"We live in an age that is driven by information. Technological breakthroughs ... are changing the face of war and how we prepare for war." -- William Perry, Secretary of Defense1

Another fundamental aspect of determining whether or not there are any distinctions between the conventional terrorist and the terrorist who uses IW as a tool or tactic against the United States can be examined through differences in target selections. First, it is important to understand the definition and use of the target for both the conventional terrorist and the information warrior. Second, I will explore the history and patterns of attack against the United States. Finally, I will delve into target selection and identify things, places, or people that might be at risk. Through these topics I will discern if a distinction exists between of a conventional terrorist targets and IW targets to determine if the use of IW targets changes the nature of conventional terrorism.

Conventional Terrorism

Who or what are the targets to the conventional terrorist? While the first thing that often comes to mind when people hear the word "target" is a human being, that is not what the conventional terrorist would think. A distinction must be made between the intent or goals of terrorists and the immediate result of their actions. If a terrorist detonates a bomb in the subway the immediate result of their actions will probably be injury and death to innocent people. The people, however, are not the targets. According to Marshall McLuhan,2 people are merely the medium by which terrorists communicates their message to society (Neill 1993, 50). To make this message as effective as possible, the conventional terrorist tries to choose victims with the "maximum propaganda value" (Bolz 1990, 4). A prime example of this was the attack on Israeli athletes during the 1972 Olympic Games in Munich. The message is then "directed to a wider audience or target than the immediate victim of the violence" (Wilkinson 1990, 1). To enhance the message, the victims are randomly chosen, often symbolic, and the attack is dramatic in nature. The intent is for the "attack to be an economical method, in the sense of producing psychological and political effects far out of proportion to the magnitude of physical destruction [or violent means] (Crenshaw 1989, 7). For instance, if a fundamentalist terrorist organization wanted to make a political statement about capitalism, they might place a deadly bomb in a rural shopping center. Their victims would not be the targets of the attack, but only pawns of the terrorists trying to target the United States. To understand this, Dr. Brian Jenkin's theater analogy is again appropriate. As the attack occurs, and people become victims, the targeted audience reacts to the terrorist's theater of terror and the terrorist's message is revealed (Freedman and Alexander 1983, 20; Bolz 1990, 131).

The relationships between terrorist (s), the victim (s) and the target (s) can also be either direct or indirect. [See Figure 3.1]. If direct, the product of a terrorist action is not the physical attack on the victim, but a psychological communicative attack on the target which results in fear or terror of the terrorists (Hanle 1989, 114-116). If the attack against the highly visible victim (s) or physical target (s) is dramatic, the goal of attracting broader public sympathy should occur. The terrorist attack can also be indirect. If terrorists attack humans to achieve a victim of terror, the attack then enables the terrorists to reach a target of influence (Hanle 1989, 114-116). The attack in the shopping center, for instance, would make local residents fearful and they would be the victims of terror, but the attack would also enable terrorists to reach a target of influence of national policy leaders who could react to the incident in response to intense media coverage and public pressure.

Nevertheless, historically the United States has been and will continue to be a target in the future, both as a victim and as an audience of influence to a conventional terrorist's goals. Since 1983, more than 25 percent of all international terrorist incidents have been attacks against U.S. targets with ten percent of those attacks have been directed toward or against the Department of Defense personnel and facilities (Derrer 1992, 5). Of these, according to the U.S. Army ITAC statistics 25 percent of all terrorist attacks against the U.S. have occurred in Europe and other NATO countries where there are Western politics, policies, business enterprises, or a military presence (Derrer 1992, 99). The victims, in these cases, were not the targets. The real audience and target of attack was the United States. For instance, the Islamic attack on U.S. Marine Landing barracks in Beirut, Lebanon in 1983, with one of the largest non-nuclear devices at the time, is often viewed as a direct political message from the Ayatollah Khomeini and Islamic Jihad to the President and Congress (Seger 1990, 89).

Unfortunately, as potential symbolic victim-targets have increased security defenses, the target trend has been toward softer targets with little or no security (Derrer 1992, 5; Long 1990, 123-125). Since U.S. citizens frequently travel around the world, conventional terrorists tend to take advantage of their accessibility and they often become victims of attack. In addition, the "microelectronics revolution" has not gone unnoticed by conventional terrorists in third world countries (Clutterbuck 1994, 21).3 Information networks are extremely soft targets, vulnerable and ripe for attack . The M19 terrorist group, for example, attacked bank accounts and stole $12 million dollars by electronic wire in the early 1980's (Clutterbuck 1994, 23-24). Thus, some terrorists do seem to be evolving with the times and adopting the mind-set of the information terrorist.

