. It would have a devastating effect on the
   economic prosperity of many businesses. Should the denial of service
   be maintained for extended periods of time, many businesses,
   government agencies, and even some military installations would be
   electronically paralyzed.
   The Power Grids
   Power grids, like telephone networks, are prone to failure, both
   accidental and intentional. Stephen Bowman writes:
   The United States power system is divided into four electrical grids
   supplying Texas, the eastern states, the midwestern states and the
   northwestern states. They are all interconnected in Nebraska. A unique
   aspect of the electrical grids, as with communication grids, is that
   most built-in computerized security is designed to anticipate no more
   than two disruptions concurrently. In other words, if a primary line
   went down, the grid would ideally shut off power to a specific section
   while it rerouted electricity around that problem area. If it ran into
   two such problems however, the grid is designed to shut down
   The national security implications of major power failures are
   obvious. Blacking out several large cities at once would result not
   only in large economic losses, but would likely spawn civil unrest and
   chaos. One need only think of the damage inflicted by the Los Angeles
   riots in 1992. For social reasons, outside the realm of this paper,
   our cities have become highly unstable and prone to disruption. Amory
   B. and L. Hunter Lovins note that "However caused, a massive
   power-grid failure would be slow and difficult to repair, would
   gravely endanger national security and would leave lasting economic
   and political scars."(64)
   The Big Picture
   Are you telling me that we spend almost $4 trillion dollars, four
   goddam trillion dollars on defense, and we are not prepared to defend
   our computers?(65)
   Isolated incidents of electronic communications, computer, and power
   failures are inconveniences with heavy price tags, but they are not a
   threat to the national security of the United States. Accidents
   happen. We are prepared to deal with most. We are not, however,
   prepared to deal with an internal or external attack on our entire
   information infrastructure as defined earlier in this chapter. Nor are
   we prepared to deal with the domestic and international political
   consequences that such vulnerabilities create, as will be discussed in
   chapter three.
   I wish to conclude this chapter by bringing all the pieces together in
   a hypothetical threat assessment so that an in depth evaluation of the
   security implications can be discussed. It is estimated that with as
   little as 1 million dollars and less than twenty well trained men, the
   infrastructure of this nation can be brought to its knees.(66) More
   conservative figures estimate it at 100 million dollars and 100
   men.(67) Never before in history, has new technology created such
   vulnerabilities to national security at so low a cost to the attacker.
   Imagine a well trained team of saboteurs, operating over several
   years, infiltrating several high technology companies like Microsoft
   or Novell, a few major automobile manufacturers, or a couple of
   airlines. Viruses or trojan horses are timed to detonate on a certain
   day, rendering computer systems inoperable. A small team of hackers
   infiltrates large computer, telecommunications and power centers
   preparing them for denial of service attacks. Another team constructs
   several large EMP/T bombs and HERF Guns to be directed at targets like
   the Federal Reserve and Wall Street. Doomsday arrives and the
   countries electronic blood stops flowing. No transfer of electronic
   funds, no stock exchange, no communications and power in a majority of
   locations, no traffic control, no air travel. At this point, what is
   the situation? Our physical integrity has been maintained, the loss of
   life has been minimal, and we have no one to blame. Has our national
   security been breached? Information warfare and intelligence expert
   Robert Steele argues that the United States can not recover from a
   similar, even if much smaller, attack:
   We can not afford the luxury of waiting for an electronic Pearl Harbor
   to mobilize public opinion, for two reasons: first, because the
   catastrophic outcome of a major electronic disaster, one which
   degrades or destroys major financial centers - eliminating trillions
   of digital dollars- or other key elements of our national fabric, is
   not supportable by our existing economies. We cannot afford the cost
   of the time to reconstitute our civil sector. The second reason is
   more frightening: it is highly unlikely that we will be able to prove
   with any certainty which nation, organization or individual was
   responsible for the attack.(68)
   Consider the following report by Robert Ayers, Chief of the Center for
   Information Systems Security. Mr. Ayers group recently used readily
   available hacker tools freely available on the Internet to test the
   vulnerability of U.S. systems. He found that:
   88% of the time they are effective in penetrating the system,
   96% of all system penetrations are undetected, and
   95% of the instances where penetration is detected, nothing is
   According to a report in OSS Notices, Mr. Ayers "estimates that only 1
   in 1000 successful system penetrations is ever reported and that in
   any given year government systems are illegally accessed, though not
   necessarily maliciously so, at least 300,000 times."(70)
   On the virus front one U.S. government organization found 500 software
   and hardware viruses in a single year, all of which were intercepted
   and scanned at its loading dock in the original shrink-wrapped
   packaging.(71) These problems will only continue as information
   networks continue to grow at exponential rates and as viruses are
   created faster than we can detect them.
   Ivan Bloch has stated that the "future of war [would be] not fighting,
   but famine, not the slaying of men but the bankruptcy of nations and
   the break-up of the whole social organization."(72) The transition
   into the Information Age makes such a vision all the more plausible.
   Where national security is concerned, information networks have
   created a tunnel to the center of our vulnerability, usable by any
   nation or collective of individuals at their discretion.
                                 Chapter 3
                The Political Context of Information Warfare
   Ultimately, information warfare must be seen in a political context.
   How should nations deal with the threat posed by information warfare,
   both internally and internationally? What are the political and
   strategic attractions of waging information warfare? What are the
   deterrents? Should nations be concerned with capabilities or
   intentions? How does information warfare compare with traditional
   concepts of national security and the development of other new
   technologies? The purpose of this chapter is to answer these
   questions, demonstrating how the concept of information warfare fits
   within the framework of traditional national security studies, but, in
   order to find solutions, we must move beyond them.
   What is National Security
   Much work has been dedicated to the study of what comprises national
   security. At its simplest level, a nation's security has been defined
   as "no more than the total of the individual's perceived sense of
   security."(73) More encompassing definitions suggest that national
   security entails the "range of physical threats that might arise for
   the nation and the force structures, doctrines and military policies
   mobilized to meet those threats... also those internal and external
   factors - such as economic or technological change - that might arise
   and whose direct or indirect effect would be to diminish or to enhance
   the nation's capacity to meet physical threats."(74)
   Using this definition alone, information warfare can be categorized as
   a national security threat. Given the vulnerability of military
   information networks and the military's reliance on commercial
   communications paths for ninety-five percent of its
   communications,(75) information warfare can hamper the military's
   ability to respond to conventional threats. The military's reliance on
   computer technology for digital mapping and intelligence also creates
   a vulnerability to our conventional military forces. It took two
   months to meet the digital mapping requirements to use Tomahawks in
   Gulf War.(76) Had the threat been immediate, the United States would
   not have been able to utilize its smart weapons capabilities and
   collateral damage would have been higher. Also, EMP/T bombs can be
   used to destroy radar installations with little to no human deaths, as
   they were in the Gulf War,(77) thus decreasing a nation's ability to
   respond to missile and aircraft threats.
   To fully realize the potential threat of information warfare, the
   definition of national security must be broadened. The economic
   arguments of scholars like Luttwak, Thurow and Prestowitz(78) must be
   included in our definition of national security. Is United States
   national security threatened if our ability to maintain a prosperous
   economic system declines? If so, how might other nations gain
   competitive advantages against U.S. industries and financial markets
   using information warfare techniques? How might electronic
   eavesdropping through Van Eck emissions capture and communications
   interception be used to threaten national security by threatening
   American prosperity? The recent expulsion of five alleged American
   spies from France demonstrates that other nations consider industrial
   espionage a serious threat.(79) Unfortunately, this area is too large
   to deal with in the confines of this paper, but this prosperity aspect
   must be drawn into an expanded definition of national security to
   realize the threat posed by information warfare.
   Information warfare endangers not only our ability to respond to
   physical threats, but our economic prosperity, as well. Traditionally,
   our ability to remain prosperous has been directly linked to physical
   threats. In the Information Age this is no longer true. Economic
   prosperity, indeed the very lifeblood of our economic identity, can be
   destroyed without any physical damage being inflicted. Once the threat
   is recognized, one must ask: In this post-Cold War world, why would
   states want to wage information warfare against each other?
   Political Attractions of Information Warfare
   Politically and strategically there are many attractions to
   state-sponsored information warfare. It is low cost, timely, not
   location specific, provides no early warning, is not taboo, inflicts
   low human life costs, and can be waged in complete anonymity. Each of
   these must be examined at length before a clear understanding of how
   information warfare is strategically and politically advantageous can
   be achieved.
   Low Cost
   Information warfare is relatively cheap to wage. You get a high return
   on your investment with information warfare techniques. Both Steele's
   and Schwartau's estimates of what it would cost to reduce the United
   States to information rubble ($1 million and $100 million
   respectively) are incredibly cheap when compared to the cost of
   conventionally military weapons. This makes offensive information
   warfare attractive to Third World states and offers them the same
   basic capability to inflict damage on information infrastructures as
   Second and First World nations.
   Timely and Not Location Specific
   Information warfare is timely and it is not location specific.
   Information warfare can be waged at the drop of pin, to steal an
   analogy from the telecommunications industry. There is no early
   warning system for information warfare. You don't know it is coming,
   so you must always anticipate it. This creates a high level of
   paranoia. No radar can pick up a long distance phone call from
   overseas, yet that one phone call may cause more monetary damage that
   a dozen planes carrying conventional bombs. The World Trade Center is
   a perfect example. The damage to the flow of information, estimated at
   over $1 billion(80), proved to be more costly than the structural
   damage inflicted on the building. Viruses can be imported into the
   United States through information networks, telephone lines, or on
   simple floppy disks which do not attract the attention of U.S. Customs
   Although a well-planned information warfare attack might take several
   years to orchestrate, it can occur instantaneously. To uncover plans
   for such an attack would involve a great deal of investigation and
   intelligence or a stroke of luck. Most of the actors would be
   invisible, both to the victim and to each other. Most of the
   preparatory work for lower levels of information warfare can be done
   outside the traditional territorial boundaries of the victim nation.
   Other forms of information warfare, (HERF Guns, EMP/T Bombs) require
   the breaching of international boundaries, thereby allowing greater
   capabilities to those nations that have easier access to U.S. visas or
   are subject to less stringent immigration regulations. However, as the
   World Trade Center bombing proves, our nation's boundaries are capable
   of being breached by any foreign nationals or terrorists with
   malicious intent.
   Information warfare can be waged anonymously. Anonymity is the nature
   of new technologies, especially telecommunications. An anonymous
   attack creates two problems. Not only has a state's national security
   been breached, but there is no one to hold accountable for the attack.
   This makes information warfare very attractive tool to covert
   operators. However, given the nature and intent of terrorism, it is
   highly unlikely that terrorists will remain anonymous while engaging
   in information warfare, since it is in their best interest to claim
   the damage they have inflicted.
   Political dilemmas arise in the victim state when citizens demand
   retribution. The government has no target. The result will be
   political instability as citizens focus blame on the government for
   allowing this to happen. It might even be possible to collapse a
   particular political system with prolonged, systematic anonymous
   We need computers in our lives, but we do not trust them. Winn
   Schwartau calls these conflicting feelings "binary schizophrenia."(81)
   When used anonymously, information warfare plays on feelings of binary
   schizophrenia causing insecurity and chaos. In this regard, anonymous
   information warfare is comparable to the German blitzkrieg of World
   War II. It makes an impact on the citizenry as well the government.
   Targets can be strategically selected to generate the maximum amount
   of chaos and insecurity possible.
   Minimal Loss of Human Life
   Information warfare can also be waged to minimize the amount of human
   life lost within the target nation. This makes information warfare
   techniques politically attractive since there are no global taboos
   associated with waging war against machines. Jeff Legro gives three
   reasons why states might restrain from using certain weapons or means
   of warfare. He argues that "countries may pursue restraint because
   popular opinion vilifies certain weapons; because leaders calculate
   that escalation would damage their domestic and international
   political support; or because states fear retaliatory attacks."(82)
   How does information warfare fit within this framework? Because
   information warfare causes low levels of human casualties and
   structural damage, there is little reason to believe that popular
   opinion will vilify it. In fact, populations will not even know
   information warfare is being waged against them until it is too late.
   Even at that point, very few people will understand the methods used.
   Therefore it is highly unlikely that information warfare will be
   considered an inhuman way to pursue diplomacy by other means.
   Also, there is little reason to believe that using information warfare
   will be politically damaging to the aggressor country. Information
   warfare's anonymity assures that the aggressor will be identified only
   if they wish to be. When information warfare is waged by one nation
   against another without anonymity, the political outcomes would
   resemble those of traditional warfare. Strategic alliances could be
   formed and some states could chose to remain neutral, though it is
   highly unlikely that neutral states will be able to avoid the global
   economic aftershocks of high intensity global information warfare.
   If waged without anonymity, it is very likely that a victim nation
   would respond to information warfare with retaliatory strikes. In this
   regard, fear of retaliation or escalation will act as a deterrent to
   using information warfare. However, the first strike advantage of
   information warfare might neutralize any fears regarding retaliation
   using counter information warfare, leaving victim nations with the
   difficult decision of responding with conventional military force.
