HOME
National Security in the Information Age
This is the original copy of my 1995 thesis on information warfare. While I had written earlier essays on the topic, the thesis really represented my thinking and research during the 1993-1995 timeframe.
©1995 Matthew G. Devost (matt@devost.net)
NATIONAL SECURITY IN THE INFORMATION AGE
A Thesis Presented
by
Matthew G. Devost
to
The Faculty of the Graduate College
of
The University of Vermont
In Partial Fulfillment of the Requirements
for the Degree of Master of Arts
Specializing in Political Science
May, 1995
TABLE OF CONTENTS
[Note: Page Numbers Not Applicable for Electronic Version.]
ABSTRACT
ACKNOWLEDGMENTS ii
CHAPTER 1 - Introduction 1
The Information Age 2
The Knowledge-Based Economy 4
CHAPTER 2 -. New Territory, New Concepts and New Warfare 10
New Concepts: Information Warfare 14
New Weapons 16
HERF Guns 17
EMP/T Bombs 18
System intrusion 18
Emissions capture and espionage 20
Viruses, trojan horses and worms 21
Normal accidents 24
Information Warfare: Isolated Examples 24
Operation Datastream 25
The Hacker Spy 26
Hacker Attacks During Gulf War 28
Infrastructure Attacks 30
The Phone System 31
The Power Grids 33
The Big Picture 34
CHAPTER 3 - The Political Context of Information Warfare 38
What is National Security 38
Political Attractions of Information Warfare 41
Low Cost 41
Timely and Not Location Specific 42
Anonymity 43
Minimal Loss of Human Life 44
First Strike Advantage 47
Offensive Nature of Information Warfare 47
Deterrents to Waging Information Warfare 48
Economic Interdependence 49
Fear of Escalation 52
Lack of Technical Expertise 53
Information Warfare as Terrorism 54
The Realist/Liberal Approach to Information Warfare 56
The Realist Approach to Information Warfare 57
Problems with the Realist Approach 59
The Liberal Approach to Information Warfare 61
Problems with the Liberal Approach 62
The Realist/Liberal Conflict 64
The Strategic and Security Impacts of Technology:
A Historical Perspective 68
Decentralizing the Military: The Conoidal Bullet 69
Information Warfare: The Bushnell Turtle of the Information Age 71
CHAPTER 4 - National Security Solutions for the Information Age 74
The Computer Security Act of 1987 74
Operation Sundevil 76
Information Warfare: A Threat Assessment Portfolio 77
National Security Solutions for the Information Age 80
Step One: Declassify the Threat 80
Step Two: Increase Security 81
Step Three: Increase Vendor Accountability 82
Step Four: Facilitate Private/Public Sector Cooperation 83
Step Five: Conceptualize Our Information Sphere 84
Step Six: Multi-Level Education 88
Step Seven: Use Hackers as a National Resource 90
Step Eight: Global Institutions and International Agreements 95
Conclusion: National Security in the Information Age 96
FOOTNOTES
SELECTED BIBLIOGRAPHY 101
ABSTRACT
This thesis examines the impact information technologies have had on the
national security of the United States. It looks at how these technologies have
evolved into a significant component of the economic, military, and social
construct of the nation resulting in a transition from the Industrial Age to the
Information Age.
It introduces a new paradigm for conflict among nations based upon attacking
information infrastructures. The political attractions and deterrents to using
these new information warfare methods are discussed at great length. The debate
is then placed in a traditional realist/liberal context and examined from both
perspectives, suggesting ways in which each side would remedy the national
security threat. Historical technological developments are explored and
contrasted with new technology to develop hypotheses regarding the future
strategic impacts that these new technologies will have.
An increased reliance on information technology which is highly vulnerable
to failure and sabotage has created a new risk to the national security of the
United States. These vulnerabilities will be exploited during any conventional
military conflicts between nation states, but several political deterrents
including economic interdependence and fear of escalation decrease their
attraction during peacetime. Despite this, the political and strategic
attractions of information warfare make it a likely terrorist weapon.
The final chapter offers policy prescriptions and solutions for integrating
these concerns into the framework of the United States’ grand strategy to
decrease the security threat and facilitate international cooperation in this
area.
ACKNOWLEDGMENTS
I am greatly indebted to a number of people who have made this thesis
possible. First and foremost, my parents, family and friends who have provided
unlimited support and encouragement. This thesis is dedicated to them.
A special acknowledgment to Robert D. Steele. From the beginning, he has
provided encouragement and opportunity. The scholarship he provided to attend
his International Symposium: "National Security and National
Competitiveness: Open Source Solutions," allowed me to exchange ideas with
innovators and experts from around the world.
Special thanks to Dr. Mich Kabay and the National Computer Security
Association for giving me the opportunity to speak at the Second International
Conference on Information Warfare.
Within the University of Vermont: Professor Cherie Steele, for her patience
and dedication as my thesis advisor; Professors Tony Gierzynski and Tom
Streeter, for sitting on my thesis committee; and Professor Tom Rice and the
rest of the Political Science department for providing support and funding for
my graduate research.
Many others were helpful, perhaps without realizing it: Winn Schwartau, Bob
Stratton, Eric Hughes, Emmanuel Goldstein, and numerous members of the digital
underground.
Chapter 1
Introduction
Conceptions of national security can and do change. A series of new threats
to American national security have developed with our transition into the
Information Age. New technological developments and an increased reliance on
computer-based technology will cause a shift in conceptions of national security
for all advanced post-industrial societies. Nations face the danger of having
their information infrastructures destroyed, altered, or incapacitated by new
offensive technologies. Accordingly, grand strategies must integrate these new
threats and vulnerabilities into their general framework. Although Eugene
Skolnikoff argues that the vulnerability of large systems is rarely noticed
until disruption or catastrophe occurs(1), this thesis argues that these issues
must be dealt with pre-emptively to minimize their economic and political costs.
Political scientists and political leaders must recognize and examine the
threats posed by new technology and how it will effect both national and
international political relationships. This thesis provides an introduction to
these new technologies and suggests ways they have been utilized in the past to
threaten the national security of the United States. The threat is also placed
in a theoretical political context by examining how it relates to
paradigm-shifting technologies of the past, what its political attractions and
deterrents are, and how it would be analyzed and addressed within traditional
realist/liberal national security schools. It concludes with policy
prescriptions to assist policy makers in the transition to a new national
security agenda that includes the concepts examined in this thesis.
The need for work in this area is great. Very little work has been done in
the political science field to examine security issues related to information
technology.(2) David Ronfeldt argues that "with few exceptions, policy
makers and analysts are just beginning to discern how government and politics
may ultimately be affected by the information revolution."(3) As a result,
this thesis draws from a wide range of material that has been taken from
multiple disciplines and weaves it all to reveal national security
vulnerabilities and what can be done about them.
The Information Age
The United States is making a transition to a new age. Alvin Toffler
referred to this transition as the Third Wave(4), in his 1980 book of the same
title.(5) According to Toffler, the pattern of societal development follows a
series of waves, each of a lesser timespan than the previous. Toffler writes:
Until now the human race has undergone two great waves of change, each
one largely obliterating earlier cultures or civilizations and replacing them
with ways of life inconceivable to those who came before. The First Wave of
change - the agricultural revolution - took thousands of years to play itself
out. The Second Wave - the rise of industrial civilization - took a mere three
hundred years. Today, history is even more accelerative, and it is likely that
the Third Wave will sweep across history and complete itself in a few
decades.(6)
Toffler’s predictions about the coming Third Wave were written over fifteen
years ago, and the societal revolution he predicted is readily acknowledged
today as the Information Revolution.
This terminology is used by the leaders of the United States to describe the
transition to a knowledge-based economy. Vice President Al Gore argues that "we
are in the midst of an Information Revolution."(7) President Clinton often
speaks of the Information Age and during his presidency he has created various
working groups and committees to develop the foundations for a National
Information Infrastructure.(8) Various scholars argue that the United States
has already made the transition into the Information Age and that a majority of
our jobs are already knowledge-based jobs.(9) In fact the decline in industrial
based jobs looks very similar to the decline in agricultural jobs brought about
by the transition from the First to the Second Wave. The swell of the Third
Wave is already visible and its crest no longer unimaginable.
The Knowledge-Based Economy
If this coming Sunday, you were to sit down and read the entire New York
Times, you would absorb more information in that one reading that the average
person absorbed in a lifetime in Thomas Jefferson’s Day.(10)
Information revolutions are not new. Gutenberg’s printing press launched an
information revolution over five hundred years ago. His invention allowed for
the mass distribution of information, permitting common men to posses otherwise
scarce texts like the Bible. This created less reliance on hierarchical sources
of authority for interpretation of texts and granted anyone with the resources
to operate a printing press access to large audiences. To take the argument
even further, author Kevin Kelly argues that cultural advances, like the
printing press "prepared a possibility space that allowed human minds and
bodies to shift so that some of what it once did biologically would afterwards
be done culturally."(11) Under this view, the printing press served a dual
purpose. It revolutionized the way human beings interact and it contributed to
our evolution by decreasing the amount of information our minds needed to store.
In this regard, the Information Revolution is similar to the printing
revolution. Computers increase our capacity to store and search for information
externally.
Other mediums of communication might be considered revolutionary as
well.(12) One need only think of the changes brought about by the invention of
the telephone, radio, and television to realize that information revolutions
have their place in history. Each of these technologies increased our capacity
to communicate over great distances. In some cases, the communication took
place over physical cables, and in other cases the communication took place over
frequency waves with no physical connection required. How does this
information revolution promise to be different?