In addition to symbolic victim-targets, or the trend from hard to soft victim targets, because terrorism is strictly offensive in nature when it comes to terrorist acts, terrorists also attack inanimate objects or the infrastructure.4 The common characteristics terrorist groups look for to attack victim-target include the criticality or importance of the object or person, the accessibility of the object or person, the difficulty of an object to be repaired after an attack, the ease at which the object or victim can be attacked, and the possible effects or risks to the group (Seger 1990, 87-89). For instance, if the goal of a terrorist attack is to send the message that capitalism is horrendous, terrorists may chose critical Wall Street brokers or Alan Greenspan as their means to deliver their message. The conventional terrorist will almost always select people as victims first, but objects within the infrastructure are a close second (Clutterbuck 1994, 143). Thus, if something or someone is accessible and vulnerable, such as buildings, inventory, other physical and financial assets, intangibles such as good will, name recognition and publicity value all become valuable victim-targets for the conventional terrorist to attack. The list of potential victim-targets of attack also includes virtually anything associated with the National Information Infrastructure (NII), such as power nodules or telephone switching stations. Essentially, anything or anybody that could be bombed, damaged, contaminated, kidnapped or abused with any one of the previous tactics mentioned in chapter two is a viable option (Bolz 1990, 74-87).

Hence, the key to understanding terrorist victim selection and the target audience depends entirely on the goal or cause which the terrorists feel they have to promote. In some cases a group might thankfully avoid the loss of life (Long 1990, 124). The end result of this analysis should be to understand that the victim or object selected to be attacked is often not random in any sense other than being in the wrong place at the wrong time. Instead, the victims are not targets from the point of view of conventional terrorists, but serve as a means to convey a message to a target audience. Thus, terrorism is not "mindless violence" but the "rational selection of [violent or] lethal force to effect a specific end -- the submission of the target entity to the terrorists' will" (Hanle 1989, 117-118).

Information Warfare

"In 1968, Marshall McLuhan said that emerging information networks are 'direct extensions' of our own nervous systems. Losing an ATM machine, according to that reasoning, is the equivalent of a leg or an arm" (Schwartau 1996, 107). Unlike conventional terrorism, the definition of what is a target, is not as complex for IW. Instead, IW directly targets (or attacks) either information or an object which contains information. While there may be secondary or residual effects from this direct information attack, such as a human fatality, the focus of IW is on the primary target of information or information systems. Nevertheless, trying to narrowly define what the target can specifically be within the United States from an IW standpoint remains a difficult task. For this reason, similar to conventional terrorism I will examine how IW targets vary from conventional targets, give a brief historical view of things or people that have been targeted by IW, and finally examine possible IW targets.

A way to understand IW targeting is to separate potential targets into primary and secondary targets with residual effects. The primary targets with the use of a HERF gun or van Eck monitoring, for example, are the electrical systems that the weapon is aimed at, with prompt effects being damaged or reprogrammed circuitry, information and memory. The secondary targets are those who the may rely on the primary targets. If the HERF attack is aimed toward the transportation infrastructure, specifically an airline, the secondary targets become those who rely on the infrastructure, such as airplane passengers and crew members. Depending on the motivation of the attack, death (s) may be either the intended or unintended residual effect of the attack.

Associated with IW target selection is the question of whether the attack will be a soft rather than a hard attack. In a soft IW attack, unlike a conventional soft attack, the victim-target is not human or an object but information. As a part of IW, PSYOPS indirectly targets humans and the decisions that they make by manipulating the information they receive. This is a different way of thinking about targets than under conventional terrorism. For instance, why would information terrorists kill a hostage if they could instead digitally manipulate images on CNN to give the appearance of gruesome torture? With an understanding of the value of all information, including disinformation, an actor could indirectly attack people in ways that might be impossible physically by attacking information and information systems. This is a soft IW attack. On the other hand, a hard IW attack would be if using digital means, such as an EMP/T device, would damage or destroy information or information systems.

It is unknown exactly how often IW has been used offensively5 to attack any range of primary and secondary targets since no single database records the number of IW attacks. However, it is known that an estimated 250,000 successful penetration attacks annually on DoD computers according to the GAO and DISA (Buyer 1997, 4). That number is significant. And if DoD information systems lack integrity, other critical information systems of the U.S. NII most likely do as well. Considering that IW can occur in sectors outside the military and government, coupled with the understanding that the reporting rate of system penetrations or attacks is low, approximately one of every 1000, the scale of actual information attacks is probably extremely high (Devost 1995, 35-37). Additionally, since over 90 percent of U.S. military communications occur through the public sphere, the seriousness of our national vulnerabilities should not be underestimated.6