   In Legro's essay he uses three examples to demonstrate that military
   culture is a strong factor determining when alternative or taboo forms
   of warfare will be used. Since information warfare is a relatively new
   concept, it is doubtful that it has been fully adopted by the military
   culture. However, recent trends indicate that information warfare is
   an area that is getting a great deal of attention and increased
   funding in an age of reduced military budgets. This shows that the
   military culture perceives information warfare as a reasonable and
   perhaps preferable form of warfare. At least three branches of the
   United States Armed Services have publicly admitted to concentrating
   on information warfare concerns.(83) Aerospace Daily reports that
   "Major advances in information technologies are spurring the U.S. Air
   Force to mainstream information warfare into its operations by
   incorporating information warfare into its doctrine."(84) With Legro's
   thesis in mind, perhaps the military culture will accelerate the use
   of information warfare as a method of conflict resolution. The use of
   information warfare techniques by the Allied forces in the Gulf War
   indicate that the military culture has already accepted information
   warfare as a supplement to conventional military tactics.
   First Strike Advantage
   In information warfare there is a huge first strike advantage, but
   only if the goal is unlimited destruction and anonymity is utilized to
   prevent a conventional response. There is a high correlation between
   the extent to which a nation damages its enemy's information
   capabilities and their ability to respond using purely information
   warfare techniques. A nation can execute this first strike anonymously
   if it so desires, thus delaying retaliation indefinitely.
   The first strike advantage of information warfare complicates matters
   further by creating a security dilemma in which those countries
   exercising the greatest amount of restraint will likely incur the most
   damage. In information warfare, a first strike decreases the
   likelihood and may even prevent an adversary from responding. The
   strategic advantages of waging a first strike means that nations will
   always keep a finger on the trigger. In an anarchic international
   system, hostilities or conflict might escalate quickly into
   information warfare in an effort to generate a strategic advantage
   over one's adversary. If conventional conflict is inevitable, then
   whoever destroys their adversary's information systems first, gains a
   strategic advantage in battle.
   Offensive Nature of Information Warfare
   Information technology and computer systems, are vulnerable by nature.
   Therefore, taking defensive measures against the information warfare
   threat will always be difficult and costly. Improving the defense of
   information systems also contributes to the security dilemma since
   decreasing one's susceptibility to information warfare increases the
   attraction of using information warfare offensively. There are,
   however, as will be examined in the next section, several deterrents
   to waging state-sponsored information warfare among technologically
   advanced nations that will entice states to pursue defensive postures.
   In order to neutralize the security dilemma presented by defensive
   postures, states may share defensive technologies to ensure that a
   defensive equilibrium is maintained. This serves a dual purpose: a
   relative balance of power is maintained among states; and the
   offensive threat of rogue states or terrorist entities is reduced.
   Though states will want to maintain offensive "just-in-case"
   capabilities, security is best maintained, due to the nature of the
   threat, by developing defensive capabilities.
   Deterrents to Waging Information Warfare
   Among technologically advanced nations, there are several deterrents
   to waging information warfare. Factors such as economic
   interdependence, fear of escalation, and lack of technical expertise
   detract from the advantages of state sponsored information warfare
   Economic Interdependence
   Perhaps the most useful definition of economic interdependence in any
   discussion of information warfare, is the one put forth by Richard
   Cooper. He uses the term to "refer to the sensitivity of economic
   transactions between two or more nations to economic developments
   within those nations."(85) Focusing on economic sensitivity allows us
   to disregard conventional measures such as trade surpluses and
   deficits and look at the interlinked effects of economic stability
   between interdependent nations.
   Our focal point, from the information warfare perspective, must be
   upon the extent to which interdependent nations will feel the economic
   aftershocks of economic instability. Should the U.S. fall victim to
   information warfare directed at our financial institutions, what
   effect would it have on the economic stability of the European
   Community or Japan and the Pacific Rim nations? If interdependence is
   to act as a deterrent to information warfare, then levels of
   interdependence must be high enough as to ensure that the costs of
   waging information warfare outweighs the benefits. According to
   Rosecrance and Stein, the interdependence of the financial system is
   now formal because we have vested interests in not letting the
   reserves of foreign currencies drop below a certain threshold which
   would harm our own economy.(86)
   With the realization that information warfare has devastating economic
   effects, interdependence will act as a disincentive to state-sponsored
   information warfare. Economic interdependence introduces new complex
   variables into offensive information warfare strategies. Joseph Nye
   notes that there is power to be derived from making oneself less
   interdependent with other nations.(87) This is especially true where
   information warfare is concerned. The effectiveness of offensive
   information warfare is increased as benefits exceed costs. One benefit
   of less interdependence with the target nation is that economic
   aftershocks will have less effects on the aggressor's economy.
   Decreasing economic interdependence might be seen as a precursor to
   waging information warfare, but is not a readily realizable goal for
   most technologically advanced nations. Reducing levels of economic
   interdependence is costly for two reasons: the benefits of
   interdependence can no longer be extracted and distributed among the
   citizenry, perhaps decreasing a nation's prosperity; and domestic
   political constraints can disrupt the nation's internal balance of
   power. The domestic sectors of society that benefit from
   interdependence (multi-national corporations, financial institutions,
   and other investors) will likely logroll interests to prevent the
   breaking of interdependent links.(88)
   A decreasing level of economic interdependence also contributes to the
   intensity of security dilemmas and increases the likelihood of
   escalation. Decreasing economic interdependence might be interpreted
   as a threatening posture, especially if one nation is more susceptible
   to attack than the other, as is the case with the United States and
   most of its trade partners. Increasing economic interdependence,
   however, might be seen as increasing relative security, especially for
   the nations most susceptible to attack. This creates difficult policy
   decisions since traditional forms of negative foreign policy, like
   economic sanctions, become less effective and perhaps even
   threatening. If one nation is perceived as a threat, then the most
   effective way of deterring that nation from attacking is to make the
   costs of information warfare exceed the benefits. This can be done by
   threatening to use conventional military force or increasing levels of
   economic interdependence.
   It must also be noted, that interdependence does nothing to prevent
   states from waging information warfare against specific corporations
   of economic sectors to increase comparative advantage in those areas.
   Since such actions are being taken by allies of the United States such
   as Germany, France and Japan(89), interdependence becomes an
   ineffective deterrent. Fear of escalation will act as a more effective
   deterrent, or at least will place limits on the extent to which
   limited information warfare can be waged.
   Fear of Escalation
   It has already been demonstrated that the military culture will
   probably use information warfare methods as a strategic supplement to
   conventional methods in any military conflict and that the escalation
   of information warfare is likely. But does the reverse hold true? Will
   information warfare escalate to conventional military conflict? In
   order for the fear of escalation to act as a deterrent, information
   warfare must be allowed to escalate into military conflict. A country
   will not wage information warfare, especially against a country with
   strong military capabilities, if they fear that the situation might
   escalate into military conflict.
   Under these circumstances, information warfare becomes highly
   politicized and the domestic bases of power can be compromised. It is
   important that political leaders declare ahead of time, the value of
   information systems and assure the international community that
   conventional military tactics, even though they involve the loss of
   human life, will be used to counter information warfare attacks.
   Given the fact that information warfare causes minimal loss of human
   life, response will be difficult for nations without strong
   information warfare capabilities. The urge to respond using Industrial
   Age warfare techniques will be great, but justifying such responses
   will be difficult unless the value of these information systems is
   declared before they are attacked. A press release saying "any attack
   on the information infrastructure of this nation will be viewed as an
   act of war and any state sponsored information warfare may be
   responded to with military strikes," may seem a little drastic, but
   information warfare can not be taken lightly. This type of warfare
   erodes a nation's strength, destabilizes its economy, and threatens
   its autonomy. Such responses might be necessary and will certainly be
   advocated by many policy makers should the circumstances arise. In
   order for the fear of escalation to work as a deterrent to information
   warfare, this position must not only be advocated, but adhered.
   Lack of Technical Expertise
   Lack of technical expertise is perhaps the weakest deterrent to
   information warfare. It is not really a deterrent, but what Bruce
   Sterling has referred to as a "protective membrane" of computer
   literacy.(90) It is foolish to think that this protective membrane
   prevents any nation state from developing information warfare
   capabilities. If they don't have the experts in-house, they can import
   them from another country, whether it be a scientist from Russia or
   hackers from the United States. While interviewing a very prominent
   U.S. hacker, I discovered that his most lucrative employment offers
   came from nations developing strong offensive information warfare
   capabilities.(91) This export of U.S. security experts might be viewed
   as a security threat in itself.
   Information Warfare as Terrorism
   Given the offensive nature of information warfare and acknowledging
   that in most circumstances the deterrents of waging non-anonymous
   information warfare among technologically advanced nations outweighs
   the advantages, information warfare becomes a very attractive
   terrorist tool. When waged anonymously or by non-state entities, all
   of the advantages of information warfare are present but the
   deterrents are not. Economic interdependence means nothing to
   terrorist groups, therefore, the most powerful deterrent becomes
   neutralized. Fear of escalation also does little to deter information
   terrorism since most acts will be committed anonymously or by groups
   who do not fear military retaliation. Lack of technical expertise
   still acts as a deterrent to some extent. However, offensive
   information warfare weapons are easily built using open source
   material. Lack of resources does little to prevent information
   terrorism, but lack of patience may help minimize and isolate the
   damage to levels which do not threaten the autonomy of a nation. Quite
   possibly, the greatest deterrent to information warfare being used by
   terrorists, may be the United States' lack of policy regarding these
   areas. Terrorists may feel that an information warfare attack will not
   generate enough controversy and may conclude that bloody bombs are
   more effective than EMP/T ones for their purposes. This deterrent,
   however, will evaporate as the United States recognizes the importance
   of its information systems, and as terrorists realize how much
   economic damage they can inflict.
   Where terrorism is concerned, Legro's three constraints might have
   adverse influences, perhaps causing terrorists or rogue states to
   pursue information warfare rather than restrain from it. Within
   terrorist organizations or rogue states there is no popular opinion to
   vilify the use of certain weapons or means of warfare. Moreover, the
   popular opinion of those represented by terrorists may vindicate the
   use of weapons that maximize damage or inflict the greatest pain on
   the target. Leaders of these groups or states may use these weapons to
   gain domestic support, and may have little apprehension about loosing
   international political support since such support is usually
   negligible in the first place. In addition, terrorists or rogue states
   seek retaliation, rather than fear it, because retaliation focuses
   attention on their organization and their cause.
   For these reasons, terrorists are likely to utilize non-anonymous
   information warfare because the benefits far exceed the costs. As
   knowledge disseminates, the number and locality of the threats will
   increase as well. Mr. Schwartau often speaks of cyber-civil
   disobedience. This disobedience may take the form of information
   terrorism. After the California couple who ran the Amateur Action BBS
   in California were sentenced to jail in Memphis Tennessee for
   violating Tennessee pornography standards(92), messages circulated on
   the Internet requesting volunteers to help take down the Memphis phone
   and power grids to protest the use of local community standards for
   information transfers that take place on phone lines. Whoever posted
   these messages was soliciting help to conduct information terrorism.
   Anarchists have talked about creating information anarchy should the
   commercialization of the net continue. Again, this would be
   information terrorism in a very limited sense.
   This numerous and diverse array of potential threats, substantiates
   the proposition that information warfare is best averted by
   concentrating resources on defensive initiatives. Information
   terrorism can be decreased by making the costs exceed the benefits.
   This can only be done by reducing the potential for damage to our
   information infrastructure should the United States be attacked.
   The Realist/Liberal Approach to Information Warfare
   Ultimately, information warfare must be addressed in a political
   context. How does information warfare fit into traditional conceptions
   of national security? How will states approach the problem and what
   kind of political conflicts and tensions will develop along the way?
   This thesis argues that information warfare fits into traditional
   national security debates. Several correlations can be drawn between
   information warfare and other technologies that have influenced
   conceptions of national security in the past. By examining the
   influence of these technologies on war strategy and political
   relationships within the international system, one might better
   understand how information warfare will have similar influences.
   The Realist Approach to Information Warfare
   Realists perceive security as a relative concept. The realists are
   primarily interested in maintaining a relative balance of power or
   relative level of security. With nuclear weapons during the Cold War,
   it was easy to gauge relative security. If the Soviets had two bombs
   and we had four, and the Soviets increased their arsenal to four, then
   we increased ours to eight. A relative security balance was
   The problem with the realist perspective is that it is does not
   usually include economic prosperity as a component of national
   security. This makes it difficult to address the information warfare
   threat, because it is economic in nature. However, given the possible
   impact of information warfare might have on the United States' ability
   to use conventional weapons and its devastating effects on command and
   control systems necessary to thwart physical threats, most realists
   would recognize information warfare as posing a genuine national
   security threat.
   Once the threat is acknowledged, the realists would focus on ways to
   increase the United States relative security. Since the realists
   believe that the international political system exists in a state of
   anarchy, in which distrust is a natural component, there is very
   little use in cooperative agreements designed to deter information
   warfare. The realist approach to information warfare would consist of
   the following objectives:
   1) Increase security of information systems at home. This objective is
   easier stated than realized. There are, however, several ways in which
   the security of United States' information systems can be improved
   through enhanced security procedures, increased focus on education,
   and greater vendor accountability. These suggestions will be expanded
   upon in chapter four.
   2) Constant evaluation of possible adversaries information systems for
   weaknesses. The difficulty with the realist approach is that you need
   a way to measure the security of rival nation states in order to
   determine your own level of security. Since security is relative, the
   realists would create weaknesses where possible, either through
   backdoors in software or chipping(93) of hardware. Offensive
   information warfare capabilities should be enhanced and readily
   3) Formation of possible responses. Develop responses allowing for the
   use of both counter information warfare and conventional military
   warfare. The United States willingness to use conventional military
   forces in response to information warfare should be readily
   acknowledged and publicized to deter possible offensive actions
   against them.