The difference is our increased ability to access, distribute and store
incredibly large quantities of information in very little time. It is now
possible to send the entire Encyclopedia Brittanica across the country in about
two seconds.(13) Access to large quantities of information through electronic
communications is a realizable goal anywhere there is access to a standard phone
line or cellular cell. In the near future, a series of low orbit satellites
will allow electronic communications technology to be utilized from any location
on earth.(14) In addition to this, the Internet, currently the world’s
information backbone, is increasing at a rate of twenty-five percent per month
and the World Wide Web has been experiencing growth rates of 341,634 percent per
year.(15)
With this increase in interconnectivity and information resources, the labor
force of a Third Wave nation becomes knowledge-based. Peter Drucker writes:
The basic economic resource - "the means of production," to
use the economist’s term - is no longer capital, nor natural resources, nor
labor. It is and will be knowledge. The central wealth making activities will
be neither the allocation of capital to productive uses, not labor - the two
poles of nineteenth and twentieth century economic theory, whether classical,
Marxist, Keynesian, or neo-classical. Value is now created by productivity and
innovation, both applications of knowledge to work. The leading social groups
of the knowledge society will be knowledge workers and knowledge executives who
know how to allocate knowledge to productive use, just as the capitalists knew
how to allocate capital to productive use…Yet, unlike the employees under
Capitalism, they will own both the means of production and the tools of
production.(16)
Other scholars have expressed similar sentiments. Daniel Bell echoes
Drucker’s argument when he proposes that "the crucial point about a
post-industrial society is that knowledge and information become the strategic
and transforming resources of the society, just as capital and labor have been
the strategic and transforming resources of the industrial society."(17)
The key financial institutions of knowledge-based societies also become
information-based. A majority of the financial transactions within the United
States do not involve the physical transfer of capital or physical
representations of money such as gold or currency, but rather the transfer of
information. For example, when money is loaned between institutions no physical
transfer of funds takes place. Instead, the informational representation of
money is exchanged. Information now represents money and "finance no
longer has anything to do with money, but with information."(18) Whereas
industrial societies were concerned with protecting physical capital and
providing safe routes for the transport of resources, information societies must
be concerned with protecting information and the transfer of information. Where
the destruction of bridges was a threat to the national security of an
industrial society, the destruction of information networks, especially those
involved with financial transactions, is a threat to the national security of
information societies.
This is the nature of conflict of the Information Age. Where the politics
of the last one hundred years centered around Industrial Age technology, the
politics of the future will be based on Information Age concerns oriented
towards the storage, protection and exchange of information. The premiere issue
of the magazine designed for the Information Age, appropriately named Wired,
had this to say about the emergence of new technology.
The medium, or process, of our time - electronic technology - is
reshaping and restructuring patterns of social interdependence and every aspect
of our personal life. It is forcing us to reconsider and re-evaluate
practically every thought, every action, and every institution formerly taken
for granted.(19)
The purpose of this thesis is take this concept one step further. It will
demonstrate that with the Information Age comes new threats to the
infrastructure of the United States. It will show that our reliance on computer
technology and our quick transition into a knowledge-based economy has left us
vulnerable to attack, and that vulnerability creates difficult political
dilemmas that must be dealt with should we wish to continue following the
currents of the Third Wave.
In Chapter Two, a new paradigm for conflict based upon attacking information
infrastructures is introduced and examples are given to demonstrate how this new
paradigm is rapidly developing to threaten the security of Third Wave nations.
Chapter Three then places the issue in a theoretical context by examining the
political advantages and deterrents to nations utilizing the capabilities of new
technology for offensive purposes. The issue is then examined from both the
realist and liberal perspective to speculate how each side would respond to the
acknowledged national security threat. Similarities to historical technological
developments are explored and contrasted with new technology to develop
hypotheses regarding the future strategic impacts that these new technologies
will have. The final chapter offers policy prescriptions and solutions for
integrating these concerns into the framework of the United States’ grand
strategy in order to decrease the security threat and facilitate international
cooperation in this area.
Chapter 2
New Territory, New Concepts and New Warfare
What is the National Information Infrastructure? For the purposes of this
paper, the NII is defined as the physical and virtual backbone of an information
society and includes, at a minimum, all of the following:(20)
- Financial networks: used for the transfer of information between
financial institutions.
- Private corporate and institutional networks: Used for the exchange of
information between international components of the same organization.
- Public fee accessed networks: Telephone networks and other privately
provided communications networks.
- Cooperative networks: Used to link educational and research facilities
for mutual benefit, as is the case with the Internet.
- Subscription networks: Fee based access to enclosed virtual communities
as is the case with Prodigy, Compuserve and America On-line. Also, increasingly
connected to cooperative networks to create large national networks for the
exchange of information.
- Government and defense networks: Used for government and defense
communications. Department of Defense networks used for C3I (command, control,
communications and intelligence.)
- Computer reliant public utilities: Power plants, water and sewage,
transportation vehicles and traffic systems.
- Computer reliant technology: Environment and security control in large
buildings, chip reliant cars, and a plethora of other conveniences.
This rather broad list has been compiled to demonstrate our current reliance
on computer technology. The National Information Infrastructure is usually
described as a utopian network for the cooperative exchange of information.
However, from a security perspective, the NII encompasses a much more extensive
sphere. Not only does it include systems required for the flow of information,
but the hardware those information flows have helped create, as well.
Where information flows are concerned, one might separate information
content into three distinct groupings with occasional overlaps:
1) Military information, which deals with actual military developments, top
secret operations, intelligence, systems control, correspondence between high
ranking officials, troop files and credit ratings, general troop activities and
lower level correspondence.
2) Business information, which consists of business records, bank
transactions, individual credit records, business systems, and other financial
transactions.
3) Personal information, which includes individual credit records, personal
systems, files and correspondence between individuals.
An attack or threat on lower levels of information, credit card fraud for
example, is more of an inconvenience than a national security threat.
Replacement costs may be high for this type of information, but the costs are
not nearly as high as they are for military or business information. A
successful attack on just a few business information systems could cause a
severe lag in the American economy. Robert Steele notes that "It costs a
billion dollars and takes six weeks to recover from a one day bank failure and
we have them all the time."(21) If Wall Street suddenly closed down, or if
bank transactions suddenly disappeared the United States would lose hundreds of
billions of dollars. It is estimated that the daily value of telephone
transactions on Wall Street alone, is in excess of one trillion dollars.(22)
A potential attack on military information, especially that which is
classified, poses a national security threat from a strategic standpoint. From
a command and control perspective, denying communications capability or altering
and destroying intelligence can have profound effects on the capabilities of
modern militaries. General Colin Powell notes that "A downsized force and
a shrinking defense budget result in an increased reliance on technology, which
must provide the force multiplier required to ensure a viable military
deterrent… Battlefield information systems became the ally of the warrior.
They did much more than provide a service. Personal computers were force
multipliers."(23) Whereas Sun Tzu regarded the skillful command of troops
as having the potential "of round boulders which roll down from mountain
heights,"(24) in today’s military it would be round boulders capable of
rolling by themselves, both on flat ground and up steep grades. Soldiers in
battle are less reliant on a hierarchical command structure and are capable of
making more autonomous decisions based on an increased ability to receive and
analyze real-time information regarding the condition of the battlefield. In
this situation, the emphasis is not on the function of command, but on
maintaining the supply and value of the information.(25)
Robert Steele argues that information warfare is "about applied
intellect - it is about harnessing intellect and protecting intellect, and it is
above all about providing the commander - including the civil commander in the
role of political, economic, or cultural leader - with survivable, reliable,
decision-support through war and operations other than war, on the home front as
well as on the traditional front line - and to do so largely with ‘out of
control’ civil resources."(26) With military command and control placed in
this context, threats to national security are present not only when military
communications are targeted, but also when civilian support to operations is
targeted. One cannot harness the distributed intelligence of a nation if the
information content is diverted or destroyed.
What threat is posed to American national security if, during a war, the
enemy were able to get information on troop movements or discover flaws in one
of our weapons systems? Or if the Soviets, during the Cold War, had been able
to access information on the Strategic Defense Initiative or stealth aircraft
designs? What if one fourth of all the computer systems in America stopped
working one day?
New Concepts: Information Warfare
Information warfare is about destroying information, reducing information
flows, reducing the reliability of information content, and denying access to
services. Author and security expert Winn Schwartau writes:
Information warfare is waged against industries, political spheres of
influence, global economic forces, or even against entire countries. It is the
use of technology against technology; it is about secrets and the theft of
secrets; it is about turning information against its owners; it is about denying
an enemy the ability to use both his technology and his information.(27)
Historical patterns reveal that information warfare is undoubtedly warfare
of the future. Traditionally, warfare has followed the different waves of
development in society. Science has always been applied to war.(28) Agrarian
society saw the development of the crossbow. As scientific capacity increased,
so did the weapons societies used in warfare. As nations industrialized, they
used their factories to create tanks. As our capacity to understand physics
increased, we used nuclear fission to deal devastating blows from high
altitudes. Today, computer-guided electronics allow us to deal even more damage
from the comfort of an underground bunker thousands of miles away. As we move,
or have already moved, into the Third Wave or Information Age, it is only
natural that our weapons or means of warfare will follow.
Information warfare, as a concept, is not entirely new. In 1912, when the
British cableship Telconia hauled up and cut the five cables that linked Germany
to the outside world: (two to the Azores and North America, one to Vigo, one to
Tenerife, and one to Brest); the British were waging information warfare.(29)
The British recognized the strategic significance of wartime communications and
utilized their capabilities to hinder Germany’s ability to communicate.
Likewise, when the United States intercepted and decrypted Japanese
communications intelligence during wartime operations and diplomatic
negotiations, the United States was waging information warfare.(30)
The only problem with these examples is that the environment in which they
took place is not as relevant today. These attempts at information warfare were
waged against industrial societies in which information was just one valuable
asset, ranked lower on the hierarchy of strategic importance than protection of
the industrial base. Today’s Third Wave societies are no longer based entirely
on industrial concepts and information has a higher strategic value now than it
has had at any point in history. This means that information warfare poses a
greater threat to national security in the Information Age than it did in the
Industrial Age. In fact, for several reasons illustrated later, information
warfare may become the preferred method of conflict among Third Wave nations.