Historically, it is also important to recognize that the significance of information in the battlefield is not new. Understanding the consequence of information in communications, in 1912 the British Teleconia ship hauled up five underwater German cables in W.W.I and cut them (Devost 1995, 14; Headrick 1991, 140). This was an early form of IW. Bushnell also recognized the importance of new concepts in technology when he created the "Bushnell turtle." The turtle was similar to a remote controlled submarine used to sneak up on ships during W.W.I. Since it's targets could not physically see or conceptually understand the importance of the device, loaded with explosives the unmanned Bushnell turtle could have sunk many otherwise ominous ships (Devost 1995, 71-73). Unfortunately, the idea was rejected by military leaders like Napoleon as an irrelevant invention of the times. The importance of the turtle today is analogous to IW. Just as the ideas behind the turtle have evolved into torpedoes and submarines, items that are essential to U.S. national security. Since the information super-highway leads to many valuable targets, it is easy to understand how IW could also evolve and become an integral part of every nation's security network. [See Figure 3.2].

While the offensive use of IW is not necessarily new, modern technology has opened up a seemingly never-ending list of potential IW targets. According to the USAF IW Division, there are four general categories of IW targets: leadership (key people, the power base and strategic communications), the Military Information Infrastructure (commanders, troops, intelligence collectors and C2 links and nodes), weapons systems (planes, ships, air defense and PGM's) and the civil infrastructure or NII (the populace, financial, industrial and communication links and nodes) (U.S. JCS 1997, 13). [See Figure 3.3]. While the first three targets are primarily military-based targets that can be used both offensively and defensively, information terrorists will focus their efforts on attacking the civil infrastructure, or the NII.

The NII is composed of those information infrastructures which have been deemed critical to the security of the United States (McLoughlin 1997/1998, 1-4). Infrastructure refers to more than a collective of individual companies engaged in similar activities, but a "network of independent, mostly privately-owned, man-made systems and processes that function collaboratively and synergistically to produce and distribute a continuous flow of essential goods and services" (PCCIP Report 1997, 3). The PCCIP Report indicates that these infrastructures include oil and gas production and storage, the water supply, transportation, emergency services, government services, banking and finance, electrical power, and telecommunications. Knowing how inter-connected the world has become, the Global Integrated Network (GII) is a synergistic network of these national information networks between traditional nation-states which allows information terrorists to gain unprecedented access to valuable targets within the U.S.7

In the past there have been numerous examples of how physical and natural disasters have disrupted critical infrastructures. Accidental programming errors are realistic examples of what one day could happen if under an IW attack. If the Public Telecommunications Network (PTN) were to suffer a single strategic failure, or a series of failures in a campaign, the results could be devastating.

In 1992, a failed AT & T switching station in New York put both Wall Street and the New York Stock Exchange out of business for an entire day, with an estimated loss of billions of dollars in trading value. The failure resulted in 4.5 million blocked domestic long-distance calls, nearly 500,000 interrupted international calls, and the loss of 80 percent of the Federal Aviation Agency's circuits (Bowman 1994, 155).

Recalling that 95 percent of the DoD's communications travel on these public information highways, this was an example of how a single unprotected station that controlled critical information suffered failure and also an example of the possible devastating results of an IW attack. In addition, many synergistic systems have only been designed to handle a few failures at once.

The United States power system is divided into four electrical grids ... all interconnected in Nebraska. A unique aspect of the electrical grids, as with communication grids, is that most built-in computerized security is designed to anticipate no more than two disruptions concurrently. In another words, if a primary line went down, the grid would ideally shut off power to a specific section while it rerouted electricity around that problem area. If it runs into two such problems, however, the grid is designed to shut down altogether. (Bowman 1994, 125).

Such incidents if caused by an information terrorist could wreck havoc into the lives of U.S. citizens for weeks and months, leaving many economic, social and political scars. Some predict that multiple attacks across the United States would be analogous to an electronic Pearl Harbor.8 These, however, are only two of many possible examples of where our dependency the NII can become a debilitating threat to our national security if targeted by information terrorists.

According to Henry Kluepful, the Vice-President of SAIC, to protect our National Information Infrastructure (NII) a good defense against IW is an aggressive one (Schwartau 1996, 201-212).9 Recent IW attacks in London's financial district have demonstrated the vulnerability of once secure targets without any aggressive defense (Cane 1997). Several banks were threatened that if they did not comply with the cracker's demands for money, then the banks would be electronically shut down. After considering the options and having been extremely ill-prepared, an estimated $400 million dollars were lost when the cracker succeeded with their digital blackmail attack. Had the perpetrators then purchased conventional weapons, like bombs or missiles, and used them to advance a political goal, then they would have used IW as a means to propagate conventional terrorism. Had they used the same money to create several EMP/T bombs and delivery devices, and used them to advance their political goals then they would be information terrorists.