   4) Develop methods for assessing information damage. We are not
   currently capable of assessing information damage inflicted or
   information damage incurred. In order to measure relative security you
   must have some way to create scenarios measuring both offensive and
   defensive capabilities.
   5) Decrease levels of interdependence. Since interdependence decreases
   relative security, interdependence should be reduced. Interdependence
   poses a security threat to realists in two ways. First, it reduces the
   effectiveness of offensive information warfare waged by the United
   States against other nations, since the economic aftershocks of such
   an offensive attack would damage the American economy as well. Second,
   interdependence leaves the United States susceptible to third party
   information warfare waged either against or between nations that are
   its trading partners. It possible for nations to damage the United
   States' economy by attacking its economic allies.
   6) Create autonomous networks. Make networks more autonomous in order
   to minimize the domino effect of accidental or intentional failure.
   This would be carried out first at the military level and then at the
   commercial level for those networks that help support C4I (command,
   control, communications, computers and intelligence). However, this
   may be another area, where the costs of unplugging systems from the
   global network exceed the benefits of security through autonomy. This
   will be discussed at greater length in Chapter Four.
   Problems with the Realist Approach
   Since the United States is arguably the most vulnerable to information
   warfare, increasing relative security becomes incredibly difficult.
   Apart from an all-out conventional war, offensive information warfare
   is not an alluring way for the United States' to pursue its interests.
   The costs of reducing interdependence alone greatly exceed any
   benefits that could be extracted. These high costs, such as loss of
   economic prosperity and domestic political support, make decreasing
   economic interdependence in today's highly linked global economy a
   non-achievable goal.
   Also, under the realist approach, state-sponsored industrial espionage
   becomes a necessity if weaknesses are to be implanted in the
   information systems of other nations. Given the United States
   reservations in using state intelligence agencies for this purpose,
   the realists would be hard pressed to create the necessary weakness
   required by their doctrine. The United States lacks the linkage
   between governmental and private sector goals that are an inherent
   component of other nations, like Japan and France, that would enable
   it to conduct the level of espionage required to reduce relative
   balances of security among possible adversaries. The United States
   also faces the possibility of losing global political prestige should
   such operations be discovered.
   Realism's greatest contribution to the debate is its suggestion that
   internal security be increased. Given offensive capabilities should
   hostilities occur, as long as the United States increases its level of
   internal security at a rate that is equal to, or greater than its
   neighbors, it will be able to maintain a relative balance of power. By
   decreasing vulnerabilities the United States is decreasing the threat,
   regardless of where it originates.
   The Liberal Approach to Information Warfare
   The liberal perspective is better equipped to recognize the threat to
   national security imposed by information warfare based on information
   warfare's potential to decrease the United States ability to remain
   prosperous. For the liberals, the international political system is
   not as anarchic as it is for the realists and it is possible to
   achieve order through cooperative policy. The liberal approach to
   reducing the threat of information warfare is based more on
   cooperative measures than offensive or defensive abilities. The
   liberal would pursue the following initiatives:
   1) Increase levels of interdependence. Recognizing interdependence as
   the greatest deterrent to offensive information warfare the liberals
   would seek to increase U.S. interdependence with other nations. Not
   only does this promote prosperity, but it reduces the attraction of
   using offensive information warfare against the United States.
   2) Create global institutions and international agreements. Though
   some liberals argue that international agreements and institutions
   should not be necessary if states act in their best interest, the
   reality is that we rely on regimes for many aspects of cooperative
   international relations.(94) Global institutions and agreements ensure
   a somewhat stable environment in which states can pursue their self
   interests and exchange information with reduced transaction costs.
   Regardless, treaties designed to prevent the waging of information
   warfare might be difficult to establish as traditional U.S. allies
   openly admit to waging Class II(95) information warfare. However,
   precautions to prevent Class III(96) information warfare might be
   negotiated and would prove beneficial, especially to the United
   States, since we are the nation most susceptible to attack.
   Technologically advanced nations are likely to join in these
   cooperative measures in order to avert the worst case scenario. In the
   worst case scenario, offensive information warfare is waged and the
   international economy collapses, possibly, but not necessarily,
   leading to conventional military conflict. In this case, regimes are
   created out of a common aversion to a particular outcome. The benefits
   of cheating are outweighed by the possible costs of the worst case
   scenario; therefore the regime will survive.
   Problems with the Liberal Approach.
   Increasing levels of interdependence, or facilitating one-way
   dependence, with nations that pose information warfare threats seems
   akin to succumbing to bribery. Could developing nations use the threat
   of offensive information warfare as a method of integrating their
   economies with the global economy? In a true free-market global
   economy, increasing interdependence is inevitable. However, the
   instability within many developing nations, might motivate developed
   nations to keep the number of unstable links to their economy to a
   minimum. Increasing interdependence as a deterrent to information
   warfare only works if the developed nations are willing to extend
   feelers to the entire developing world.
   Increasing interdependence only decreases the threat from other nation
   states. It does nothing to decrease the threat from terrorists
   organizations. Since terrorists have already been cited as those most
   likely to engage in information warfare, increasing interdependence
   might be viewed as very ineffective policy as far as information
   security is concerned.
   The problem with creating international regimes is that cheating is
   difficult to define. What qualifies as an offensive information
   warfare tactic? Is state sponsored industrial espionage a violation or
   exception to the guidelines of the regime? Since information warfare
   is defined differently by different states, these are all difficult
   questions that would need to be mediated. In addition to this, the
   liberal approach does very little to prepare the United States for the
   possibility of other nations cheating. The security problem is still
   greatest for the United States, since it is the most vulnerable to
   attack and the costs of the worst case scenario are highest for it.
   Stein uses the acceptance of a global language among air traffic
   controllers and pilots as an example of common aversion.(97) By
   Stein's example, a worst case scenario would be two planes crashing
   into each other, causing equal losses for both sides. To apply the
   same example for information warfare, the worst case scenario would be
   that the two planes crash, but the United States' plane is carrying
   400 people, while the other plane is only carrying 50. Both states
   have suffered losses by not avoiding the worst case scenario, but the
   cost for the United States is greater.
   The Realist/Liberal Conflict
   The greatest conflict between the realists and the liberals centers
   around the formation of international regimes. Stein writes that
   "realists hold that since sovereign nations act autonomously in their
   own self interest, international institutions are inherently
   irrelevant to world politics."(98) The liberals, on the other hand,
   accept regimes as methods to cooperatively avoid a worst case
   scenario. Is there any middle ground to be found?
   The answer is yes, if the formation of regimes are perceived more as
   acts of self interest than cooperative agreements. By forming regimes,
   in this case, the United States is pursuing its own self interest.
   Since the United States has the most to lose in the worst case
   scenario, it also has the most to gain from the aversion of the worst
   case scenario. The regime might be viewed as the United States forcing
   its self interest on the rest of the international community. Robert
   Keohane argues that "rational self-interested actors, in a situation
   of interdependence, will value international regimes as a way of
   increasing their ability to make mutually beneficial agreements with
   one another."(99)
   One can argue strongly that regimes designed to prevent state
   sponsored information warfare, from the United States' perspective,
   are actions of self-interest in an anarchic international system and
   therefore are acceptable under the auspices of both realism and
   Regimes also pose the problem of what cryptographer Eric Hughes calls
   "regulatory arbitrage."(100) There will always some states that will
   not participate in the regimes and this will offer a favorable legal
   climate for individual information warfare efforts. If, as part of the
   regime, states agree to outlaw systems intrusion originating in one
   country but directed at another, what do you do with the states that
   do not participate in the agreement? A perfect example of this is the
   Netherlands delay in establishing anti-hacking laws. A lot of attacks
   on United States Department of Defense systems originated in the
   Netherlands because hacking was legal under Dutch law. The Netherlands
   provided a safe legal environment for those individuals wishing to
   hack. This left the United States' options limited to increasing
   internal security without being able to eliminate the source of the
   threat. Is intervention justified at this point?
   In order for regimes to work, they must include standardized laws
   regarding systems intrusion that transcend all national boundaries.
   This problem may be exacerbated in June of 1995 when a team of U.S.
   hackers invades the computers of France.(101) After extensively
   verifying that they have no legal liability if they violate the
   hacking laws of France from within the United States, this group has
   decided to test the waters. Hacker Erik Bloodaxe explains that
   "International law is so muddled that the chances of getting
   extradited by a country like France for breaking into systems in Paris
   from Albuquerque is slim at best. Even more slim when factoring in
   that the information gained was given to the CIA and American
   corporations."(102) This case will provide an excellent test for how
   states can resolve international telecommunications violations and
   work towards cooperative agreements to prevent such behavior. It may,
   in fact, be the catalyst for the first formation of international
   regimes dedicated to preventing low levels of information warfare. It
   may also provide the United States with a useful bargaining chip to
   help deter government sponsored industrial espionage in countries like
   France and Germany.
   Where interdependence is concerned, neither the realist or liberal
   approach offer a viable proposal to decrease the threat of information
   warfare. Decreasing interdependence is not an attainable goal in
   today's highly interlinked global economy, because interdependence
   yields innumerable benefits. Increasing levels of interdependence in
   order to deter information warfare threats is ineffective policy,
   because it is too focused on specific states and does not encompass
   the broad range of threats that exist.
   Since, the realist suggestion to create information weaknesses in the
   systems of possible adversaries would be a violation of any global
   agreements that are likely to be developed, this objective would have
   to be abandoned or pursued covertly in violation of the regime.
   Increasing internal security through various methods would not
   threaten the regime, since it is organized to prevent offensive
   information warfare. The security of systems is likely to increase as
   technological advances in the area of cryptography are utilized by
   individuals and organizations. However, in order to prevent a security
   dilemma, the United States would have to terminate export restrictions
   on encryption technology.(103)
   The remaining realist suggestions dealing with autonomous networks,
   strategic planning and developing measures for damage assessment are
   possible under liberal regimes as well. Each of these initiatives fall
   into defensive categories, however, the creation of autonomous
   networks is disadvantageous to technologically advanced nations. Since
   distributed information networks contribute to the economic prosperity
   of Third Wave nations, any movement towards autonomy may have negative
   Realism and liberalism offer balanced approaches to dealing with the
   national security implications presented by information warfare. Taken
   alone, neither of them offers a satisfactory blueprint for dealing
   with the threat. Combined, they might offer an adequate strategy for
   realizing national security in the Information Age. This will be
   discussed at length in the policy prescriptions offered in Chapter
   The Strategic and Security Impacts of Technology: A Historical
   It is useful to examine how past technological developments have
   changed military strategy and conceptions of security in the past. By
   studying the effects of other technologies, we might increase our
   capacity to understand the impact information warfare will have on
   strategy and security concerns in the future. Although a nuclear
   analogy is inevitable due to the offensive nature of information
   warfare, there are several other comparisons which demonstrate how
   information warfare can change the distribution of power on the
   Decentralizing the Military: The Conoidal Bullet
   Manuel De Landa argues that changes in information technology will
   cause a shift towards decentralization in the military very similar to
   the changes introduced by the conoidal bullet in the nineteenth
   century battlefield.
   Just as the critical point in speed can mark the beginning of
   turbulence, so a critically new technology may set the art of war into
   flux for decades. Today's computerized networks, for instance, are
   imposing on the military the need to decentralize control schemes,
   just as the conoidal bullet forced it in the nineteenth century to
   decentralize its tactical schemes. When breech-loading rifles and
   their spinning bullets made their appearance on the battlefield, they
   allowed infantry to outrange artillery, disrupting the balance of
   power that was several centuries old, and forced commanders to develop
   new tactical doctrines. Before the advent of the conoidal bullet,
   infantry were allowed no initiative on the battlefield, individual
   marksmanship was discouraged in favor of synchronized volleys of
   collective fire. With the rifle, individual initiative returned to the
   battlefield and with these, and increased role for snipers and
   skirmishers in the new tactics. Similarly, modern command networks,
   after using a central computer to regulate the traffic of messages,
   have been forced to grant "local responsibility" to the messages: in
   the ARPANET, the messages find their own destination.(104)
   In the Information Age, not only is the autonomy of soldiers increased
   as command is decentralized, but the weapons have become self-capable
   as well. Using vast information systems, we have created weapons that
   seek out their own destination. Where the infantry men of nineteenth
   century were capable of outdistancing artillery with the advent of the
   conoidal bullet, smart weapons allow the United States' military to
   outdistance entire countries. The soldier trained to program
   coordinates and digital mapping software into Tomahawk missiles now
   becomes as effective as a jetfighter pilot, without placing American
   lives at risk. This is, no doubt, a comforting notion for those policy
   makers initiating hostilities.
   However, properly administered information warfare can decrease or
   nullify the effectiveness of smart weapons technology. Digital mapping
   data can be altered to cause random errors or synchronization
   satellites can be jammed to reduce accuracy. Therefore, minimal
   investment in open source technology utilized with information warfare
   tactics can render the United States' technologically advanced weapons
   systems practically useless. Information technology changes the
   hierarchical characteristics of military strategy by enabling more
   autonomy on the battlefield and by further distancing the role of man.