General Gordon Sullivan and Colonel James Dubik acknowledge that "To
succeed against an industrial state generally requires the destruction not only
of its army, but also of the military infrastructure, resources and
manufacturing base of the total war-making capability. Achieving victory
against an information-based state will entail destroying that country’s armed
forces, as well as destroying its war-making capability (which may well include
industrial and information-related targets) and its information systems."(31)
Not only is information warfare an entirely new paradigm for waging war, it
must also be adopted as a supplement to traditional and conventional means of
warfare if successful campaigns are to be waged.
New Weapons
With a new type of warfare comes a new breed of weapons. In order to
understand the vulnerabilities of systems and the capabilities of possible
adversaries, a brief overview of offensive information warfare weaponry is
required.
HERF Guns. High Energy Radio Frequency guns allow adversaries to create
denial-of-service scenarios against a wide variety of targets. The concept
behind the HERF Gun is very simple and they are incredibly easy to build.
Depending upon the size of the power source used and range or accuracy desired,
HERF guns can be designed to take many different shapes and forms. HERF Guns
direct a blast of high energy radio signals at a pre-selected target. Schwartau
explains:
Electronic circuits are more vulnerable to overload than most people
realize, and that weakness is exploited by a HERF Gun. A HERF Gun is nothing
more than a radio transmitter, conceptually similar to the real tall ones with
blinking red lights on top to keep planes from hitting them. Your portable CB
or cellular phone are also radio transmitters, with different purposes, working
at different power levels. The HERF Gun shoots enough energy at its target to
disable it, at least temporarily. A HERF Gun can shoot down a computer, cause
an entire network to crash, or send a telephone switch into electronic orbit.
The circuitry within modern computer and communications equipment is designed
for low-level signals; nice quiet 1s and 0s which operate within normal limits.
The HERF Gun is designed to overload this electronic circuitry so that the
information system under attack will become, at least temporarily, a meaningless
string of babbling bytes.(32)
The damage that a HERF Gun can do when directed at a variety of creatively
selected targets is clearly obvious. Not only is a situation created in which
information systems fail, but it becomes extremely difficult to identify the
cause of failure.
EMP/T Bombs. Electromagnetic Pulse Transformer Bombs operate under the same
principle as HERF Guns; however, they are thousand times more powerful.(33)
Also, the damage induced by EMP/T Bombs is permanent. Governments have been
concerned with the threat of electromagnetic pulse since the invention of the
atomic bomb. A 1980 Federal Emergency Management Agency report concluded that
the following hardware would be most susceptible to failure from EMP:
computers, computer power supplies, transistorized power supplies, semiconductor
components terminating long cable runs (especially between sites), alarm
systems, intercom systems, life support system controls, telephone equipment,
transistorized receivers and transmitters, transistorized process control
systems, power control systems, and communications links.(34)
If EMP/T Bombs were detonated over densely populated urban areas, the
results would be disastrous. Not only would all communications and electronic
equipment fail, but the city would also experience a blackout, thus creating a
prime environment for civil unrest and riots.
System intrusion. Interconnected communications and computer systems are
also susceptible to intrusion. Commonly referred to as hacking, system
intrusion creates a wide variety of security concerns. Hacked systems can be
utilized for information gathering purposes, information alteration, and
sabotage. Vulnerabilities exist in almost every externally networked computer
in the United States. A report prepared by the Computer Security division of
the National Institute of Standards and Technology notes that "connectivity
allows the hacker unlimited, virtually untraceable access to computer systems."(35)
An entire subculture dedicated to the issues concerning hacking has developed
and its numbers increase substantially every year. In the summer of 1994, over
one thousand people from around the world descended on New York city for an
organized convention called "Hackers on Planet Earth."(36) Being a
sensational subject, computer hacking has also generated a lot of attention in
the American media. The recent apprehension of known computer hacker Kevin
Mitnick generated a plethora of front page stories across the nation.
Unfortunately, with this media attention, the term hacker itself has taken on an
entirely new meaning. Steven Levy first described hackers as computer
explorers, "adventurers, visionaries, risk-takers, artists… and the ones
who most clearly saw why the computer was a truly revolutionary tool."(37)
Levy’s hackers were the pioneers of the computer industry: Steven Jobs, Bill
Gates and Stephen Wozniak. These are men who are recognized today as
establishing a competitive advantage in personal computer hardware and software
for the United States. Today, the term hacker is often used to indicate a
computer criminal. This creates a difficult dilemma for those who wish to use
the term with positive connotations. For the purposes of this paper, the term
is used in both capacities, with the focus not on the intent of hackers or
computer criminals, but on their capabilities. Intent, reliability and
disposition only come into play when computer explorers are considered a
potential national security asset in Chapter Four.
Emissions capture and espionage. Computer hackers can also utilize several
tools for the capture of vital information secrets such as passwords or data.
Van Eck emissions enable hackers to capture the contents of computer screens
from up to two hundred meters away.(38) Devices designed to capture these
emissions can be developed at very low cost. To further complicate the matter,
current government regulations prevent non-governmental organizations from
protecting themselves by installing TEMPEST(39) equipment.(40) Information and
telecommunication networks are also easily monitored for information that might
be utilized for system intrusion.(41)
Viruses, trojan horses and worms. Viruses, trojan horses and worms have huge
destructive potential. Perhaps the greatest threat of the three is the computer
virus, a program which has the ability to attach itself to legitimate files and
then propagate, spreading much like an infectious disease from computer to
computer as files are exchanged between them. The more interactivity a computer
has with other computers the higher the chance of it contracting a virus. The
virus continues to hide itself until a certain criterion is met. These criteria
change from virus to virus, but some of the most deadly are viruses that wait a
certain length of time before initiating their destructive capabilities. This
insures that the virus has had enough time to copy itself to many systems, thus
increasing its damage potential. Once the criteria are met, the virus can
attack a system in one of many ways: by erasing files, destroying hard disk
drives, or corrupting databases.
Imagine a virus that spreads to a bank computer and then randomly modifies
numbers within a database, or simply causes the bank’s computers to shut down.
The potential for damage is enormous, but it is mostly monetary damage. Now
imagine that same virus attacks a hospital computer system. Human lives are at
stake, making that virus a tool of murder no less dangerous than a loaded
weapon. Viruses are very difficult to protect against because a copy of the
virus is often needed to create a vaccine or program to detect it. We do not
usually find copies of the virus until they have caused damage. It has been
estimated the cost of removing the viruses infections over the next five years
will be over $1.5 billion - not taking into account the value of the data that
will be destroyed.(42) There are already many documented cases of companies
losing millions of dollars in business and thousands of hours of computing time
due to viruses attacks.(43) That number will only increase in the future.
By 1992 there were over 1,500 catalogued viruses in the West, with that
number expected to have doubled by the end of 1993(44) One of the most popular
was the Michaelangelo virus, which received news coverage on all the major
television networks. What many Americans do not understand is that
Michaelangelo is just one of many potential attackers of their computer systems.
In Bulgaria, companies have set up virus factories producing more viruses than
the anti-virus industry can combat. How should the U.S. deal with companies
whose only concern is to produce destructive software? This is one of the many
questions we must ask ourselves when creating policies to ensure safe computing
in future years.
The trojan horse derives its name from the famous attack on the city of
Troy, and operates much like the trojan horse of ancient times. A trojan horse
is a program that pretends to be a benign program but is really a program of
destruction. The program tricks the user into running it by proclaiming to
perform some useful function; however, once initiated it can be as destructive
as a virus. Trojan horses are less of a danger because they are easily
destroyed: one simply deletes the program, since they contain no means of
copying themselves independently.
The worm operates much like a virus, but is can travel along a network on
its own. Perhaps the best known worm was the one created in 1988 by Robert
Morris, the son of an National Security Agency official. Morris created a worm
to seek out sites on the Internet by traveling along its many connections and
copying itself onto remote computers. Morris’ worm was not created to damage
any systems, but he made an error in designing the program. This error caused
the worm to begin propagating itself at an exponential rate, slowing down
Internet sites and causing communications to come to a standstill. The reaction
among Internet users and system administrators was mass hysteria. The following
are some highlights of the events as they unfolded over the course of twelve
hours
5:00 p.m. - Morris launches his worm onto the Internet
8:00 p.m. - System operators at computer systems across the nation begin
noticing that something is slowing their computer system down.
2:38 a.m. - The virus has spread onto many systems including the
Lawrence Livermore National Laboratory, NASA Ames Laboratory, Los Alamos
National Laboratory, and the Department of Defense’s Milnet network.
- A worried system operator releases the following message onto the
Internet. "We are currently under attack by a computer virus."
5:00 a.m. - An estimated 6,200 computers have been infected in the
course of 12 hours. System operators begin breaking network connections to
protect their systems. Later calculations revealed that only around 2000
computers had been attacked.
Days later, system operators were still cleaning up and containing the
Internet worm which had caused over one million dollars in damage.(45) Morris
was convicted for the damage initiated by his worm and sentenced to three year’s
probation, a $10,000 fine and four hundred hours of community service.(46)
Though Morris’s actions were illegal, he managed to expose the vulnerability of
the computer networking system. If one college student could do so much damage
by accident, what could a rogue nation or terrorist group do on purpose?
Normal accidents. In his 1985 book, Charles Perrow discusses threats posed
by accidental failure of advanced technology.(47) The same threats exist with
computer technology and information systems. It is not uncommon to read in the
newspaper about power lines being cut causing airports to shut down for extended
periods of time or for unexplainable electronic gremlins to cause multiple
failures at great cost. This was the case in Chicago in September 1994 when
several unexplainable electronic failures shut down airports and financial
institutions throughout the city.(48)
Information Warfare: Isolated Examples
Although there have been several examples in which national security has
been breached in the past five years, no single event constitutes an enduring
national security threat. But collectively, these events highlight a national
security threat based upon internal weaknesses in the security of information
technology systems in the United States.