Despite the list of possible targets to be attacked, offensive IW only works in one way: against First World information-dependent nations. Over the past few decades technology has divided the world almost entirely between the First World and Third World. For instance, if the United States wanted to set up an IW brigade, the only offensive targets the U.S. could choose from would include fellow First World technologically advanced and information-dependent nations. If, however, a Third World actor wanted to attack the United States, they would not need be so dependent on technology as we are. Instead, they would only need to understand how to use a computer, modem and phone line to attack the U.S. Thus the limitations of attack in a conventional sense essentially become irrelevant to the information warrior fixated on attack. As conventional victim-targets tighten their security, attacks against the United States and the NII naturally will enter the cyberworld. [See Figure 3.4]. In the cyberworld, geographical or physical territoriality limitations dissipate (Molander, Riddile and Wilson 1996, xiv-xv). Logging onto the world-wide-web gives instant but limited access to any number of targets a conventional bomb could never reach. Unfortunately, as the number of successful attacks on the DoD indicates, with a bit of expertise, even digital boundaries such as firewalls or encryption codes become virtually irrelevant to the information warrior when compared with otherwise impenetrable physical boundaries (Molander, Riddile and Wilson 1996, xiv; Schwartau 1996, 199-200).10

Conclusion

"Are you telling me that we spend almost $4 trillion dollars ... on defense, and we are not prepared to defend our computers!" (Schwartau 1991, 1)

Conventional terrorism does share some similarities to targets and target selection of IW, but there are also important differences. First, IW and conventional terrorism view targets differently. Though conventional terrorism defines the victims killed as the means to create terror and reach a target audience of influence, pure IW defines targets as the information or information systems that are attacked. Should human fatalities occur with an IW attack, they are considered as residual unintended effects, whereas with conventional terrorism they would be intended. This is an important distinction between the means and the ends to understand information terrorism. By using IW to attack information or information systems, information terrorists enable themselves to indirectly still attack humans, but with greater efficiency than provided by trying to directly attack people with conventional tactics. Thus, information terrorists are still able to send a message of terror to a target audience of influence. Since pure IW is not about causing fatalities, and conventional terrorism has been restricted in causing fatalities within the U.S., this kind of attack on information or information systems to indirectly attack humans with more forcible results is what makes information terrorism a greater threat than either pure IW or conventional terrorism.

Of course what makes conventional terrorists able to attack IW targets is due to a few of the similarities between conventional and IW targets. One such similarity is that with both conventional terrorism and IW an attacker will move from harder to softer targets. As it became harder to attack Americans inside of the U.S., conventional terrorists began to attack Americans in Europe; as it becomes harder to break through one firewall, a hacker will move to a part of an information system without a firewall. Additionally, with the increased synergy between national information infrastructures, the U.S. has actually enabled information terrorists to attack U.S. information or information systems more often due to an increase in the number of softer targets available. Since America has historically been the target of attack, from both IW attacks and conventional terrorist attacks, the implications of possible information terrorist attacks will have severe consequences for citizens within the U.S. and those who rely on the NII.

What make the consequences greater for U.S. citizens than conventional terrorism is due to another difference between IW and conventional terrorist targets. Previously conventional terrorists could use any number of tools or tactics to create terror almost anywhere in the world, but conventional attacks within U.S. boundaries were generally limited. With IW, however, the U.S. has opened doors of attack to the homeland because IW can only be used offensively against information-dependent nations. Since modern technology empowers the information terrorist with the ability to bypass conventional geographic and physical limitations, IW essentially licenses information attacks on more critical targets within the U.S. Because of increased accessibility to IW targets than is possible with conventional terrorism, the greatest consequence citizens should expect from the information terrorist include more disruptive direct attacks on the NII to indirectly cause deadly attacks on those who rely on the NII. It is important to also remember that information terrorists will still believe that achieving violent outcomes, such as death, can best promote the cause. This is another reason why information terrorism is more dangerous than conventional terrorism or IW. Other reasons to support this conclusion are explained in chapter five. Considering that there are vulnerabilities and weaknesses in the NII, inasmuch as the U.S. relies on the information systems of the NII, even a single systematic attack could prove debilitating and deadly. Thus, when conventional terrorists use IW to target information or information systems, while there are some similarities, enough differences remain to force a very large shift in the nature of conventional terrorism to mandate that information terrorism, as a subset of IW, is the most potent form of IW and terrorism.

CHAPTER II

Return To Index

CHAPTER IV