   Attacks upon information systems upset that balance, by rendering new
   technologies ineffective and forcing technologically advanced nations
   to revert to Industrial Age combat.
   The duality of information warfare presents itself again. Not only is
   it a new method for waging warfare, but it also effects the way
   conventional warfare is waged among technologically advanced nations.
   The threat posed by information warfare is multiplied when military
   leaders focus more upon strategic threats than tactical ones. General
   James Clapper, Director of the Defense Intelligence Agency, concedes:
   "I think in this context there potentially is great danger here, not
   so much in the context of on the battlefield as much as the thing that
   concerns me is the potential danger, the potential vulnerabilities to
   our commercial systems, our banking. The very dependence that this
   nation has on computers - I think there is clearly a vulnerability in
   a strategic sense, not so much perhaps in a battlefield combat
   situation."(105) In General Clapper's statement, we can see how
   concerned the military is with the impact information warfare could
   have on the United States' internal infrastructure.
   Information Warfare: The Bushnell Turtle of the Information Age
   Regarded as the first working submarine, David Bushnell's "Turtle", a
   propeller-driven submersible vessel with a single operator, introduced
   a new dimension to naval warfare. Utilized during the American
   Revolution, the Turtle carried torpedoes loaded with 150 pounds of gun
   powder that were covertly attached underneath British ships and
   detonated with timed switches.(106) The British ships were vulnerable
   because they operated in an environment where threats were based on
   optical observations of the horizon. If there was a ship visible in
   the horizon then there was a perception of threat, especially if that
   ship adorned an enemy flag. Threats from below the ocean's surface
   were both inconceivable and unexpected.
   In terms of resources required, it was much cheaper to build and man
   the Turtle than it was to build and man British fighting ships.
   Similar to information warfare, the Turtle yielded high benefits at
   relatively little cost, thereby increasing its attraction despite its
   unconventional appearance and design. The analogy can be taken one
   step further.
   Think of the United States as a British ship and the Turtle as any
   nation state or organized terrorist group practicing information
   warfare. The ocean is the United States information infrastructure
   upon which we maintain our buoyancy. The Turtle, itself, derives its
   usefulness from the mobility allowed by the existence of the ocean.
   However, the Turtle is able to maneuver alongside the ship with
   complete undetected anonymity and place a torpedo along our hull. The
   torpedo detonates and the ship faces a crisis. Can the ship survive?
   Perhaps, but only because its skilled crew has always demonstrated an
   enhanced capacity for remedying problems. The damage will be costly
   and will affect the operations of the ship, but with a little
   ingenuity, the crisis can be overcome. Now, what if the Turtle had not
   placed one torpedo but several, programmed to detonate at precisely
   the same time? Such a challenge the ship's crew can not overcome.
   To the captain of the ship, the very existence of the Turtle is a
   threat. He has several ways to increase the security of his ship.
   Hulls can be reinforced to reduce the impact of torpedoes, crews can
   be educated to recognize shadows in the oceans surface indicating the
   presence of the Turtle, and the ship can build Turtles of their own to
   patrol its perimeter and neutralize threatening Turtles as they
   Although this analogy has been oversimplified, its moral is still
   poignant. Vulnerabilities in the information infrastructure and
   capabilities to exploit them do exist, creating a dire security
   threat. The fact that these capabilities have not been exploited yet
   does not reduce their potential. Napoleon dismissed the advanced
   submarine designs presented to him by Robert Fulton fifty years after
   Bushnell's Turtle first saw action.(107) Fulton later approached the
   British who utilized his inventions with little success then dismissed
   his predictions regarding the future impact of torpedo warfare.(108)
   Today, reality has exceeded even Fulton's expectations. Submarines and
   torpedo warfare are considered vital instruments for protecting
   national security, especially for waterbound nations like Britain.
   Likewise, information warfare will have profound national security
   implications for nations that rely heavily on information technology.
                                 Chapter 4
            National Security Solutions for the Information Age
   Eventually, these issues must be dealt with on a political level. A
   threat to the nations security can not be dealt with until it has been
   acknowledged by those in power. Dr. J.F. Holden-Rhodes, in his
   remarkable book describing the use of open source intelligence for the
   war on drugs, describes how President Reagan signed a National
   Security Decision Directive that "equated the impact of drug
   trafficking as a threat to the national security of the United States
   and directed all federal agencies with a role in drug enforcement,
   including the DOD, to pursue counter-narcotics efforts more
   actively."(109) Although information technology security warrants a
   place on the national agenda, it has yet to be incorporated into
   United States grand strategy.
   In order to better formulate policy prescriptions dealing with the
   information warfare threat, it is useful to examine past government
   actions in this area and evaluate their effectiveness.
   The Computer Security Act of 1987
   The United States Congress passed a law titled the Computer Security
   Act of 1987 which required federal agencies to identify systems that
   contain sensitive information and to develop plans to safeguard them.
   Agencies were required to (1) identify all developmental and
   operational systems with sensitive information, (2) develop and submit
   to NIST and NSA for advice and comment a security and privacy plan for
   each system identified, and (3) establish computer security training
   Finally, the United States was taking seriously the threat to national
   security posed by computer vulnerabilities. The Computer Security Act
   was a step in the right direction, but holes in the infrastructure
   still exist. In 1990, the General Accounting Office examined the
   response and implementation of the act. The GAO reports, that as of
   January 1990, only 38 percent of the 145 planned controls had been
   implemented.(110) The GAO report makes the following conclusion:
   The government faces new levels of risk in information security
   because of increased use of networks and computer literacy and a
   greater dependence on information technology overall. As a result,
   effective computer security programs are more critical than ever in
   safeguarding the systems that provide essential government
   With only a 38 percent compliance more needs to be done if the United
   States is to fully protect its valuable informational assets. But,
   instead of concentrating on making the systems more secure, the
   government chose to focus on the intruders of these systems. Time,
   energy and money that should have been spent discovering and fixing
   security bugs was used to design and implement an attack on the
   hackers themselves instead. This was an attack that focused only on
   domestic hackers and did little to thwart the threat to United States
   national security. The result: Operation Sundevil.
   Operation Sundevil
   Law enforcement agencies had already begun to focus their attack on
   the digital underground when Operation Sundevil was initiated, but it
   was by far the largest clamp down on computer crime in the United
   States. The focus of Operation Sundevil was the hackers' system of
   information distribution which consisted of hundreds of underground
   computer systems that housed information on how to break into computer
   systems, files stolen from major U.S. corporations, and files that
   contained credit card access numbers used to commit credit fraud.
   Around forty-two computers were seized along with 23,000 floppy disks
   of information during the May 7, 8, and 9, 1990 raids.(112)
   Across the United States teenagers and their parents were awakened by
   the Secret Service, followed by a search of their house and the
   confiscation of anything that looked remotely electronic.
   Misinformation led to mistakes. Perhaps the most publicized of these
   was the raid on Steve Jackson Games. Jackson owned a small company
   that ran a bulletin board system allowing game players to call in and
   ask questions, arrange meetings, etc. Jackson unknowingly employed a
   computer hacker. The Secret Service tied the two together and as a
   result Steve Jackson Games was raided and its computer equipment was
   seized, only to be returned several years later. This greatly effected
   Jackson's business and he nearly went bankrupt. Jackson recently won a
   law suit against the Secret Service in the amount of $52,000 plus
   legal fees.(113)
   The United States has a vested interest in preventing computer crime
   and fraud, and Operation Sundevil was surely a huge attack on such
   crimes, but it was greatly misdirected. While teenage hackers were
   arrested and tried, U.S. military systems and business systems
   remained open to attack. Hackers will always exist. The only true way
   to stop them is to plug the holes they use to gain access to systems.
   The solution lies not in ignoring domestic computer crime, but in
   giving a higher priority to increasing computer security.
   Today, five years after Operation Sundevil, most large federal and
   state law enforcement agencies have units dedicated to thwarting
   computer crime. While, most focus on credit card and phone fraud, the
   domestic hacker is still viewed as the primary threat. As noted
   earlier, the Computer Security Act has also been relatively
   ineffective. Security holes still exist and the government has yet to
   design an integrated approach for maintaining security standards on
   its computers.
   Information Warfare: A Threat Assessment Portfolio
   Winn Schwartau, in his breakthrough book on the subject, identified
   three levels of information warfare: Class I, Class II, and Class
   III.(114) These three classes are similar to the three levels of
   information I developed in 1993(115), as described in Chapter Two. In
   order to develop a threat assessment portfolio for information
   warfare, one must focus on the levels of information warfare that are
   currently being waged today.
   As exemplified in Chapter Two, both Class I and Class II information
   warfare are being waged actively today against individuals and
   corporations. Perhaps the best example of Class I information warfare
   in recent months was the attack on Michelle Slatalla and Joshua
   Quittner after they released their book describing the "hacker wars"
   of 1990. A group of technically adept individuals calling themselves
   the Internet Liberation Front jammed Quittner and Slatalla's Internet
   e-mail accounts rendering them useless, and forwarded incoming phone
   calls to an out-of-state number "where friends and relatives heard a
   recorded greeting laced with obscenities."(116) This is just one
   isolated incident of what has been a recurring problem on the Internet
   Class II information warfare is also currently being waged at the
   corporate level. Intellectual property has been stolen and shipped to
   foreign nations.(117) Arguably, even the collapse of one of Britain's
   oldest financial institutions, the Barings Bank was the result of
   Class II information warfare.(118) Without the reliance on information
   technology, the financial damage inflicted on Barrings by risky
   investments would never have been possible to achieve by one man.
   On the Class III level, we have seen where military systems are
   targeted up to 300,000 times per year and how those targeted systems
   are penetrated 88 percent of the time. Only one infiltration of
   military and government systems was traced back to indicate
   sponsorship by another nation state. This does not mean, however, that
   such infiltration's are not taking place with state backing now. It
   only shows that we have not caught them. We know that nations like
   France, Germany and Israel have information warfare operations in
   place, but they have not used them to wage Class III information
   warfare, yet. We have also seen where nations have used offensive
   information warfare as a supplement to conventional military tactics,
   and how most advanced weapons systems are heavily reliant on
   information technology.
   In the past six months, information warfare concerns have started to
   work their way into public discourse. Aerospace Daily recounts a
   recent report by the Defense Science Task Force on Information
   Architecture for the Battlefield:
   Of utmost concern to the task force is the fact that U.S. information
   systems are "highly vulnerable" to information warfare. The task force
   was "briefed on activities and capabilities that caused concern over
   the integrity of the information systems that are a key enabler of
   military superiority..." Creating a strategy to be able to wage
   information warfare "may be the most important facet of military
   operations since the introduction of stealth," the report said.(119)
   The findings of this report indicate that our national security
   portfolio is lacking substance where information warfare is concerned.
   Speaker of the House, Newt Gingrich asks "What if Saddam Hussein had
   hired 20 hackers in August [1990, just before Desert Storm] to disrupt
   the American economy...He could have shut down the phone system by
   crippling AT&T's network and destroyed the financial network, which
   would have changed drastically how the Gulf War was waged."(120) In
   order to deal with this problem, the United States, and all
   technologically advanced nations, must develop a national security
   strategy for information warfare.
   National Security Solutions for the Information Age
   Several steps must be taken to put the United States' digital house in
   order, and begin dealing with the threat to national security posed by
   information warfare. Though the following list is not completely
   inclusive, it should serve as a useful framework for dealing with the
   Step One: Declassify the Threat
   Before dealing with the threat posed by information warfare, we must
   acknowledge that it exists. It is wrong to assume that security
   through obscurity will work indefinitely. Offensive information
   weapons can be developed using open source material and assembled
   using readily available electronic components. In fact, some offensive
   information warfare weapons, namely a HERF gun, have been assembled
   completely by accident.(121)
   The existence of offensive information warfare capabilities coupled
   with the United States' heavy reliance on information technologies,
   has introduced a new threat to our national security. It has been
   shown that information warfare, most likely in the form of terrorism,
   is probable because the costs, both politically and economically, are
   lower than the benefits derived. If an autonomous nation or political
   group wishes to inflict damage, chaos and fear on American society
   with minimal costs, then its most rational option is to use offensive
   information warfare capabilities.
   If this threat is acknowledged, the response options available to the
   United States increase. Actions to decrease the impact of an
   information warfare attack can be undertaken in advance to minimize
   the damage incurred. Political scientist James Wyllie argues that
   "Deterrence demands that an adversary be made completely aware of the
   value of the issue in dispute to the deterrer, and the willingness to
   collect a price should the rival not be dissuaded from its unwelcome
   course of action."(122) Acknowledging the threat acts as a deterrent
   for several reasons. First, it increases the number of responses
   available to the United States because the issue has been addressed at
   a political level, and it demonstrates to the international community
   that this is an important issue. Our capabilities to deal with such an
   attack are increased because we are prepared for it. Second, it
   motivates the military and private industry to deal with this problem
   and create viable security solutions that minimize the vulnerability
   of the United States' information infrastructure. Third, it gives the
   United States a political catalyst to deal with this issue on a global
   level and to enter into treaties and agreements to protect the global
   information infrastructure and to avert common worst case scenarios.
   Let us examine each of these in greater detail.
   Step Two: Increase Security
   As technological advancements in information technology continue,
   security must be a vital component. Perhaps, easier said than done.
   The security of our information systems must be continually increased.
   Security experts and hackers agree that encryption will be the
   critical component used to secure computer systems and information
   transfers of the future.