Operation Datastream
Recently released information reveals that a sixteen-year-old computer
hacker from Britain was able to infiltrate United States Department of Defense
computer systems for seven months without being detected. He obtained access to
ballistic weapons research, aircraft design, payroll, procurement, personnel
records and electronic mail. In all, over one million passwords were
compromised. The Ottawa Citizen reports that "the U.S. Defense Information
Systems Agency admitted in a private briefing, which has been confirmed, that
the hackers had affected the departments’ ‘military readiness’."(49)
It is also believed that the hacker had access to sensitive and classified
computer databases regarding nuclear inspection details in North Korea.(50) The
security implications in this case are intensified by the fact that information
could have been altered. Had the North Korean government had access to this
information, it is possible that they might have altered databases and
communications to assist their development of nuclear weapons. In fact, there
is no evidence to suggest that North Korea was not involved in operations of
this sort on its own. It is acknowledged that the only reason the British
hacker was caught is because he left his computer terminal connected to a U.S.
defense computer overnight.
This is obviously a case where information warfare techniques have
substantial implications. Nuclear weapons are regarded as one of the most
devastating threats to the physical security of nation states. This case
demonstrates that information warfare can be used to assist nuclear
proliferation, creating two major security concerns. North Korea might have
been able to alter inspection reports and falsify data to cover up their nuclear
proliferation efforts, or it might have utilized the information to find out
which sites the United States was targeting for inspection.
The Hacker Spy
Perhaps the best publicized account of a hacker breaking into U.S. military
computer systems took place in 1986 when Cliff Stoll at the Lawrence Berkeley
Laboratory (LBL) discovered a German hacker using the university’s computer to
access sensitive databases. Stoll’s adventure began when he found a
seventy-five cent error in the LBL accounting system that tracks system usage
and then bills the correct party. By exploring the accounting software, Stoll
found that a user named Hunter had used seventy-five cents worth of computing
time in the last month. Stoll also discovered that Hunter did not have a valid
billing address, so he had not been properly charged. Through much work, Stoll
discovered that Hunter was in fact a computer intruder, a hacker using LBL’s
system to access other systems. In most cases the user would have been shut
out, but Stoll, an astronomer by trade, not a computer security expert, decided
to track the activity of the hacker.(51)
When Stoll first discovered that the hacker was accessing military
computers, no one believed him. The people in charge of maintaining these
sensitive systems did not know, nor did they believe, that a hacker had entered
their system. Stoll had a even harder time trying to convince law enforcement
agencies that this was indeed a crime worthy of having the hacker’s call traced.
This one hacker attempted to break into many military computer installations
including the Redstone Missile Command in Alabama, the Jet Propulsion Laboratory
in Pasadena, and the Anniston Army Depot. In many of the cases the hacker
successfully gained full access to computer systems and searched for keywords
like stealth, nuclear, White Sands and SDI.(52) When he found the files he
copied them to his home computer.
The search for the hacker continued for almost a year. The activity was
eventually traced to a West German citizen named Markus Hess. Hess, a member of
the hacker group called the German Chaos Computer Club, used the pseudonym Pengo
among his colleagues. He was known as one of the best hackers in the Hannover
area. On February 15, 1990, Hess and two colleagues were convicted of espionage
for selling secrets to the KGB.(53)
Surely one must look at this case as a threat to U.S. national security,
especially in the context of the Cold War. Gone are the days of searching for
Ivans in elite factions of the U.S. military. Now any twenty-year-old German
drug addict can accomplish the same thing from an apartment in West Germany. The
vast computer networks gives him the means, and the lax security of the United
States computer systems allows him to gain access to them and compromise
national interests.
Hacker Attacks During Gulf War
The United States inability to protect its computer systems was demonstrated
by attacks on Department of Defense computer systems during the war with Iraq.
Testimony before a Senate committee confirmed that during April and May of 1991,
computer hackers from the Netherlands penetrated thirty-four Department of
Defense computer sites. Here are few highlights from the report:
At many of the sites, the hackers had access to unclassified, sensitive
information on such topics as (1) military personnel–personnel performance
reports, travel information, and personal reductions; (2) logistics -
descriptions of the type and quantity of equipment being moved; and (3) weapons
system development data. Although the information is unclassified, it can be
highly sensitive, particularly during times of international conflict. For
example, information from at least one system, which was successfully penetrated
at several sites, directly supported Operation Desert Storm/Shield. In
addition, according to one DOD official, personnel information can be used to
target employees who may be willing to sell classified information.(54)
U.S. soldiers put their lives on the line to fight a war for a country that
cannot even protect the sensitive information related to their activities, let
alone personal data that could be used against their families. What is most
distressing about the report is its conclusion that the hackers exploited known
security holes to gain access to a majority of these systems. The United States
government knew that these security holes were there, yet it did nothing to fix
them. The report also indicates that the hackers "modified and copied
military information,"(55) and that many of the sites were warned of their
vulnerability but failed to realize the implications. The report ended with a
warning of things to come: "Without the proper resources and attention,
these weaknesses will continue to exist and be exploited, thus undermining the
integrity and confidentiality of government information."(56)
The Dutch hackers are one of the most respected hacking groups in the world.
Luckily for the United States, the Dutch exploits were for educational purposes
only. Their attacks were blatant, open and recorded by video.(57) In order to
ensure that their explorations were noticed they created a user account named
after Vice President Quayle. Had the Dutch hackers been acting with malicious
intent, or under the sponsorship of another nation state, who knows how much
damage they could have inflicted on Allied operations in the Gulf War.
Infrastructure Attacks
The three examples given above demonstrate instances where sensitive
military information was accessed, erecting a breach of security with serious
national security implications. Although these attacks were dangerous, they
caused very little damage to the flow of information. Attacks that target
information infrastructures with the intent to damage information flows are of
equal, if not greater, concern.
In an information-based or knowledge-based economy, denying access to
information transfers causes economic instability. However, due to the infancy
of the information-based economy and an increased hesitance to report instances
where damage is incurred, there are very few examples in which individual actors
have inflicted this sort of damage. Instead, this section will focus on
examples of accidental failure that demonstrate vulnerabilities in the
infrastructure of Information Age societies.
The Phone System
On January 15, 1990 seventy million phone calls went uncompleted.(58) In
Queens, New York two teenage hackers wondered if they were to blame for the
outage.(59) The phone company also wondered if hackers might be at fault as
well. In fact, several hackers were being closely monitored for illegally
accessing, altering and using various phone switches. As it turned out, a
programming error was to blame for the failure, however, a sense of urgency
regarding the security of the phone networks was established.(60)
Crashes since then have not been uncommon. Steven Bowman writes:
Telephone switching stations which are scattered about the U.S. cities
are crucial to our communications network. They are squeezed into any number of
unprotected locations. In 1992, a failed AT&T switching station in New York
put both Wall Street and the New York Stock Exchange out of business for an
entire day, with an estimated loss of billions of dollars in trading value. The
failure resulted in 4.5 million blocked domestic long distance calls, nearly
500,000 interrupted international calls, and the loss of 80 percent of the
Federal Aviation Administration’s circuits. A similar failure on November 5,
1991, in Boston resulted in a 60 percent loss of calls in that area.(61)
Today, the security of the phone networks upon which rely for everyday
communications and business transactions is still questionable. Reports,
detailing the recent arrest of America’s most wanted computer hacker, Kevin
Mitnick noted that Mr. Mitnick manipulated telephone company switches to
disguise his whereabouts.(62)
We rely on telephone communications daily. Many American businesses would
be unable to function without them. Not only is there an inherent vulnerability
of this service being denied, but phone lines can also be manipulated to divert
calls to competitors or can be eavesdropped upon. In what has been called the
Hacker Wars, competing hacker groups within the United States used such
techniques on a daily basis. Not only did they manipulate phone switches, but
they also gained access to numerous private computer networks, including some
military sites. Though losses were minimal, it is only because phone system
crashes have been isolated and uncoordinated. Should someone target several
large phone networks at once, the results would be more than an inconvenience.
It would have a devastating effect on the economic prosperity of many
businesses. Should the denial of service be maintained for extended periods of
time, many businesses, government agencies, and even some military installations
would be electronically paralyzed.
The Power Grids
Power grids, like telephone networks, are prone to failure, both accidental
and intentional. Stephen Bowman writes:
The United States power system is divided into four electrical grids
supplying Texas, the eastern states, the midwestern states and the northwestern
states. They are all interconnected in Nebraska. A unique aspect of the
electrical grids, as with communication grids, is that most built-in
computerized security is designed to anticipate no more than two disruptions
concurrently. In other words, if a primary line went down, the grid would
ideally shut off power to a specific section while it rerouted electricity
around that problem area. If it ran into two such problems however, the grid is
designed to shut down altogether.(63)
The national security implications of major power failures are obvious.
Blacking out several large cities at once would result not only in large
economic losses, but would likely spawn civil unrest and chaos. One need only
think of the damage inflicted by the Los Angeles riots in 1992. For social
reasons, outside the realm of this paper, our cities have become highly unstable
and prone to disruption. Amory B. and L. Hunter Lovins note that "However
caused, a massive power-grid failure would be slow and difficult to repair,
would gravely endanger national security and would leave lasting economic and
political scars."(64)
The Big Picture
Are you telling me that we spend almost $4 trillion dollars, four goddam
trillion dollars on defense, and we are not prepared to defend our
computers?(65)
Isolated incidents of electronic communications, computer, and power
failures are inconveniences with heavy price tags, but they are not a threat to
the national security of the United States. Accidents happen. We are prepared
to deal with most. We are not, however, prepared to deal with an internal or
external attack on our entire information infrastructure as defined earlier in
this chapter. Nor are we prepared to deal with the domestic and international
political consequences that such vulnerabilities create, as will be discussed in
chapter three.