   Increasing security quells realist concerns about information warfare
   by decreasing the United States' vulnerability to attack.
   Unfortunately, it also contributes to the security dilemma, because
   defensive actions might be construed as intentions to attack other
   nations. Because of this security dilemma, it is important that the
   United States be able to export this technology to allies and enemies
   alike. This is similar to Ronald Reagan's suggestion that should his
   Strategic Defense Initiative prove successful, the technology would be
   given to the Soviet Union in an effort to attenuate their fears of a
   U.S. attack.(123) In order for this to occur, the United States
   government will have to release its stranglehold on encryption
   technology and allow U.S. companies to export this technology without
   restriction. Not only does this increase security and stability, but
   it will also generate growth in the software industry and allow U.S.
   companies to maintain a comparative advantage in this area.
   The American people have always displayed an ability to be innovative
   and tenacious in the face of adversity. Given the opportunity and
   incentive, they will rise to deal with the threat of information
   warfare in ways we are not yet capable of predicting. The important
   aspect is that the American people at least be given the opportunity.
   The rest will follow.
   Step Three: Increase Vendor Accountability
   Step three is closely linked with step two. In order to increase
   security and not just manifest an illusion of having done so, vendors
   must be held accountable for the "secure" products they distribute.
   Though it is impossible to eliminate all security holes and to find
   every bug, more must be done to ensure the reliability of systems and
   software before they are shipped. Also, vendors should be required to
   create patches and fixes for security holes as they are found and
   distribute them to all customers.
   Security expert Bob Stratton argues that "if you ask the vendors, they
   will say: nobody told us this was important. Nobody told us security
   was important."(124) The United States must assure the vendors that
   security is important and must be a required component of those
   technologies that will constitute our information infrastructure.
   On the virus front, more must be done to ensure consumers that
   merchandise will be shipped virus-free. Some level of accountability
   must be determined for those companies that fail to verify the
   integrity of the software or hardware they are shipping. Perhaps, some
   sort of criminal or monetary liability for vendors is needed to
   stimulate active virus checking at the shipping end of software
   distribution. One thing remains certain: we can not allow viruses to
   spread within shrink-wrapped software. It ensures too great a
   distribution within American society to be taken lightly.
   Step Four: Facilitate Private/Public Sector Cooperation
   Both the public and private sectors of the United States have a vested
   interest in the creation of a secure information infrastructure. The
   military is incredibly reliant on private sector communications lines
   and does not have the resources to create new secure information
   technologies on its own. Robert Steele argues that the relationship
   between the private and public sector with regards to new technology
   has reversed. Where technology used to migrate from the military into
   the private sector, it now migrates in the opposite direction. Steele
   argues that the military and civil sector must now cooperate and that
   "the military must acknowledge that it cannot dominate information
   warfare and that it must completely recast its understanding of
   information warfare to enable joint operations with civil sector
   organizations including law enforcement, businesses with needed
   skills, and universities."(125)
   The military must be able to define its security needs and work with
   the private sector to meet them. Both sectors will benefit. The
   military will get increased security and the private sector will get
   funding for research and development and profits from the marketable
   products it develops. Not only does this increase the security of
   military systems, it also increases the security of the private sector
   upon which they are reliant for communications and open source
   intelligence gathering and storage. In this way, the United States can
   expand the umbrella of security over a larger part of its information
   Step Five: Conceptualize Our Information Sphere
   Using a term borrowed from Air Force information warfare doctrine, an
   information sphere is an assessment of those information technologies
   that are vital to national security. At the core of the sphere are
   those technologies that are of greatest value: classified military
   networks and vital financial networks like the Federal Reserve. As you
   move away from the core, importance decreases to include
   non-classified military sites, communications networks and
   intelligence systems, other financial networks and transaction
   centers, other communication networks, power grids, private sector
   information systems and non-operational military information. The
   outer edge of the sphere contains the least important information such
   as personal information and communications.
   In order to formulate an integrated approach to addressing the threat
   of information warfare, the United States must define its information
   sphere. Granted, different organizations and branches of the military
   are going to have different conceptions of what the information sphere
   contains, but all of these conceptions must be drawn into a
   centralized sphere in order to address the problem at a national
   level. Those information systems at the core of the sphere must be
   protected first and foremost. As technological capabilities progress,
   the shield of protection must be extended over other parts of the
   sphere until the entire information sphere is sheltered.
   Under the best case scenario, parallel efforts to protect each
   component of the sphere are executed simultaneously with varying
   intensity. It is foolish to focus entirely on the core of the sphere
   until we feel it has been adequately protected because it is highly
   likely that we will never arrive at that conclusion, and in the
   meantime we are leaving other vital components of our information
   sphere unprotected. In the Information Age, different components or
   levels of the information sphere are likely be interconnected as well,
   increasing their importance to each other.
   It is often argued that in order to protect certain aspects or
   sections of the information sphere we must make them autonomous.
   Fortunately, this is not a valid proposition, lest we wish to discard
   the benefits of the Information Age. A vital component of any
   information society is distributed information networks sharing and
   storing information. The existence of networks increases the value of
   computer technology because one does not have to store every piece of
   information he or she needs. Instead it is only necessary to be able
   to retrieve it from the collective intelligence of the network. To
   disconnect from the network is to decrease the value of your computer
   exponentially. Robert Steele, while working in the employ of the
   Central Intelligence Agency, found that most of the information stored
   on autonomous classified networks was available through open source
   networks and could be found in half the time at a lesser cost. Though
   there may be security through autonomy, the benefits of that security
   do not necessarily exceed the costs of disconnecting from the global
   network. In some instances, like in the case of single purpose
   financial networks, secure autonomous networks might be desired, but
   in general they will hinder the information stream upon which
   Information Age nations rely. Al Gore, the Vice President of the
   United States puts it succinctly: "To realize the full benefit of the
   Information Age, high-speed networks that tie together millions of
   computers must be built."(126)
   Once we have conceptualized our information sphere, we must develop
   methods to asses damage incurred within it. Upon suffering an
   information warfare attack, the United States must be able to evaluate
   and assess the damage that its information sphere has sustained. Not
   only is this essential for repair, but it also allows us to gauge our
   possible responses based on the extent of the damage we have suffered.
   We must be able to place realistic values on the information that our
   networks contain. Bob Stratton notes that "one of the most significant
   problems we have right now is that people have not decided how much
   their information is worth and because they have not made that
   decision they have decided how much it is worth protecting."(127) By
   conceptualizing an information sphere we are placing information in a
   hierarchical value system based on strategic national security
   importance. We must also be able to use alternative measures of value
   on information to judge, not only strategic importance, but economic
   and social importance. We must be able to judge what sort of damage is
   incurred based on the overall significance of the target. Military
   systems have a different value than banks, and likewise, banks have a
   different value than the computers that house the nation's Social
   Security data. We must make sure our measures of value include all the
   information contained on the networks.
   Similarly, for strategic purposes we must be able to measure the
   damage the United States inflicts on other nations should it utilize
   offensive information warfare capabilities. What is the strategic
   value of destroying an enemy's communications network versus the
   strategic value of manipulating it for our own purposes? What sort of
   damage is inflicted on the target nation and its allies or trading
   partners if its financial system is demolished? Can we trace the links
   to ensure that economic aftershocks are not felt by the United States
   or any of its trading partners? These are difficult questions, but
   each must be examined if we are to take the threat and capabilities of
   information warfare seriously.
   Step Six: Multi-Level Education
   Education can take place at several levels. First, policy makers can
   be made aware of the threat and what they can do about it. It is their
   public obligation to do so. It was suggested in a Congressional
   hearing that Members of Congress rent and watch the movie War Games in
   order to understand the threat and techniques used by hackers.(128)
   Granted, War Games was a revealing movie, but policy makers must have
   a better understanding of the threat to American national security
   than this movie provides. The fact that Speaker Gingrich is discussing
   the implications of information warfare with the media is a positive
   sign, but his is a unique case of having friends interested in the
   topic. Most likely, the military will act as educator to the policy
   makers where this issue is concerned, but we must balance them with
   public sector opinions in order to equalize any parochial interests
   the military might put forth in order to gain increased funding.
   The policy makers must also be made aware of what they can do to solve
   the problem. When discussing HERF Guns at the above mentioned hearing,
   one Member of Congress asked if such weapons might fall under the
   auspices of the Brady Bill and if they should be outlawed. Luckily,
   Mr. Schwartau was able to convince them that to do so "would be
   banning the microwave and communications industry from
   existence."(129) Though the threat of information warfare is very
   real, we should not react with ill-conceived responses, especially if
   it means sacrificing individual liberties.
   At another level, those who run the systems or are in charge of
   security must be educated to understand and deal with the threats. The
   largest security hole in computer systems is the human factor. A whole
   book has been written devoted to this aspect of computer
   intrusion.(130) If you place a computer in a locked room with no
   outside connections you have a secure computer, give one person access
   and security is reduced. Give another person access and security is
   reduced even further. Now the two people can be used against each
   other with a little social engineering. Consider the following true
   anecdote where a hacker named Susan demonstrates her social
   engineering skills:
   As Susan later told the story, a team of military brass...from three
   services sat at a long conference table with a computer terminal, a
   modem, and a telephone. When Susan entered the room, they handed her a
   sealed envelope containing the name of computer system and told her to
   use any abilities or resources that she had to get into that system.
   Without missing a beat, she logged on to an easily accessible military
   computer directory to find out where the system was. Once she found
   the system in the directory, she could see what operating system it
   ran and the name of the officer in charge of that machine. Next, she
   called the base and put her knowledge of military terminology to work
   to find out who the commanding officer was at the SCIF, a secret
   compartmentalized information facility. Oh yes, Major Hastings. She
   was chatty, even kittenish. Casually, she told the person she was
   talking to that she couldn't think of Major Hasting's secretary's
   name. "Oh" came the reply. "You mean Specialist Buchanan." With that,
   she called the data center and switching from nonchalant to
   authoritative, said, "This is Specialist Buchanan calling on behalf of
   Major Hastings. He's been trying to access his account on the system
   and hasn't been able to get through and he'd like to know why"
   ...Within twenty minutes she had what she later claimed was classified
   information up on the screen. Susan argued "I don't care how many
   millions of dollars you spend on hardware, if you don't have people
   trained properly I'm going to get in if I want to get in."(131)
   There are fundamental security measures that can be taught to system
   users to ensure that the security of the system is not compromised and
   scenarios like the one above are not repeated. It might be necessary,
   as argued in other papers, to create a centralized agency in charge of
   coordinating education and providing support for system administrators
   in patching known security holes.(132)
   Finally, the public must be educated to understand the threat of
   information warfare so that it can endorse the actions taken by the
   government to deal with this problem. Mr. Schwartau's book does a
   great service in this area, but more effort is needed to bring
   information warfare into the public discourse. Citizens have to
   understand the reliance they have on information technology and the
   purpose it serves within society before we can justify protecting it.
   Step Seven: Use Hackers as a National Resource
   The digital underground should be viewed as an asset to the United
   States. They use illegal means to satisfy their curiosity about the
   workings of computer technology because the system has denied them
   other means of accessing the digital realm they love. Harvard Law
   professor Laurence H. Tribe even suggests that access to technology
   may be a required goal of democratic society. He states:
   It's true that certain technologies may become socially indispensable
   -- so that equal or at least minimal access to basic computer power,
   for example, might be as significant a constitutional goal as equal or
   minimal access to the franchise, or to dispute resolution through the
   judicial system, or to elementary and secondary education. But all
   this means (or should mean) is that the Constitution's constraints on
   government must at times take the form of imposing "affirmative
   duties": to assure access rather than merely enforcing "negative
   prohibitions" against designated sorts of invasion or intrusion.(133)
   Some hackers are loyal to the ideals of their nation. For example,
   when news of Stoll's German hacker selling U.S. secrets to the KGB hit
   the underground many hackers responded with hatred towards the guy who
   had associated their movement with national espionage and threats to
   national security. They were willing to use their abilities to combat
   this problem, and were even willing to target Soviet computers for the
   Central Intelligence Agency. One case of a hacker making a
   contribution to society is the story of Michael Synergy and his quest
   for presidential credit information. Synergy decided one day that it
   would be interesting to look at the credit history of then President
   Ronald Reagan. He easily found the information he was looking for and
   noticed that 63 other people had requested the same information that
   day. In his explorations he also noticed that a group of about 700
   Americans all appeared to hold one credit card, even though they had
   no personal credit history. Synergy soon realized that he had stumbled
   upon the names and addresses of people in the U.S. government's
   Witness Protection Program. A good citizen, he informed the FBI of his
   discoveries and the breach of security in the Witness Protection
   One of the basic benefits to United States national security is the
   lack of a coherent movement among the members of the digital
   underground. Hackers are by nature individualistic. They lack a common
   bond that allows them to focus their energies on one target. If there
   is a common target among hackers, it is corporate America, especially
   the telephone companies. These corporations have become targets
   because hackers rely on their service to access cyberspace, which can
   be a very expensive proposition. The United States government has a
   vested interest in not providing them with another target, especially
   if that target is the government itself. The United States should
   utilize hackers, and give them recognition in exchange for the service
   they provide by finding security holes in computer systems.
   The United States should not discontinue efforts to stop credit fraud
   and other computer activities that are unquestionably criminal. But,
   the United States should allow the hackers to conditionally roam the
   realm of cyberspace. These conditions would include the following: (1)
   If computer access is gained, the security hole should be immediately
   reported to the government or centralized agency and should not be
   given to anyone else, and (2) information files should not be
   examined, modified or stolen from the site. In return the United
   States acknowledges the hackers' accomplishments, thus feeding their
   competitive egos.
   Why should the United States government trust hackers? No trust is
   necessary. The United States is not offering the hackers anything that
   they don't already have, except recognition for their ability to
   discover security flaws. The hackers will remain on the networks
   regardless of what policy the United States follows concerning their
   activity. It is simply giving them the forum they need to meet people
   with similar interests on a legitimate basis, rather than a secret
   one. Robert Steele argues, "If someone gets into a system, that is not
   a violation of law, it is poor engineering. When we catch a hacker,
   rather than learn from him, we kick him in the teeth. When the
   Israelis catch a hacker, they give him a job working for the
   Many U.S. corporations already allow the hackers to identify security
   weaknesses in their computer systems. The Legion of Doom, the most
   notorious group of hackers in the U.S., briefly entered the computer
   security business with the formation of their company called Comsec
   Security. Bruce Sterling reports, "The Legion boys are now digital
   guns for hire. If you're a well-heeled company, and you can cough up
   enough per diem and air-fare, the most notorious computer hackers in
   America will show up right on your doorstep and put your digital house
   in order - guaranteed."(136) Some argue that this is simply extortion,
   but individuals are not saying "pay up or else we will enter your
   system." They are offering their skills to secure vulnerable computer
   systems from possible electronic intrusion.
   Hackers can be used to secure the United States' digital interests.
   Every effort should be made not to alienate them from the newly
   emerging digital infrastructure. In the same Congressional hearing
   where his publication was branded as manual for computer crime,
   Emmanuel Goldstein made the following remarks about access to
   technology and computer crime: 
   This represents a fundamental change in our society's outlook.
   Technology as a way of life, not just another way to make money. After
   all, we encourage people to read books even if they can't pay for them
   because to our society literacy is a very important goal. I believe
   technological literacy is becoming increasingly important. But you
   cannot have literacy of any kind without having access.... If we
   continue to make access to technology difficult, bureaucratic, and
   illogical, then there will also be more computer crime. The reason
   being that if you treat someone like a criminal they will begin to act
   like one.(137)
   It is ridiculous to assume that the entire hacker subculture is
   motivated by criminal intentions. Hackers, like all other groups or
   subcultures, contain a diverse array of individuals. Every group has a
   criminal element and the hackers' criminal element is no different
   than the criminal element that exists within the law enforcement
   community. A General Accounting Office report on threats to the
   nations National Crime Information Center, found that the greatest
   threat to this centralized criminal database was not from outside
   hackers but from corrupt insiders.(138)
   Most hackers are still young and have not formulated complete
   ideologies regarding right and wrong behavior. Bob Stratton, a former
   hacker who now works as a highly trusted security expert, argues that
   "These people (hackers) haven't decided in some cases, to be good or
   evil yet and it is up to us to decide which way we want to point
   them."(139) Mr. Stratton argues that we can mentor these individuals
   and thereby utilize their technological skills.
   Mitch Kapor, founder of one of America's most successful software
   companies notes that "the image of hackers as malevolent is purchased
   at the price of ignoring the underlying reality - the typical teenage
   hacker is simply tempted by the prospect of exploring forbidden
   territory...A system in which an exploratory hacker receives more time
   in jail than a defendant convicted of assault violates our sense of
   There does seem to be a trend in the past year to utilize hacker
   capabilities, both in the public and private sectors. This needs to
   increase, and perhaps some evaluation of our own laws might be
   necessary if we wish to continue knowing where the holes in the United
   States' information infrastructure are.
   Step Eight: Global Institutions and International Agreements
   Just as this issue has domestic political implications, it also has
   international political implications that need to be addressed. Once
   the United States acknowledges the potential threat of information
   warfare it must be prepared to deal with nations expressing similar
   concerns. Political deterrents like economic interdependence and fear
   of escalation must be backed by global institutions and international
   agreements that set standards and pacts for varying levels of
   information warfare.
   High levels of interdependence will cause technologically advanced
   trading partners to seek out security agreements in order to guarantee
   some level of stability in the international financial system. The
   United States should take the initiative to lead such efforts and
   place these issues on the international agenda. There are worst case
   scenarios to be averted and cooperation in this area should be
   Though these institutions do nothing to deter the threat of
   information terrorism, they may provide justifiable avenues to pursue
   in seeking retribution. Regimes do not deter terrorists and
   information warfare is an attractive weapon. However, defining our
   information sphere and increasing security help to minimize the damage
   that information terrorism can inflict on the United States. Global
   agreements would help determine the consensus of the international
   community where these new technologies are concerned and terrorist
   violations of this consensus is inevitable. Terrorists do not play by
   rules, but that does not mean the international community should
   forestall the development of those rules.
   Conclusion: National Security in the Information Age
   This thesis has put forth some apocalyptic scenarios regarding the
   future of information warfare and national security. This was not its
   ultimate intent. Realistically, there are a number of scenarios, each
   of varying degree, in which information warfare might be utilized in
   the future.
   In the most apocalyptic scenario, information warfare will be waged in
   conjunction with conventional warfare, to determine the hegemon of the
   Information Age. Many scholars have put forth arguments concerning the
   formation and survivability of hegemonic powers.(141) It is possible,
   that in this point in time, the instability of information technology
   requires the constancy only a hegemon can provide. Under this
   scenario, realist concerns run rampant, as the United States has a
   vested interest in becoming the hegemon for the next power cycle.
   However, a full-scale information war will be very costly, and it is
   highly unlikely that the hegemon will be able to salvage any value
   from the rubble of battle. A scenario where stability and consistency
   for information technologies are derived from cooperative
   endeavors to promote and facilitate global prosperity is more likely.
   In the Information Age, Third Wave nations have legitimate aspirations
   to create a global information system that adds value to their
   existing information infrastructures. Information technology is
   cooperative by nature and tremendous benefits can be derived from
   greater interconnectivity. Therefore, nations will seek out ways to
   integrate their networks with the international network. Once that
   integration takes place, each connected nation will have an interest
   in maintaining the stability and survivability of the overall network.
   Each nation has a vested interesting in preventing global information
   Despite collective interests, information terrorism will continue to
   be a viable national security concern for all Third Wave nations.
   Unfortunately, our options concerning terrorism are extremely limited.
   By increasing security and gathering intelligence regarding any plans
   that might be in consideration, we can ensure that the threat of
   terrorism is contained to isolated incidents from which the United
   States can recover. Unfortunately, the environment under which we
   currently operate can make no such promise, therefore it is essential
   that we address this issue now.
   Other likely scenarios include the use of information warfare for
   blackmail or for limited short-term gains. These scenarios present
   other difficult political dilemmas that must be addressed at a global
   level. Will nations allow information warfare threats to be used as
   blackmail? Will we allow limited information warfare in order to
   pursue strategic or comparative political and economic gains? Or is
   the fear of escalation an adequate deterrent to such ambitions? These
   questions must also be addressed.
   The Information Age promises to change many aspects of our society.
   Mitchell Kapor writes:
   Life in cyberspace is more egalitarian than elitist, more
   decentralized than serves individuals and
   communities, not mass audiences. We might think of cyberspace as
   shaping up exactly like Thomas Jefferson would have wanted: founded on
   the primacy of individual liberty and commitment to pluralism,
   diversity, and community.(142)
   As a society we have much to learn about ourselves through this new
   medium of communication. As a nation the United States must make sure
   that the structure it is building has a strong foundation and that
   weaknesses in that structure are not used to destroy it. It is a
   difficult task, because the constitutionally guaranteed rights of
   United States citizens must be upheld in the process. However, it is a
   task we must undertake. These are issues we must address. If we do not
   address these issues now the future of our country will be
   jeopardized. A handful of concerned citizens attempt to bring issues
   surrounding cyberspace to our attention everyday. Some of these issues
   concern national security, others concern individual privacy.
   Cyberspace has empowered the average person to explore and question
   the structure of our society and those that benefit from the way it is
   operated. Fundamental issues arise from hacker explorations. We must
   decide how, as a nation, how we wish to deal with these issues. Recent
   efforts in cloning produced a human fetus. The scientists that
   achieved this remarkable feat, immediately halted research arguing
   that a public debate must arise to deal with the ethical and moral
   issues surrounding this technology. They argued that before
   experimentation in cloning continued, we must decide as a society
   which direction that the new technology will go, what ends we hope to
   achieve, and what the limits on its use should be. A similar debate on
   the issues of cyberspace must take place. There is no need to stop the
   technology, but we must decide what direction we want the technology
   to take, and what rules will govern its use. We must do this now,
   before the technology starts dictating the rules to us, before it is
   too late to make changes in the basic structure of cyberspace without
   destroying the whole concept.
   We certainly are, as Al Gore noted, in the midst of an Information
   Revolution. Methods of warfare will continue to evolve as the
   revolution progresses. Conceptions of national security will have to
   evolve as well. Information warfare and information security must be
   incorporated into the national security agenda of any nation that is
   making the transition into the Information Age. Isaac Asimov notes
   that "Waiting for a crisis to force us to act globally runs the risk
   of making us wait too long."(143) We can not allow this to be the case
   where information technologies are concerned, because they are the
   foundation for that which we aspire to become. Similarly, John
   Petersen argues that a "philosophy comes bundled with every new
   technology; when one is embraced, the other is there at well."(144)
   The United States has already embraced the technology of the
   Information Age, it must prepare itself to deal with the philosophy
   that comes with it. The United States must be prepared to deal with a
   philosophy that changes the distribution of power, changes political
   relationships, and challenges the essence of nation states. Only then
   can we rightfully justify a leading role in the Information Age.
   (1) Skolnikoff, Eugene B. The Elusive Transformation: Science
   Technology and the Evolution of International Politics. (New Jersey:
   Princeton University Press, 1993), 169.
   (2) Skolnikoff, Elusive Transformation; Arquilla, John & Ronfeldt,
   David. "Cyberwar and Netwar: Warfare Between Networks." Comparative
   Strategy. vol. 12, no. 2, 1993, 141-165.; Petersen, John L. The Road
   to 2015: Profiles of the Future. (California, Waite Group Press,
   (3) Ronfeldt, David. "Cyberocracy is Coming," The Information Society
   Journal, vol. 8, num. 4 (1992), 243-296.
   (4) Qualifying this new pattern of societal development as the "third"
   wave, Toffler naively accepts the fact the Agrarian Age was the first
   developmental stage of modern society, a view not held by many
   scholars. However, the sequential allocation of numbers is not
   important for the purposes of this thesis, but rather the premonition
   that a new wave of development is occurring.
   (5)Toffler, Alvin The Third Wave (New York, William Morrow and
   Company, Inc., 1980)
   (6)Ibid, 26.
   (7)Gore, Al "Remarks at the Federal-State-Local Telecomm Summit,
   [Online]. (1994, January 9). Available WWW:
   (8) Examples include the National Telecommunications and Information
   Administration and the Information Infrastructure Task Force. Other
   government agencies involved with these issues include the General
   Accounting Office, the Federal Communications Commission, the National
   Institute of Standards and Technology, and the Advanced Research
   Projects Agency.
   (9)Petersen, Road to 2015, 39-70.
   (10)Ibid, 4.
   (11) Kelly, Kevin. Out of Control: The Rise of Neo-Biological
   Civilization. (New York, Addison-Wesley Publishing, 1994), 359.
   (12) Solnick, Steven L. "Revolution, Reform and the Soviet Telephone
   System, 1917-1927." Soviet Studies. vol. 43, no. 1, 1991, 157-176.;
   Sreberny-Mohammadi, Annabelle. "Small Media for a Big Revolution."
   (13)Big Dummies Guide to the Internet [Online]. Available FTP: Directory: pub File: bigdummy.txt.
   (14)Petersen, Road to 2015, 37.
   (15)Carroll, Bonnie. "Harsh Realities: S&T Acquisition Costs,
   Obstacles, and Results." Remarks at the Third International Symposium
   on National Security and National Competitiveness: Open Source
   Solutions, Washington DC, November 10, 1994.
   (16)Drucker, Peter. Post-Capitalist Society (New York, Harper
   Business, 1993), 8.
   (17)Ronfeldt, "Cyberocracy", 243-296.
   (19)"Introduction." Wired. Premiere Issue, 1993.
   (20)I have drawn from and expanded on the definition put forth by
   Ronfeldt, "Cyberocracy is Coming."
   (21)Steele, Robert D. "Hackers and Crackers: Using and Abusing the
   Networks." Presentation at the Fourth Annual Conference on Computers,
   Freedom and Privacy, Chicago, IL., March 1994.
   (22) United States General Accounting Office. Information
   Superhighway: An Overview of Technology Challenges. Report to
   Congress. January, 1995.
   (23)Arquilla & Ronfeldt, "Cyberwar is Coming!", 141-165.
   (24) Sun Tzu. The Art of War. Translated by Samuel B. Griffith. (New
   York, Oxford University Press, 1971), 95.
   (25) See U.S. Army Field Manual 100-5: Fighting Future Wars.
   (Washington, Brassey's Press, 1994); Sullivan, General Gordon R. &
   Dubik, Colonel James M. "War in the Information Age." U.S. Army War
   College, Strategic Studies Institute, 6 June 1994.