I wish to conclude this chapter by bringing all the pieces together in a
hypothetical threat assessment so that an in depth evaluation of the security
implications can be discussed. It is estimated that with as little as 1 million
dollars and less than twenty well trained men, the infrastructure of this nation
can be brought to its knees.(66) More conservative figures estimate it at 100
million dollars and 100 men.(67) Never before in history, has new technology
created such vulnerabilities to national security at so low a cost to the
attacker.
Imagine a well trained team of saboteurs, operating over several years,
infiltrating several high technology companies like Microsoft or Novell, a few
major automobile manufacturers, or a couple of airlines. Viruses or trojan
horses are timed to detonate on a certain day, rendering computer systems
inoperable. A small team of hackers infiltrates large computer,
telecommunications and power centers preparing them for denial of service
attacks. Another team constructs several large EMP/T bombs and HERF Guns to be
directed at targets like the Federal Reserve and Wall Street. Doomsday arrives
and the countries electronic blood stops flowing. No transfer of electronic
funds, no stock exchange, no communications and power in a majority of
locations, no traffic control, no air travel. At this point, what is the
situation? Our physical integrity has been maintained, the loss of life has
been minimal, and we have no one to blame. Has our national security been
breached? Information warfare and intelligence expert Robert Steele argues that
the United States can not recover from a similar, even if much smaller, attack:
We can not afford the luxury of waiting for an electronic Pearl Harbor
to mobilize public opinion, for two reasons: first, because the catastrophic
outcome of a major electronic disaster, one which degrades or destroys major
financial centers - eliminating trillions of digital dollars- or other key
elements of our national fabric, is not supportable by our existing economies.
We cannot afford the cost of the time to reconstitute our civil sector. The
second reason is more frightening: it is highly unlikely that we will be able
to prove with any certainty which nation, organization or individual was
responsible for the attack.(68)
Consider the following report by Robert Ayers, Chief of the Center for
Information Systems Security. Mr. Ayers group recently used readily available
hacker tools freely available on the Internet to test the vulnerability of U.S.
systems. He found that:
88% of the time they are effective in penetrating the system,
96% of all system penetrations are undetected, and
95% of the instances where penetration is detected, nothing is done.(69)
According to a report in OSS Notices, Mr. Ayers "estimates that only 1
in 1000 successful system penetrations is ever reported and that in any given
year government systems are illegally accessed, though not necessarily
maliciously so, at least 300,000 times."(70)
On the virus front one U.S. government organization found 500 software and
hardware viruses in a single year, all of which were intercepted and scanned at
its loading dock in the original shrink-wrapped packaging.(71) These problems
will only continue as information networks continue to grow at exponential rates
and as viruses are created faster than we can detect them.
Ivan Bloch has stated that the "future of war [would be] not fighting,
but famine, not the slaying of men but the bankruptcy of nations and the
break-up of the whole social organization."(72) The transition into the
Information Age makes such a vision all the more plausible. Where national
security is concerned, information networks have created a tunnel to the center
of our vulnerability, usable by any nation or collective of individuals at their
discretion.
Chapter 3
The Political Context of Information Warfare
Ultimately, information warfare must be seen in a political context. How
should nations deal with the threat posed by information warfare, both
internally and internationally? What are the political and strategic
attractions of waging information warfare? What are the deterrents? Should
nations be concerned with capabilities or intentions? How does information
warfare compare with traditional concepts of national security and the
development of other new technologies? The purpose of this chapter is to answer
these questions, demonstrating how the concept of information warfare fits
within the framework of traditional national security studies, but, in order to
find solutions, we must move beyond them.
What is National Security
Much work has been dedicated to the study of what comprises national
security. At its simplest level, a nation’s security has been defined as "no
more than the total of the individual’s perceived sense of security."(73)
More encompassing definitions suggest that national security entails the "range
of physical threats that might arise for the nation and the force structures,
doctrines and military policies mobilized to meet those threats… also those
internal and external factors - such as economic or technological change - that
might arise and whose direct or indirect effect would be to diminish or to
enhance the nation’s capacity to meet physical threats."(74)
Using this definition alone, information warfare can be categorized as a
national security threat. Given the vulnerability of military information
networks and the military’s reliance on commercial communications paths for
ninety-five percent of its communications,(75) information warfare can hamper
the military’s ability to respond to conventional threats. The military’s
reliance on computer technology for digital mapping and intelligence also
creates a vulnerability to our conventional military forces. It took two months
to meet the digital mapping requirements to use Tomahawks in Gulf War.(76) Had
the threat been immediate, the United States would not have been able to utilize
its smart weapons capabilities and collateral damage would have been higher.
Also, EMP/T bombs can be used to destroy radar installations with little to no
human deaths, as they were in the Gulf War,(77) thus decreasing a nation’s
ability to respond to missile and aircraft threats.
To fully realize the potential threat of information warfare, the definition
of national security must be broadened. The economic arguments of scholars like
Luttwak, Thurow and Prestowitz(78) must be included in our definition of
national security. Is United States national security threatened if our ability
to maintain a prosperous economic system declines? If so, how might other
nations gain competitive advantages against U.S. industries and financial
markets using information warfare techniques? How might electronic
eavesdropping through Van Eck emissions capture and communications interception
be used to threaten national security by threatening American prosperity? The
recent expulsion of five alleged American spies from France demonstrates that
other nations consider industrial espionage a serious threat.(79)
Unfortunately, this area is too large to deal with in the confines of this
paper, but this prosperity aspect must be drawn into an expanded definition of
national security to realize the threat posed by information warfare.
Information warfare endangers not only our ability to respond to physical
threats, but our economic prosperity, as well. Traditionally, our ability to
remain prosperous has been directly linked to physical threats. In the
Information Age this is no longer true. Economic prosperity, indeed the very
lifeblood of our economic identity, can be destroyed without any physical damage
being inflicted. Once the threat is recognized, one must ask: In this
post-Cold War world, why would states want to wage information warfare against
each other?
Political Attractions of Information Warfare
Politically and strategically there are many attractions to state-sponsored
information warfare. It is low cost, timely, not location specific, provides no
early warning, is not taboo, inflicts low human life costs, and can be waged in
complete anonymity. Each of these must be examined at length before a clear
understanding of how information warfare is strategically and politically
advantageous can be achieved.
Low Cost
Information warfare is relatively cheap to wage. You get a high return on
your investment with information warfare techniques. Both Steele’s and
Schwartau’s estimates of what it would cost to reduce the United States to
information rubble ($1 million and $100 million respectively) are incredibly
cheap when compared to the cost of conventionally military weapons. This makes
offensive information warfare attractive to Third World states and offers them
the same basic capability to inflict damage on information infrastructures as
Second and First World nations.
Timely and Not Location Specific
Information warfare is timely and it is not location specific. Information
warfare can be waged at the drop of pin, to steal an analogy from the
telecommunications industry. There is no early warning system for information
warfare. You don’t know it is coming, so you must always anticipate it. This
creates a high level of paranoia. No radar can pick up a long distance phone
call from overseas, yet that one phone call may cause more monetary damage that
a dozen planes carrying conventional bombs. The World Trade Center is a perfect
example. The damage to the flow of information, estimated at over $1
billion(80), proved to be more costly than the structural damage inflicted on
the building. Viruses can be imported into the United States through
information networks, telephone lines, or on simple floppy disks which do not
attract the attention of U.S. Customs Inspectors.
Although a well-planned information warfare attack might take several years
to orchestrate, it can occur instantaneously. To uncover plans for such an
attack would involve a great deal of investigation and intelligence or a stroke
of luck. Most of the actors would be invisible, both to the victim and to each
other. Most of the preparatory work for lower levels of information warfare can
be done outside the traditional territorial boundaries of the victim nation.
Other forms of information warfare, (HERF Guns, EMP/T Bombs) require the
breaching of international boundaries, thereby allowing greater capabilities to
those nations that have easier access to U.S. visas or are subject to less
stringent immigration regulations. However, as the World Trade Center bombing
proves, our nation’s boundaries are capable of being breached by any foreign
nationals or terrorists with malicious intent.
Anonymity
Information warfare can be waged anonymously. Anonymity is the nature of
new technologies, especially telecommunications. An anonymous attack creates
two problems. Not only has a state’s national security been breached, but there
is no one to hold accountable for the attack. This makes information warfare
very attractive tool to covert operators. However, given the nature and intent
of terrorism, it is highly unlikely that terrorists will remain anonymous while
engaging in information warfare, since it is in their best interest to claim the
damage they have inflicted.
Political dilemmas arise in the victim state when citizens demand
retribution. The government has no target. The result will be political
instability as citizens focus blame on the government for allowing this to
happen. It might even be possible to collapse a particular political system
with prolonged, systematic anonymous attacks.
We need computers in our lives, but we do not trust them. Winn Schwartau
calls these conflicting feelings "binary schizophrenia."(81) When
used anonymously, information warfare plays on feelings of binary schizophrenia
causing insecurity and chaos. In this regard, anonymous information warfare is
comparable to the German blitzkrieg of World War II. It makes an impact on the
citizenry as well the government. Targets can be strategically selected to
generate the maximum amount of chaos and insecurity possible.
Minimal Loss of Human Life
Information warfare can also be waged to minimize the amount of human life
lost within the target nation. This makes information warfare techniques
politically attractive since there are no global taboos associated with waging
war against machines. Jeff Legro gives three reasons why states might restrain
from using certain weapons or means of warfare. He argues that "countries
may pursue restraint because popular opinion vilifies certain weapons; because
leaders calculate that escalation would damage their domestic and international
political support; or because states fear retaliatory attacks."(82)
How does information warfare fit within this framework? Because information
warfare causes low levels of human casualties and structural damage, there is
little reason to believe that popular opinion will vilify it. In fact,
populations will not even know information warfare is being waged against them
until it is too late. Even at that point, very few people will understand the
methods used. Therefore it is highly unlikely that information warfare will be
considered an inhuman way to pursue diplomacy by other means.
Also, there is little reason to believe that using information warfare will
be politically damaging to the aggressor country. Information warfare’s
anonymity assures that the aggressor will be identified only if they wish to be.
When information warfare is waged by one nation against another without
anonymity, the political outcomes would resemble those of traditional warfare.
Strategic alliances could be formed and some states could chose to remain
neutral, though it is highly unlikely that neutral states will be able to avoid
the global economic aftershocks of high intensity global information warfare.
If waged without anonymity, it is very likely that a victim nation would
respond to information warfare with retaliatory strikes. In this regard, fear
of retaliation or escalation will act as a deterrent to using information
warfare. However, the first strike advantage of information warfare might
neutralize any fears regarding retaliation using counter information warfare,
leaving victim nations with the difficult decision of responding with
conventional military force.
In Legro’s essay he uses three examples to demonstrate that military culture
is a strong factor determining when alternative or taboo forms of warfare will
be used. Since information warfare is a relatively new concept, it is doubtful
that it has been fully adopted by the military culture. However, recent trends
indicate that information warfare is an area that is getting a great deal of
attention and increased funding in an age of reduced military budgets. This
shows that the military culture perceives information warfare as a reasonable
and perhaps preferable form of warfare. At least three branches of the United
States Armed Services have publicly admitted to concentrating on information
warfare concerns.(83) Aerospace Daily reports that "Major advances in
information technologies are spurring the U.S. Air Force to mainstream
information warfare into its operations by incorporating information warfare
into its doctrine."(84) With Legro’s thesis in mind, perhaps the military
culture will accelerate the use of information warfare as a method of conflict
resolution. The use of information warfare techniques by the Allied forces in
the Gulf War indicate that the military culture has already accepted information
warfare as a supplement to conventional military tactics.
First Strike Advantage
In information warfare there is a huge first strike advantage, but only if
the goal is unlimited destruction and anonymity is utilized to prevent a
conventional response. There is a high correlation between the extent to which
a nation damages its enemy’s information capabilities and their ability to
respond using purely information warfare techniques. A nation can execute this
first strike anonymously if it so desires, thus delaying retaliation
indefinitely.
The first strike advantage of information warfare complicates matters
further by creating a security dilemma in which those countries exercising the
greatest amount of restraint will likely incur the most damage. In information
warfare, a first strike decreases the likelihood and may even prevent an
adversary from responding. The strategic advantages of waging a first strike
means that nations will always keep a finger on the trigger. In an anarchic
international system, hostilities or conflict might escalate quickly into
information warfare in an effort to generate a strategic advantage over one’s
adversary. If conventional conflict is inevitable, then whoever destroys their
adversary’s information systems first, gains a strategic advantage in battle.
Offensive Nature of Information Warfare
Information technology and computer systems, are vulnerable by nature.
Therefore, taking defensive measures against the information warfare threat will
always be difficult and costly. Improving the defense of information systems
also contributes to the security dilemma since decreasing one’s susceptibility
to information warfare increases the attraction of using information warfare
offensively. There are, however, as will be examined in the next section,
several deterrents to waging state-sponsored information warfare among
technologically advanced nations that will entice states to pursue defensive
postures. In order to neutralize the security dilemma presented by defensive
postures, states may share defensive technologies to ensure that a defensive
equilibrium is maintained. This serves a dual purpose: a relative balance of
power is maintained among states; and the offensive threat of rogue states or
terrorist entities is reduced. Though states will want to maintain offensive "just-in-case"
capabilities, security is best maintained, due to the nature of the threat, by
developing defensive capabilities.
Deterrents to Waging Information Warfare
Among technologically advanced nations, there are several deterrents to
waging information warfare. Factors such as economic interdependence, fear of
escalation, and lack of technical expertise detract from the advantages of state
sponsored information warfare
Economic Interdependence
Perhaps the most useful definition of economic interdependence in any
discussion of information warfare, is the one put forth by Richard Cooper. He
uses the term to "refer to the sensitivity of economic transactions between
two or more nations to economic developments within those nations."(85)
Focusing on economic sensitivity allows us to disregard conventional measures
such as trade surpluses and deficits and look at the interlinked effects of
economic stability between interdependent nations.
Our focal point, from the information warfare perspective, must be upon the
extent to which interdependent nations will feel the economic aftershocks of
economic instability. Should the U.S. fall victim to information warfare
directed at our financial institutions, what effect would it have on the
economic stability of the European Community or Japan and the Pacific Rim
nations? If interdependence is to act as a deterrent to information warfare,
then levels of interdependence must be high enough as to ensure that the costs
of waging information warfare outweighs the benefits. According to Rosecrance
and Stein, the interdependence of the financial system is now formal because we
have vested interests in not letting the reserves of foreign currencies drop
below a certain threshold which would harm our own economy.(86)
With the realization that information warfare has devastating economic
effects, interdependence will act as a disincentive to state-sponsored
information warfare. Economic interdependence introduces new complex variables
into offensive information warfare strategies. Joseph Nye notes that there is
power to be derived from making oneself less interdependent with other
nations.(87) This is especially true where information warfare is concerned.
The effectiveness of offensive information warfare is increased as benefits
exceed costs. One benefit of less interdependence with the target nation is
that economic aftershocks will have less effects on the aggressor’s economy.
Decreasing economic interdependence might be seen as a precursor to waging
information warfare, but is not a readily realizable goal for most
technologically advanced nations. Reducing levels of economic interdependence
is costly for two reasons: the benefits of interdependence can no longer be
extracted and distributed among the citizenry, perhaps decreasing a nation’s
prosperity; and domestic political constraints can disrupt the nation’s internal
balance of power. The domestic sectors of society that benefit from
interdependence (multi-national corporations, financial institutions, and other
investors) will likely logroll interests to prevent the breaking of
interdependent links.(88)
A decreasing level of economic interdependence also contributes to the
intensity of security dilemmas and increases the likelihood of escalation.
Decreasing economic interdependence might be interpreted as a threatening
posture, especially if one nation is more susceptible to attack than the other,
as is the case with the United States and most of its trade partners.
Increasing economic interdependence, however, might be seen as increasing
relative security, especially for the nations most susceptible to attack. This
creates difficult policy decisions since traditional forms of negative foreign
policy, like economic sanctions, become less effective and perhaps even
threatening. If one nation is perceived as a threat, then the most effective
way of deterring that nation from attacking is to make the costs of information
warfare exceed the benefits. This can be done by threatening to use
conventional military force or increasing levels of economic interdependence.
It must also be noted, that interdependence does nothing to prevent states
from waging information warfare against specific corporations of economic
sectors to increase comparative advantage in those areas. Since such actions
are being taken by allies of the United States such as Germany, France and
Japan(89), interdependence becomes an ineffective deterrent. Fear of escalation
will act as a more effective deterrent, or at least will place limits on the
extent to which limited information warfare can be waged.
Fear of Escalation
It has already been demonstrated that the military culture will probably use
information warfare methods as a strategic supplement to conventional methods in
any military conflict and that the escalation of information warfare is likely.
But does the reverse hold true? Will information warfare escalate to
conventional military conflict? In order for the fear of escalation to act as a
deterrent, information warfare must be allowed to escalate into military
conflict. A country will not wage information warfare, especially against a
country with strong military capabilities, if they fear that the situation might
escalate into military conflict.
Under these circumstances, information warfare becomes highly politicized
and the domestic bases of power can be compromised. It is important that
political leaders declare ahead of time, the value of information systems and
assure the international community that conventional military tactics, even
though they involve the loss of human life, will be used to counter information
warfare attacks.
Given the fact that information warfare causes minimal loss of human life,
response will be difficult for nations without strong information warfare
capabilities. The urge to respond using Industrial Age warfare techniques will
be great, but justifying such responses will be difficult unless the value of
these information systems is declared before they are attacked. A press release
saying "any attack on the information infrastructure of this nation will be
viewed as an act of war and any state sponsored information warfare may be
responded to with military strikes," may seem a little drastic, but
information warfare can not be taken lightly. This type of warfare erodes a
nation’s strength, destabilizes its economy, and threatens its autonomy. Such
responses might be necessary and will certainly be advocated by many policy
makers should the circumstances arise. In order for the fear of escalation to
work as a deterrent to information warfare, this position must not only be
advocated, but adhered.
Lack of Technical Expertise
Lack of technical expertise is perhaps the weakest deterrent to information
warfare. It is not really a deterrent, but what Bruce Sterling has referred to
as a "protective membrane" of computer literacy.(90) It is foolish to
think that this protective membrane prevents any nation state from developing
information warfare capabilities. If they don’t have the experts in-house, they
can import them from another country, whether it be a scientist from Russia or
hackers from the United States. While interviewing a very prominent U.S.
hacker, I discovered that his most lucrative employment offers came from nations
developing strong offensive information warfare capabilities.(91) This export
of U.S. security experts might be viewed as a security threat in itself.
Information Warfare as Terrorism
Given the offensive nature of information warfare and acknowledging that in
most circumstances the deterrents of waging non-anonymous information warfare
among technologically advanced nations outweighs the advantages, information
warfare becomes a very attractive terrorist tool. When waged anonymously or by
non-state entities, all of the advantages of information warfare are present but
the deterrents are not. Economic interdependence means nothing to terrorist
groups, therefore, the most powerful deterrent becomes neutralized. Fear of
escalation also does little to deter information terrorism since most acts will
be committed anonymously or by groups who do not fear military retaliation.