   (26) Steele, Robert D. "The Military Perspective on Information
   Warfare: Apocalypse Now." Keynote address at the Second International
   Conference on Information Warfare: Chaos on the Electronic
   Superhighway, Montreal, 19 January 1995.
   (27)Schwartau, Information Warfare, 291.
   (28)Brodie, Bernard & Fawn. From Crossbow to H-Bomb. (London, Indiana
   University Press, 1973)
   (29)Headrick, Daniel R. The Invisible Weapon: Telecommunications and
   International Politics 1851-1945. (New York, Oxford University Press,
   1991), 141.
   (30)Bramford, James. The Puzzle Palace. (Boston, Houghton Mifflin
   Company, 1982), 1-56.
   (31) Sullivan & Dubik. "War in the Information Age," 12.
   (32)Schwartau, Information Warfare, 179.
   (33)Schwartau, Information Warfare, 180.
   (34)Federal Emergency Management Agency. EMP Threat and Protective
   Measures. Report for public distribution. April 1980, 11.
   (35) National Institute for Standards and Technology Computer Security
   Division. Threat Assessment of Malicious Code and Human Threats.
   Report to the U.S. Army Computer Vulnerability/Survivability Study
   Team. October 1992, 10.
   (36) Goldstein, Emmanuel. "Opening Doors." 2600: The Hacker Quarterly.
   vol. 11, no. 3, Autumn 1994, 4-6.; Platt, Charles. "Hackers: Threat or
   Menace?" Wired. November 1994, 82-90.
   (37) Levy, Steven. Hackers: Heroes of the Computer Revolution. (New
   York, Dell Publishing, 1984)
   (38) Schwartau, Information Warfare, 137-148. The threats of
   electromagnetic emissions capture was first outlined by Wim Van Eck in
   his paper "Electromagnetic Radiation from Video Display Units: An
   Eavesdropping Risk?" (PTT Dr. Neher Laboratories, Leidschendam,
   Netherlands, 16 April 1985). Though this paper is classified within
   the United States, Van Eck's concepts have been accepted and proven by
   many security experts.
   (39) The Transient Electromagnetic Pulse Emanation Standard
   established by the United States government is used to label all
   electronic equipment whose level of electromagnetic emissions is low
   enough as to prevent their capture by eavesdropping devices.
   (40) Seline, Christopher J. "Eavesdropping on the Electromagnetic
   Emanations of Digital Equipment: The Laws of Canada, England and the
   United States," (Unpublished draft, 1990).
   (41) Schwartau, Information Warfare, 114-137.
   (42)Mungo, Paul and Clough, Bryan. Approaching Zero: The
   Extra-ordinary Underworld of Hackers, Phreakers, Virus Writers &
   Keyboard Criminals. (New York, Random House, 1992), 107.
   (43)Ibid, 107-110.
   (44)Ibid, 108.
   (45)Ibid, 98.
   (46)Hafner, Katie, and Markoff, John. Cyberpunk: Outlaws & Hackers on
   the Computer Frontier. (New York, Simon & Schuster, 1991), 345.
   (47)Perrow, Charles. Normal Accidents: Living with High-Risk
   Technologies. (New York, Basic Books, 1984).
   (48) Knowles, Francine. "Technology Glitches Can Take Big Toll,"
   Chicago Sun-Times, 16 Sept. 1994, 47.
   (49) Kelsey, Tim. "Teen Hacks Top-secret U.S. Computer; British Boy
   Posted Military Information on Internet," The Ottawa Citizen, 3 Jan.
   1995, A1.
   (50) Ibid, A1.
   (51)Stoll, Clifford. The Cuckoo's Egg: Tracking a Spy Through the Maze
   of Computer Espionage. (New York, Doubleday, 1989).
   (52)Hafner & Markoff, Cyberpunk, 172.
   (53)Denning, Peter J. Computers Under Attack: Intruders, Worms &
   Viruses. (New York, ACM Press, 1991), 183.
   (54)Brock, Jack L. (1991). Testimony in Hackers Penetrate D.O.D.
   Computer Systems: Hearings before the Subcommittee on Government
   Information & Regulation, Committee on Governmental Affairs, United
   States Senate, 20 November 1991.
   (57) Private VHS Video, supplied by Emmanuel Goldstein.
   (58) Sterling, Bruce. The Hacker Crackdown: Law and Disorder on the
   Electronic Frontier. (New York, Bantam Books, 1992), 1.
   (59) Quittner, Joshua and Slatalla, Michelle. Masters of Deception:
   The Gang that Ruled Cyberspace. (New York, Harper Collins, 1995),
   (60) Sterling, Hacker Crackdown, 1-43.
   (61) Bowman, Stephen. When the Eagle Screams: America's Vulnerability
   to Terrorism. (New York, Carol Publishing Group, 1994), 155.
   (62) Markoff, John. "A Most-Wanted Cyberthief is Caught in his Own
   Web." The New York Times, 16 Feb. 1995. A1.
   (63) Bowman, Eagle Screams, 125.
   (64) As quoted in Bowman, Eagle Screams, 124.
   (65) Schwartau, Winn. Terminal Compromise: Computer Terrorism: When
   Privacy and Freedom are Victims. (United State, Inter.Pact Press,
   1991), 1. This is a work of fiction.
   (66) Steele, Robert. "War and Peace in the Age of Information.
   Superintendent's Guest Lecture, Naval Post Graduate School, 17 August
   (67) Schwartau, Information Warfare, 293.
   (68) Steele, "Military Perspective on Information Warfare", 9.
   (69) Ayers, Robert. "Defensive Information Warfare: A Maginot Line in
   Hyperspace." Presentation given at the First TMSA Conference on the
   Revolutionary New Paradigm for Modern Warfare, Washington, DC, 8-9
   December 1994. As reported in OSS Notices, vol. 2, issue 10, 30
   December 1994, 10.
   (70) Ayers, as paraphrased in OSS Notices, vol. 2, Is. 10, 10.
   (71) Steele, "Military Perspective on Information Warfare", 11.
   (72) Jervis, Robert. The Meaning of the Nuclear Revolution. (Ithaca,
   Cornell University Press, 1989), 10.
   (73) Peterson, John, as cited by Steele, "War and Peace in the Age of
   (74) Weltman, John J., Nacht, Michael and Quester, George H.
   Challenges to American National Security in the 1990's. (New York,
   Plenum Press, 1991), xi.
   (75) Steele, "Military Perspective on Information Warfare", 5.; Gertz,
   Bill. "Electronic Crime Threatens Integrity of Long Distance Phone
   System," The Washington Times, 24 Oct. 1994, A3.
   (76) Steele, "War and Peace in the Age of Information."
   (77) Schwartau, Winn. "Technical Discussion of High Energy Radio
   Frequency Guns, and Video Demonstration of Van Eck Emissions Capture:
   How to Obtain Insider Information from 200 Meters Away Without
   Physical Connection." Presentation at the Third International
   Symposium on National Security and National Competitiveness: Open
   Source Solutions. Washington, DC, 9 November 1994.
   (78) Luttwak, Edward. The Endangered American Dream: How to Stop the
   United States from Becoming a Third World Country and How to Win the
   Geo-Economic Struggle for Industrial Supremacy. (New York, Simon &
   Schuster, 1993); Thurow, Lester. Head to Head: The Coming Economic
   Battle Among Japan, Europe, and America. (New York, Warner Books,
   1992); Prestowitz, Clyde V. Jr. Trading Places: How We Are Giving Our
   Future to Japan and How to Reclaim It. (New York, Basic Books, 1988).
   (79) Ganley, Elaine. "French Oust Five as Spies," The Burlington Free
   Press. 23 February 1995, A6.
   (80) Bowman, Eagle Screams, 7.
   (81) Schwartau, Information Warfare, 65-82.
   (82) Legro, Jeffrey W. "Military Culture and Inadvertent Escalation in
   World War II," International Security, vol. 18, no. 4, Spring 1994,
   (83) Mann, Paul. "Dialing for 'Info War'," Aviation Week and Space
   Technology, vol. 142, no. 4, 23 Jan. 1995, 31.; Holzner, Robert. "U.S.
   Navy to Tie Requirements, Acquisition," Defense News, 23 Jan. 1995,
   6.; "Services Gear Up for Information War," Defense Daily, vol. 184,
   no. 48, 8 Sept. 1994, 377.
   (84) "USAF Doctrine to Include 'Virtual Battle Space'," Aerospace
   Daily, vol. 173, no. 12, 19 Jan. 1995, 85B.
   (85) Cooper, Richard N. "Economic Interdependence and Foreign Policy
   in the Seventies," World Politics, Jan. 1972, 159.
   (86) Rosecrance, Richard and Stein, Arthur. "Interdependence: Myth or
   Reality?" World Politics, vol. 26, no. 1, 1973, 1-27.
   (87) Nye, Joseph S. Understanding International Conflicts. (New York,
   Harper Collins, 1993), 166.
   (88) See Snyder, Jack. Myths of Empire: Domestic Politics and
   International Ambition. (Ithaca: Cornell University Press, 1991).
   (89) See Schweizer, Peter. Friendly Spies: How America's Allies are
   Using Economic Espionage to Steal out Secrets. (New York, Atlantic
   Monthly Press, 1993).
   (90) Sterling, Bruce. "Speaking for the Unspeakable," Presentation at
   the Second Conference on Computers, Freedom and Privacy. Washington
   DC, March 1992.
   (91) Anonymous. Interview with author. Chicago, IL. March 1994.
   The countries interested in this hacker's services were France and
   (92) Those interested in the case can find further information on-line
   via the Internet's World Wide Web at:
   (93) Chipping of hardware is used to describe a process in which
   design flaws or timed failures are programmed into computer chips
   during production.
   (94) Stein, Arthur A. "Coordination and Collaboration: Regimes in an
   Anarchic World," International Organization, vol. 36, Spring 1982,
   (95) Class II information warfare is targetted at industries for
   espionage or competitive purposes. See Schwartau, Information Warfare,
   (96) Class III information warfare is waged with political intentions
   by state or terrorist entities. See Schwartau, Information Warfare,
   (97) Stein, "Coordination and Collaboration," 43.
   (98) Ibid, 25.
   (99) Keohane, Robert O. After Hegemony: Cooperation and Discord in the
   World Political Economy. (New Jersey, Princeton University Press,
   1984), 135.
   (100) Hughes, Eric. (20 Nov. 1994). Re: Clipper Questions. [e-mail to
   Matthew G. Devost], [On-line]. Available e-mail:
   (101) Though there has been a lot of discussion regarding this
   operation, there is no evidence to ensure that it actually will take
   (102) Bloodaxe, Eric. "Phrack Editorial," Phrack Magazine, vol. 5, Is.
   46, file 2a. [On-line] Available FTP: /pub/phrack/.
   (103) Currently, the exportation of encryption technology is regulated
   in the United States under the State Department's International
   Traffic in Arms Regulations. (ITAR)
   (104) De Landa, Manuel. War in the Age of Intelligent Machines. (New
   York, MIT Press, 1991), 45.
   (105) U.S. Congress. Senate. Armed Services Committee. Threats to
   National Security: Hearing. Testimony of General James R. Clapper,
   Director, Defense Intelligence Agency. 17 January 1995.
   (106) Brodie, Crossbow to H-Bomb, 115-118.
   (107) It should also be noted that the Turtle was never utilized
   successfully, but this was do more to chance than flaws in design.
   (108) Brodie, Crossbow to H-Bomb, 117-118.
   (109) Holden-Rhodes, J.F. Sharing the Secrets: Open Source
   Intelligence and the War on Drugs. (USA, The University of New Mexico
   Printing Services, 1994), 32.
   (110)United States General Accounting Office. Report on Implementation
   of Computer Security Act. (Washington, D.C. , U.S. Government Printing
   Office, 1990).
   (112)Sterling, Hacker Crackdown, 158.
   (113)Nathan, Paco Xander. "Jackson Wins, Feds Lose." Wired. May 1993,
   (114) Schwartau, Information Warfare, 258-312.
   (115) Devost, Matthew G. "The Digital Threat: United States National
   Security and Computers." Presentation at the Annual Meeting of the New
   England Political Science Association, Salem MA, 22 April 1994.
   (116) Elmer-Dewitt, Philip. "Terror on the Internet: A Pair of
   Electronic Mail Bombings Underscores the Fragility of the World's
   Largest Computer Network." Time. 4 December 1994, 15.
   (117) Carley, William M. "Of High-Tech Spying: Did the French Steal
   Secrets from Texas Instruments, or is the Story Just Bull." The Wall
   Street Journal. 19 January 1995, A1.; Schweizer, Friendly Spies.
   (118) Powell, Bill. "The Boy Who Lost Billions." Newsweek. 13 March
   1995, 37-52.
   (119) "Defense Science Board Calls for Improvements in Information
   Systems." Aerospace Daily. vol. 173, no. 2, 4 Jan. 1995, 10.
   (120) Cooper, Pat. "In Cyberspace, U.S. Confronts and Illusive Foe."
   Defense News. 19 Feb. 1995, 1.
   (121) Schwartau, Winn. "Class II Information Warfare: Corporate
   Espionage and Sabotage." Presentation at the Second International
   Conference on Information Warfare. Montreal PQ, 18 January 1995.