Lack of technical expertise still acts as a deterrent to some extent. However,
offensive information warfare weapons are easily built using open source
material. Lack of resources does little to prevent information terrorism, but
lack of patience may help minimize and isolate the damage to levels which do not
threaten the autonomy of a nation. Quite possibly, the greatest deterrent to
information warfare being used by terrorists, may be the United States’ lack of
policy regarding these areas. Terrorists may feel that an information warfare
attack will not generate enough controversy and may conclude that bloody bombs
are more effective than EMP/T ones for their purposes. This deterrent, however,
will evaporate as the United States recognizes the importance of its information
systems, and as terrorists realize how much economic damage they can inflict.
Where terrorism is concerned, Legro’s three constraints might have adverse
influences, perhaps causing terrorists or rogue states to pursue information
warfare rather than restrain from it. Within terrorist organizations or rogue
states there is no popular opinion to vilify the use of certain weapons or means
of warfare. Moreover, the popular opinion of those represented by terrorists
may vindicate the use of weapons that maximize damage or inflict the greatest
pain on the target. Leaders of these groups or states may use these weapons to
gain domestic support, and may have little apprehension about loosing
international political support since such support is usually negligible in the
first place. In addition, terrorists or rogue states seek retaliation, rather
than fear it, because retaliation focuses attention on their organization and
their cause.
For these reasons, terrorists are likely to utilize non-anonymous
information warfare because the benefits far exceed the costs. As knowledge
disseminates, the number and locality of the threats will increase as well. Mr.
Schwartau often speaks of cyber-civil disobedience. This disobedience may take
the form of information terrorism. After the California couple who ran the
Amateur Action BBS in California were sentenced to jail in Memphis Tennessee for
violating Tennessee pornography standards(92), messages circulated on the
Internet requesting volunteers to help take down the Memphis phone and power
grids to protest the use of local community standards for information transfers
that take place on phone lines. Whoever posted these messages was soliciting
help to conduct information terrorism. Anarchists have talked about creating
information anarchy should the commercialization of the net continue. Again,
this would be information terrorism in a very limited sense.
This numerous and diverse array of potential threats, substantiates the
proposition that information warfare is best averted by concentrating resources
on defensive initiatives. Information terrorism can be decreased by making the
costs exceed the benefits. This can only be done by reducing the potential for
damage to our information infrastructure should the United States be attacked.
The Realist/Liberal Approach to Information Warfare
Ultimately, information warfare must be addressed in a political context.
How does information warfare fit into traditional conceptions of national
security? How will states approach the problem and what kind of political
conflicts and tensions will develop along the way? This thesis argues that
information warfare fits into traditional national security debates. Several
correlations can be drawn between information warfare and other technologies
that have influenced conceptions of national security in the past. By examining
the influence of these technologies on war strategy and political relationships
within the international system, one might better understand how information
warfare will have similar influences.
The Realist Approach to Information Warfare
Realists perceive security as a relative concept. The realists are
primarily interested in maintaining a relative balance of power or relative
level of security. With nuclear weapons during the Cold War, it was easy to
gauge relative security. If the Soviets had two bombs and we had four, and the
Soviets increased their arsenal to four, then we increased ours to eight. A
relative security balance was maintained.
The problem with the realist perspective is that it is does not usually
include economic prosperity as a component of national security. This makes it
difficult to address the information warfare threat, because it is economic in
nature. However, given the possible impact of information warfare might have on
the United States’ ability to use conventional weapons and its devastating
effects on command and control systems necessary to thwart physical threats,
most realists would recognize information warfare as posing a genuine national
security threat.
Once the threat is acknowledged, the realists would focus on ways to
increase the United States relative security. Since the realists believe that
the international political system exists in a state of anarchy, in which
distrust is a natural component, there is very little use in cooperative
agreements designed to deter information warfare. The realist approach to
information warfare would consist of the following objectives:
1) Increase security of information systems at home. This
objective is easier stated than realized. There are, however, several ways in
which the security of United States’ information systems can be improved through
enhanced security procedures, increased focus on education, and greater vendor
accountability. These suggestions will be expanded upon in chapter four.
2) Constant evaluation of possible adversaries information systems for
weaknesses. The difficulty with the realist approach is that you need a way
to measure the security of rival nation states in order to determine your own
level of security. Since security is relative, the realists would create
weaknesses where possible, either through backdoors in software or chipping(93)
of hardware. Offensive information warfare capabilities should be enhanced and
readily available.
3) Formation of possible responses. Develop responses allowing for
the use of both counter information warfare and conventional military warfare.
The United States willingness to use conventional military forces in response to
information warfare should be readily acknowledged and publicized to deter
possible offensive actions against them.
4) Develop methods for assessing information damage. We are not
currently capable of assessing information damage inflicted or information
damage incurred. In order to measure relative security you must have some way
to create scenarios measuring both offensive and defensive capabilities.
5) Decrease levels of interdependence. Since interdependence
decreases relative security, interdependence should be reduced. Interdependence
poses a security threat to realists in two ways. First, it reduces the
effectiveness of offensive information warfare waged by the United States
against other nations, since the economic aftershocks of such an offensive
attack would damage the American economy as well. Second, interdependence
leaves the United States susceptible to third party information warfare waged
either against or between nations that are its trading partners. It possible
for nations to damage the United States’ economy by attacking its economic
allies.
6) Create autonomous networks. Make networks more autonomous in
order to minimize the domino effect of accidental or intentional failure. This
would be carried out first at the military level and then at the commercial
level for those networks that help support C4I (command, control,
communications, computers and intelligence). However, this may be another area,
where the costs of unplugging systems from the global network exceed the
benefits of security through autonomy. This will be discussed at greater length
in Chapter Four.
Problems with the Realist Approach
Since the United States is arguably the most vulnerable to information
warfare, increasing relative security becomes incredibly difficult. Apart from
an all-out conventional war, offensive information warfare is not an alluring
way for the United States’ to pursue its interests. The costs of reducing
interdependence alone greatly exceed any benefits that could be extracted.
These high costs, such as loss of economic prosperity and domestic political
support, make decreasing economic interdependence in today’s highly linked
global economy a non-achievable goal.
Also, under the realist approach, state-sponsored industrial espionage
becomes a necessity if weaknesses are to be implanted in the information systems
of other nations. Given the United States reservations in using state
intelligence agencies for this purpose, the realists would be hard pressed to
create the necessary weakness required by their doctrine. The United States
lacks the linkage between governmental and private sector goals that are an
inherent component of other nations, like Japan and France, that would enable it
to conduct the level of espionage required to reduce relative balances of
security among possible adversaries. The United States also faces the
possibility of losing global political prestige should such operations be
discovered.
Realism’s greatest contribution to the debate is its suggestion that
internal security be increased. Given offensive capabilities should hostilities
occur, as long as the United States increases its level of internal security at
a rate that is equal to, or greater than its neighbors, it will be able to
maintain a relative balance of power. By decreasing vulnerabilities the United
States is decreasing the threat, regardless of where it originates.
The Liberal Approach to Information Warfare
The liberal perspective is better equipped to recognize the threat to
national security imposed by information warfare based on information warfare’s
potential to decrease the United States ability to remain prosperous. For the
liberals, the international political system is not as anarchic as it is for the
realists and it is possible to achieve order through cooperative policy. The
liberal approach to reducing the threat of information warfare is based more on
cooperative measures than offensive or defensive abilities. The liberal would
pursue the following initiatives:
1) Increase levels of interdependence. Recognizing interdependence
as the greatest deterrent to offensive information warfare the liberals would
seek to increase U.S. interdependence with other nations. Not only does this
promote prosperity, but it reduces the attraction of using offensive information
warfare against the United States.
2) Create global institutions and international agreements. Though
some liberals argue that international agreements and institutions should not be
necessary if states act in their best interest, the reality is that we rely on
regimes for many aspects of cooperative international relations.(94) Global
institutions and agreements ensure a somewhat stable environment in which states
can pursue their self interests and exchange information with reduced
transaction costs. Regardless, treaties designed to prevent the waging of
information warfare might be difficult to establish as traditional U.S. allies
openly admit to waging Class II(95) information warfare. However, precautions
to prevent Class III(96) information warfare might be negotiated and would prove
beneficial, especially to the United States, since we are the nation most
susceptible to attack.
Technologically advanced nations are likely to join in these cooperative
measures in order to avert the worst case scenario. In the worst case scenario,
offensive information warfare is waged and the international economy collapses,
possibly, but not necessarily, leading to conventional military conflict. In
this case, regimes are created out of a common aversion to a particular outcome.
The benefits of cheating are outweighed by the possible costs of the worst case
scenario; therefore the regime will survive.
Problems with the Liberal Approach.
Increasing levels of interdependence, or facilitating one-way dependence,
with nations that pose information warfare threats seems akin to succumbing to
bribery. Could developing nations use the threat of offensive information
warfare as a method of integrating their economies with the global economy? In
a true free-market global economy, increasing interdependence is inevitable.
However, the instability within many developing nations, might motivate
developed nations to keep the number of unstable links to their economy to a
minimum. Increasing interdependence as a deterrent to information warfare only
works if the developed nations are willing to extend feelers to the entire
developing world.
Increasing interdependence only decreases the threat from other nation
states. It does nothing to decrease the threat from terrorists organizations.
Since terrorists have already been cited as those most likely to engage in
information warfare, increasing interdependence might be viewed as very
ineffective policy as far as information security is concerned.
The problem with creating international regimes is that cheating is
difficult to define. What qualifies as an offensive information warfare tactic?
Is state sponsored industrial espionage a violation or exception to the
guidelines of the regime? Since information warfare is defined differently by
different states, these are all difficult questions that would need to be
mediated. In addition to this, the liberal approach does very little to prepare
the United States for the possibility of other nations cheating. The security
problem is still greatest for the United States, since it is the most vulnerable
to attack and the costs of the worst case scenario are highest for it.
Stein uses the acceptance of a global language among air traffic controllers
and pilots as an example of common aversion.(97) By Stein’s example, a worst
case scenario would be two planes crashing into each other, causing equal losses
for both sides. To apply the same example for information warfare, the worst
case scenario would be that the two planes crash, but the United States’ plane
is carrying 400 people, while the other plane is only carrying 50. Both states
have suffered losses by not avoiding the worst case scenario, but the cost for
the United States is greater.
The Realist/Liberal Conflict
The greatest conflict between the realists and the liberals centers around
the formation of international regimes. Stein writes that "realists hold
that since sovereign nations act autonomously in their own self interest,
international institutions are inherently irrelevant to world politics."(98)
The liberals, on the other hand, accept regimes as methods to cooperatively
avoid a worst case scenario. Is there any middle ground to be found?
The answer is yes, if the formation of regimes are perceived more as acts of
self interest than cooperative agreements. By forming regimes, in this case,
the United States is pursuing its own self interest. Since the United States
has the most to lose in the worst case scenario, it also has the most to gain
from the aversion of the worst case scenario. The regime might be viewed as the
United States forcing its self interest on the rest of the international
community. Robert Keohane argues that "rational self-interested actors, in
a situation of interdependence, will value international regimes as a way of
increasing their ability to make mutually beneficial agreements with one
another."(99)
One can argue strongly that regimes designed to prevent state sponsored
information warfare, from the United States’ perspective, are actions of
self-interest in an anarchic international system and therefore are acceptable
under the auspices of both realism and liberalism.
Regimes also pose the problem of what cryptographer Eric Hughes calls "regulatory
arbitrage."(100) There will always some states that will not participate
in the regimes and this will offer a favorable legal climate for individual
information warfare efforts. If, as part of the regime, states agree to outlaw
systems intrusion originating in one country but directed at another, what do
you do with the states that do not participate in the agreement? A perfect
example of this is the Netherlands delay in establishing anti-hacking laws. A
lot of attacks on United States Department of Defense systems originated in the
Netherlands because hacking was legal under Dutch law. The Netherlands provided
a safe legal environment for those individuals wishing to hack. This left the
United States’ options limited to increasing internal security without being
able to eliminate the source of the threat. Is intervention justified at this
point?
In order for regimes to work, they must include standardized laws regarding
systems intrusion that transcend all national boundaries. This problem may be
exacerbated in June of 1995 when a team of U.S. hackers invades the computers of
France.(101) After extensively verifying that they have no legal liability if
they violate the hacking laws of France from within the United States, this
group has decided to test the waters. Hacker Erik Bloodaxe explains that "International
law is so muddled that the chances of getting extradited by a country like
France for breaking into systems in Paris from Albuquerque is slim at best.
Even more slim when factoring in that the information gained was given to the
CIA and American corporations."(102) This case will provide an excellent
test for how states can resolve international telecommunications violations and
work towards cooperative agreements to prevent such behavior. It may, in fact,
be the catalyst for the first formation of international regimes dedicated to
preventing low levels of information warfare. It may also provide the United
States with a useful bargaining chip to help deter government sponsored
industrial espionage in countries like France and Germany.
Where interdependence is concerned, neither the realist or liberal approach
offer a viable proposal to decrease the threat of information warfare.
Decreasing interdependence is not an attainable goal in today’s highly
interlinked global economy, because interdependence yields innumerable benefits.
Increasing levels of interdependence in order to deter information warfare
threats is ineffective policy, because it is too focused on specific states and
does not encompass the broad range of threats that exist.
Since, the realist suggestion to create information weaknesses in the
systems of possible adversaries would be a violation of any global agreements
that are likely to be developed, this objective would have to be abandoned or
pursued covertly in violation of the regime.
Increasing internal security through various methods would not threaten the
regime, since it is organized to prevent offensive information warfare. The
security of systems is likely to increase as technological advances in the area
of cryptography are utilized by individuals and organizations. However, in
order to prevent a security dilemma, the United States would have to terminate
export restrictions on encryption technology.(103)
The remaining realist suggestions dealing with autonomous networks,
strategic planning and developing measures for damage assessment are possible
under liberal regimes as well. Each of these initiatives fall into defensive
categories, however, the creation of autonomous networks is disadvantageous to
technologically advanced nations. Since distributed information networks
contribute to the economic prosperity of Third Wave nations, any movement
towards autonomy may have negative effects.
Realism and liberalism offer balanced approaches to dealing with the
national security implications presented by information warfare. Taken alone,
neither of them offers a satisfactory blueprint for dealing with the threat.
Combined, they might offer an adequate strategy for realizing national security
in the Information Age. This will be discussed at length in the policy
prescriptions offered in Chapter Four.
The Strategic and Security Impacts of Technology: A Historical
Perspective
It is useful to examine how past technological developments have changed
military strategy and conceptions of security in the past. By studying the
effects of other technologies, we might increase our capacity to understand the
impact information warfare will have on strategy and security concerns in the
future. Although a nuclear analogy is inevitable due to the offensive nature of
information warfare, there are several other comparisons which demonstrate how
information warfare can change the distribution of power on the battlefield.
Decentralizing the Military: The Conoidal Bullet
Manuel De Landa argues that changes in information technology will cause a
shift towards decentralization in the military very similar to the changes
introduced by the conoidal bullet in the nineteenth century battlefield.
Just as the critical point in speed can mark the beginning of
turbulence, so a critically new technology may set the art of war into flux for
decades. Today’s computerized networks, for instance, are imposing on the
military the need to decentralize control schemes, just as the conoidal bullet
forced it in the nineteenth century to decentralize its tactical schemes. When
breech-loading rifles and their spinning bullets made their appearance on the
battlefield, they allowed infantry to outrange artillery, disrupting the balance
of power that was several centuries old, and forced commanders to develop new
tactical doctrines. Before the advent of the conoidal bullet, infantry were
allowed no initiative on the battlefield, individual marksmanship was
discouraged in favor of synchronized volleys of collective fire. With the
rifle, individual initiative returned to the battlefield and with these, and
increased role for snipers and skirmishers in the new tactics. Similarly,
modern command networks, after using a central computer to regulate the traffic
of messages, have been forced to grant "local responsibility" to the
messages: in the ARPANET, the messages find their own destination.(104)
In the Information Age, not only is the autonomy of soldiers increased as
command is decentralized, but the weapons have become self-capable as well.
Using vast information systems, we have created weapons that seek out their own
destination. Where the infantry men of nineteenth century were capable of
outdistancing artillery with the advent of the conoidal bullet, smart weapons
allow the United States’ military to outdistance entire countries. The soldier
trained to program coordinates and digital mapping software into Tomahawk
missiles now becomes as effective as a jetfighter pilot, without placing
American lives at risk. This is, no doubt, a comforting notion for those policy
makers initiating hostilities.
However, properly administered information warfare can decrease or nullify
the effectiveness of smart weapons technology. Digital mapping data can be
altered to cause random errors or synchronization satellites can be jammed to
reduce accuracy. Therefore, minimal investment in open source technology
utilized with information warfare tactics can render the United States’
technologically advanced weapons systems practically useless. Information
technology changes the hierarchical characteristics of military strategy by
enabling more autonomy on the battlefield and by further distancing the role of
man. Attacks upon information systems upset that balance, by rendering new
technologies ineffective and forcing technologically advanced nations to revert
to Industrial Age combat.
The duality of information warfare presents itself again. Not only is it a
new method for waging warfare, but it also effects the way conventional warfare
is waged among technologically advanced nations. The threat posed by
information warfare is multiplied when military leaders focus more upon
strategic threats than tactical ones. General James Clapper, Director of the
Defense Intelligence Agency, concedes: "I think in this context there
potentially is great danger here, not so much in the context of on the
battlefield as much as the thing that concerns me is the potential danger, the
potential vulnerabilities to our commercial systems, our banking. The very
dependence that this nation has on computers - I think there is clearly a
vulnerability in a strategic sense, not so much perhaps in a battlefield combat
situation."(105) In General Clapper’s statement, we can see how concerned
the military is with the impact information warfare could have on the United
States’ internal infrastructure.
Information Warfare: The Bushnell Turtle of the Information Age
Regarded as the first working submarine, David Bushnell’s "Turtle",
a propeller-driven submersible vessel with a single operator, introduced a new
dimension to naval warfare. Utilized during the American Revolution, the Turtle
carried torpedoes loaded with 150 pounds of gun powder that were covertly
attached underneath British ships and detonated with timed switches.(106) The
British ships were vulnerable because they operated in an environment where
threats were based on optical observations of the horizon. If there was a ship
visible in the horizon then there was a perception of threat, especially if that
ship adorned an enemy flag. Threats from below the ocean’s surface were both
inconceivable and unexpected.
In terms of resources required, it was much cheaper to build and man the
Turtle than it was to build and man British fighting ships. Similar to
information warfare, the Turtle yielded high benefits at relatively little cost,
thereby increasing its attraction despite its unconventional appearance and
design. The analogy can be taken one step further.
Think of the United States as a British ship and the Turtle as any nation
state or organized terrorist group practicing information warfare. The ocean is
the United States information infrastructure upon which we maintain our
buoyancy. The Turtle, itself, derives its usefulness from the mobility allowed
by the existence of the ocean. However, the Turtle is able to maneuver
alongside the ship with complete undetected anonymity and place a torpedo along
our hull. The torpedo detonates and the ship faces a crisis. Can the ship
survive? Perhaps, but only because its skilled crew has always demonstrated an
enhanced capacity for remedying problems. The damage will be costly and will
affect the operations of the ship, but with a little ingenuity, the crisis can
be overcome. Now, what if the Turtle had not plac