   (122) Wyllie, James H. "The Deterrence Condition." In Carey, Roger &
   Salmon, Trevor C. International Security in the Modern World. (New
   York, St. Martin's Press, 1992), 63.
   (123) Skolnikoff, Elusive Transformation, 66.
   (124) Stratton, Bob. "Hackers and Crackers: Using and Abusing the
   Networks." Presentation at the Fourth Conference on Computers, Freedom
   and Privacy: Cyberspace Superhighways: Access, Ethics and Control.
   Chicago IL, 23 March 1995.
   (125) Steele, "Military Perspective on Information Warfare", 11.
   (126) Gore, Al. "Infrastructure for the Global Village." Scientific
   American, Special Issue, 1995, 156-159.
   (127) Stratton, "Hackers and Crackers."
   (128) U.S. Congress. House. Committee on Science, Space, and
   Technology. Subcommittee on Technology and Competitiveness. Hearings
   on Computer Security. 102nd Cong., 1991.
   (129) U.S. Congress. House. Committee on Science, Space, and
   Technology. Subcommittee on Technology and Competitiveness. Hearings
   on Computer Security. 102nd Cong., 1991.
   (130)Van Duyn, J. The Human Factor in Computer Crime. (Princeton,
   Petrocelli Books, 1985).
   (131)Hafner and Markoff, Cyberpunk, 60-61.
   (132) Devost, "Digital Threat", 12-18.
   (133)Tribe, Laurence H. "The Constitution in Cyberspace." Paper
   presented at the First Annual Conference on Computers, Freedom and
   Privacy Conference, Burlingame, CA. 1991.
   (134)Mungo & Clough, Approaching Zero, 57.
   (135)Steele, " Hackers and Crackers."
   (136)Sterling, Bruce. "Cyberview." Phrack, vol. 3, is. 33, phile 10,
   (137)Goldstein, Emmanuel. Testimony before House Subcommittee on
   Telecommunications and Finance. Washington D.C., 9 June 1993.
   Goldstein, Emmanuel. "Congress Takes a Holiday." 2600: The Hacker
   Quarterly. vol. 10, no. 3, Autumn 1993, 14-15.
   (138) General Accounting Office. "NCIC Criminal Misuse." Washington
   DC, GPO, 1993.
   (139) Stratton, "Hackers and Crackers."
   (140) Kapor, Mitchell. "Civil Liberties in Cyberspace." Scientific
   American, Special Issue, 1995, 174-178.
   (141) See Keohane, Robert O. After Hegemony: Cooperation and Discord
   in the World Political Economy. (Princeton, Princeton University
   Press, 1984); Gilpin, Robert. War and Change in World Politics.
   (Cambridge, Cambridge University Press, 1981); Russet, Bruce M. "The
   Mysterious Case of Vanishing Hegemony: or, is Mark Twain Really Dead?"
   International Organization. vol. 39, no. 2, Spring 1985, 207-232.;
   Cowhey, Peter F. and Long, Edward. "Testing Theories of Regime Change:
   Hegemonic Decline or Surplus Capacity?" International Organization.
   vol. 37, no. 2, Spring 1983, 157-188.
   (142)Kapor, Mitchell. "Where is the Digital Highway Really Heading?
   The Case for a Jeffersonian Information Policy." Wired Magazine . July
   1993, 53-59.
   (143) Asimov, Isaac. As cited in Petersen, Road to 2015, xix.
   (144) Petersen, Road to 2015, 68.
                           SELECTED BIBLIOGRAPHY
   Allison, Graham & Treverton, Gregory F. Rethinking America's Security:
   Beyond the Cold War to New World Order. New York: W.W. Norton &
   Company, 1992.
   Andelman, David A. & Count de Marenches. The Fourth World War:
   Diplomacy and Espionage in the Age of Terrorism. New York: William
   Morrow & Company, 1992.
   Anthes, Gary H. "Info-terrorist Threat Growing." Computer World, vol.
   29, no. 5, 30 January 1995, 1.
   Arquilla, John & Ronfeldt, David. "Cyberwar and Netwar: Warfare
   Between Networks." Comparative Strategy. vol. 12, no. 2, 1993,
   Barlow, John Perry. "Crime and Puzzlement." Whole Earth Review. Fall
   1990, 44- 57.
   Beniger, James R. The Control Revolution: Technological and Economic
   Origins of the Information Society. Cambridge: Harvard University
   Press, 1986.
   Bequai, August. Technocrimes. Lexington: Heath and Company, 1987.
   BloomBecker, Buck. Spectacular Computer Crimes: What They Are and How
   They Cost American Business Half a Billion Dollars a Year. Illinois:
   Dow Jones- Irwin, 1990.
   Bowman, Stephen. When the Eagle Screams: America's Vulnerability to
   Terrorism. New York: Birch Lane Press, 1994.
   Brodie, Bernard & Fawn, M. From Crossbow to H-Bomb. Bloomington:
   Indiana University Press, 1973.
   Carey, Roger & Salmon, Trevor C. International Security in the Modern
   World. New York: St. Martin's Press, 1992.
   Clough, Bryan & Mungo, Paul. Aproaching Zero: The Extra-ordinary
   Underworld of Hackers, Phreakers, Virus Writers & Keyboard Criminals.
   New York: Random House, 1992.
   Cooper, Richard. "Economic Interdependence and Foreign Policy in the
   Seventies." World Politics. January 1972, 159-181.
   De Landa, Manuel. War in the Age of Intelligent Machines. New York:
   Swerve Editions, 1991.
   Denning, Peter J. Computers Under Attack: Intruders, Worms and
   Viruses. New York: ACM Press, 1991.
   Der Derian, James. "Cyber-Deterrence." Wired, September 1994, 116-122.
   Dubik, Colonel James M. & Sullivan, General Gordon R. "War in the
   Information Age." Stategic Studies Institute, U.S. Army War College, 6
   June 1994.
   Forester, Tom & Morrison, Perry. Computer Ethics: Cautionary Tales and
   Ethical Dilemmas in Computing. Cambridge: The MIT Press, 1994.
   Gore, Al. "Infrastructure for the Global Village." Scientific
   American, Special Issue, 1995, 156-159.
   Hafner, Katie & Markoff, John. Cyberpunk: Outlaws and Hackers on the
   Computer Frontier. New York: Simon & Schuster, 1991.
   Headrick, Daniel R. The Invisible Weapon: Telecommunications and
   International Politics 1851-1945. New York: Oxford University Press,
   Jervis, Robert. "Deterrence Theory Revisted." World Politics. January
   1979, 289- 324.
   Jervis, Robert. Cooperation under the Security Dilemma." World
   Politics. January 1978, 167-214.
   Jervis, Robert. The Meaning of the Nuclear Revolution: Statecraft and
   the Prospect of Armageddon. Ithaca: Cornell University Press, 1989.
   Kapor, Mitchell. "Civil Liberties in Cyberspace." Scientific American,
   Special Issue, 1995, 174-178.
   Kapor, Mitchell. "Where is the Digital Highway Really Heading?" Wired,
   July 1993, 53-60.
   Kelly, Kevin. Out of Control: The Rise of Neo-Biological Civilization.
   New York: Addison Wesley Publishing, 1994.
   Kennedy, Paul. The Rise and Fall of the Great Powers: Economic Change
   and Military Conflict from 1500-2000. New York: Vintage Books, 1987.
   Keohane, Robert O. After Hegemony: Cooperation and Discord in the
   World Political Economy. Princeton: Princeton University Press, 1984.
   Kroker, Arthur & Weinstein, Michael A. Data Trash: The Theory of the
   Virtual Class. New York: St. Martin's Press, 1994.
   Levy, Jack. "The Offensive/Defensive Balance in War." International
   Studies Quarterly. June 1984.
   Levy, Jack. "Theories of General War." World Politics. vol. 37, no. 3,
   April 1985, 344-374.
   Levy, Steven. Hackers: Heroes of the Computer Revolution. New York:
   Dell Publishing, 1984.
   Luttwak, Edward N. The Endangered American Dream: How to Stop the
   United States from Becoming a Third World Country and How to Win the
   Geo- Economic Struggle for Industrial Supremacy. New York: Simon &
   Schuster, 1993.
   May, Timothy C. "Crypto Anarchy and Virtual Communities." Extended
   abstract. Available Online: Email:
   Nacht, Michael, Quester, George H. & Weltman, John J. Challenges to
   American National Security in the 1990s. New York: Plenum Press, 1991.
   National Institute of Standards and Technology Computer Security
   Division. 1992. Threat Assessment of Malicious Code and Human Threats.
   Washington: GPO.
   Nye, Joseph S. Jr. Understanding International Conflicts. New York:
   HarperCollins, 1993.
   Parker, Donn B. Crime by Computer. New York: Charles Scribner's Sons,
   Petersen, John L. The Road to 2015: Profiles of the Future.
   California: Waite Group Press, 1994.
   Porteous, Samuel D. "Economic Espionage: Issues Arising from Increased
   Government Involvement with the Private Sector." Intelligence and
   National Security. vol. 9, no. 4, October 1994, 735-752.
   Quittner, Joshua & Slatalla, Michelle. Masters of Deception: The Gang
   That Ruled Cyberspace. New York: HarperCollins, 1995.
   Rheingold, Howard. The Virtual Community: Homesteading on the
   Electronic Frontier. New York: Addison-Wesley Publishing Company,
   Ronfeldt, David. "Cyberocracy is Coming." The Information Society
   Journal. vol. 8, no. 4, 1992, 243-296.
   Rosecrance, Richard & Stein, Arthur. "Interdependence: Myth or
   Reality." World Politics. vol 26, Oct. 1973, 1-27.
   Rushkoff, Douglas. Cyberia: Life in the Trenches of Hyperspace. New
   York: HarperCollins, 1994.
   Schwartau, Winn. Information Warfare: Chaos on the Electronic
   Superhighway. New York: Thunder's Mouth Press, 1994.
   Schwartau, Winn. Terminal Compromise. USA: Inter.Pact Press, 1991.
   Schwartz, Peter. "Post-Capitalist: Conversation with Peter Drucker."
   Wired, July 1993, 80-84.
   Schwartz, Peter. "Warrior in the Age of Intelligent Machines." Wired,
   April 1995, 138.
   Schweizer, Peter. Friendly Spies: How America's Allies Are Using
   Economic Espionage to Steal Our Secrets. New York: Atlantic Monthly
   Press, 1993.
   Skolnikoff, Eugene B. The Elusive Transformation: Science, Technology,
   and the Evolution of International Politics. Princeton: Princeton
   University Press, 1993.
   Snyder, Jack. Myths of Empire: Domestic Politics and International
   Ambition. Ithaca: Cornell University Press, 1991.
   Steele, Robert D. "The Military Perspective on Information Warfare:
   Apocalypse Now." Keynote Address, Second International Conference on
   Information Warfare: Chaos on the Electronic Superhighway, Montreal,
   19 January 1995.
   Steele, Robert D. "War and Peace in the Age of Information."
   Superintendent's Guest Lecture, Naval Postgraduate School, 17 August
   Stein, Arthur A. "Coordination and Collaboration: Regimes in an
   Anarchic World." International Organization. Spring 1982, 299-324.
   Sterling, Bruce. "War is Virtual Hell." Wired, Premiere 1993, 46-52.
   Sterling, Bruce. The Hacker Crackdown: Law and Disorder on the
   Electronic Frontier. New York: Bantam Books, 1992.
   Stockton, Paul N. & Tritten, James J. Reconstituting America's
   Defense: The New U.S. National Security Strategy. New York: Praeger
   Publishers, 1992.
   Stoll, Clifford. The Cuckoo's Egg: Tracking a Spy Through the Maze of
   Computer Espionage. New York: Doubleday, 1989.
   Thurow, Lester. Head to Head: The Coming Economic Battle Among Japan,
   Europe, and America. New York: Warner Books, 1992.
   Toffler, Alvin & Heidi. War and Anti-War: Survival at the Dawn of the
   21st Century. Boston: Little, Brown & Company, 1993.
   Toffler, Alvin. The Third Wave. New York: William Morrow & Company,
   U.S. Congress. House. Committee on Science, Space, and Technology.
   Subcommittee on Technology and Competitiveness. Hearings on Computer
   Security. 102nd Cong., 1991.
   U.S. Congress. Senate. Committee on Governmental Affairs. Subcommittee
   on Government Information and Regulation. Hearings on Hackers
   Penetrate Department of Defense Computer Systems. 102nd Cong., 1991.
   U.S. Congress. Senate. Committee on Governmental Affairs. Subcommittee
   on Government Information and Regulation. Hearings on Regarding the
   Computer Security Act. 102nd Cong., 1991.
   United States General Accounting Office. 1989. Report on Instances of
   Unauthorized Access to Space Physics Analysis Networks. Washington:
   United States General Accounting Office. 1990. Report on
   Implementation of Computer Security Act. Washington: GPO.
   United States General Accounting Office. 1995. Information
   Superhighway: An Overview of Technology Challenges. Washington: GPO.
   Van Duyn, J. The Human Factor in Computer Crime. Princeton: Petrocelli
   Books, 1985.
   Wallich, Paul. "Wire Pirates." Scientific American. March 1994,
   Wilson, Kevin G. Technologies of Control: The New Interactive Media
   for the Home. Madison: The University of Wisconsin Press, 1988.
           [2](c) Copyright Terrorism Research Center, Inc. 1997