End Notes

(Please note these are not in final format. 4-27-98)

Chapter 1

1. The bulk of my research in IW was sparked because of an initial paper published, entitled "New Technology: New Security and New Threats" in The New World Order. Ed. G.R. Boynton, University of Iowa: 1996, 97-103.

2. See Chapter II for details on the Year 2000 Problem.

3. See the report of the President's Commission on Critical Infrastructure Protection' (PCCIP), Critical Foundations. Washington: PCCIP, 1997 and Glenn J. McLoughlin's "The National Information Infrastructure." The Library of Congress: Congressional Research Service Issue Brief, IB 95051. 6 June 1997.

4. See Stein, George J. (Professor, Air War College). "Information Warfare." Air Power Journal. V. 9, No. 1, 1995.

5. "Sun Tzu thinking" is meant to capture the broad understand that Sun Tzu had with regard to the importance of information and knowledge. See Sawyer, Ralph D. The Seven Military Classics of Ancient China. Oxford: Westview Press, 1993.

6. To accommodate this dilemma, Libicki divides IW into more manageable sub-categories. These include command and control warfare (C2W), intelligence based warfare (IBW), electronic warfare, psychological operations, hacker warfare, economic and cyberwarfare. These sub-categories were also refined by the USAF and Schwartau. [See Figure 1.1]. In other words, several authors within the field believe that the only way to define IW is by defining and using certain categories of IW. Because the point of this section is only to show the similarities between various working definitions from other authors and the definition selected from the IASIW, these categories are not immediately relevant, although useful to understand the field. See Libicki, Martin C. "What is Information Warfare?" National Defense University: Institute for National Strategic Studies, Paper 3, No. 28 (May 1995).

7. Information security, or InfoSec., is different from IW in that IW includes both offensive and defensive measures to counterbalance security and InfoSec is purely defensive. See also Schwartau, Winn. "Information Warfare is not InfoSec Repackaged."

8. From the USAF and the National Defense University, there are two slight variations within their definitions. The USAF narrowly defines IW as an act of nations and not by individuals. See USAF. Cornerstones of IW. 1995.

9. The National Defense University believes that information and information systems are the only possible weapons that can be used in an IW. This contrasts with the USAF who also incorporate traditional attack methods as IW if the targets are information or information system related.

10. The point of describing these three classes is to give the reader a frame of reference within IW. In addition to Schwartau's typologies of IW, the USAF also provides their own typologies to classify IW. Thus, within each class these would include Psychological Operations (PSYOPS), Military Deception, Security Measures, Physical Destruction, Information Attacks, and Electronic Warfare (EW). To compare and contrast the techniques and tactics of the terrorist and informational terrorist several tactics will be discussed in Chapter II that would otherwise fall within one of these categories. See also USAF. Cornerstones of IW. 1995.

11. See also Lewis, B. The Assassins: a Radical Sect in Islam. London: Al Saqi, 1985.

12. International distributive justice is the application of Rawl's theory of distributive justice to on the global level. Distributive justice, of course, has the ultimate goal of equality albeit with different methods than the violent tendencies of terrorists. See Pampapathy, Rao A. Distributive Justice: a Third World Response to Rawls and Nozick. San Francisco: International Scholars Publications, 1998.

Chapter 2

1. The separation of tools and targets based on physical or digital means and ends is important to the understanding of IW and conventional terrorism. The distinction helps to define pure IW as digital tools used against digital targets, and I take the analysis one step further arguing that physical tools used against physical victim-targets describes the nature of conventional terrorist actions. The other combinations possible, when digital is used against physical or vice versa, will demonstrate a transitory period between conventional terrorism and information terrorism. See Devost, Matthew. "Information Terrorism: Can You Trust Your Toaster?" National Defense University, 1997.

2. Some simply classify the "means to a means" as a single "means," but the distinction between a means to a means, the means to an end, and the end is greater than just semantics. As the example demonstrates, since the incident is viewed in a succession of events, the first attack is not just a crime (which must be the conclusion if you use a single means instead of two), but part of information terrorism.

3. There are numerous sources to explore the world of hackers and crackers more. See Freedman and Mann. "Cracker." U.S. News and World Report, 2 June 1997; Mungo and Clough. Approaching Zero. 1992; Discovery Channel. How to Track a Hacker. 1997.

4. It has been called different things, the computer bug, the Year 2000 problem, or the Millennium bug, but this serious problem is simply the loss of two digits. In original programming code the year "1900" was simplified to "00" to save once precious space, but it has now become a programming norm. As a result, computers will mistakenly believe that "99" means 1999 and every piece of electronics that relies on dates may cease to function properly when they roll back to 19"00." See Levy and Hafner 1997; Wiener 1997; Cane 1997.

5. This is a program designed by the NSA that even today remains classified. There are, however, a few open sources to find more details on TEMPEST. See the Institute for the Advanced Study of Information Warfare (IASIW) homepage at: www.psycom.net/iwar.1.html or Schwartau 1996, 223.

6. Denial of service is a phrase that broadly describes it when your information or information system, including computers, networks and date are unavailable to the owners. Denial of service can be temporary or permanent. When the phone company, for instance, cuts into a power line, they inadvertently created a denial of service. See Schwartau 1996, 265-268.

7. This will be discussed in greater detail in Chapter 5 on the Psychological Justifications behind the actions of information terrorists. See also Schwartau 1996, 95-111.

8. On July 17, 1996 TWA Flight 800 en route to Charles de Gaulle Airport in Paris, from the Kennedy Airport in New York, exploded in a fireball, killing 230 crew and passengers. Despite a lengthy investigation, and countless rumors about possible bombs or missiles that would have caused the plane to crash, the end CIA report discredited them. No explanation for the crash has been uncovered. See David, Marcella. Supplement to Intro. to International Public Law. 1997.

9. Weapons such as HERF guns or EMP/T devices may seem like science fiction to those unfamiliar with the latest in weapons research, however, both are known to exist within the U.S. arsenal; according to a 1994 DISA report, no fewer than 30 other countries are working on IW techniques (Munro 1995). In addition, the U.S. military has prototypes for laser guns, acoustic and vortex weapons, and has conducted Top-Secret research into microwave weapons. See also Pasternak, Douglas. "Wonder Weapons." U.S. News and World Report, 7 July 1997, 38-46.

10. See Chapter VI: Strategies and Solutions to Combat Information Terrorism.

11. An attack that has information-based value is different from an information warfare attack. Whereas IW is an attack on the information or information system, an attack that has information-based value would have been directed toward a non-information target, such as a building itself or an average citizen that resulted in a disruption or denial of service of information or information services. There are a variety of on-line resources that explain this difference including the IASIW, the I-War Research Group, the Strategic Assessment Center, or the Journal of Electronic Defense.

12. While conventional terrorism sets out to use violence on a scale that is disproportional to achieve their goals, megaterrorism expands the level of attack to extraordinary levels by killing thousands, for instance, taking out a few city blocks instead of a smaller busload of people. See Seger 1990, 17, 50-51 for an expanded definition of megaterrorism.

13. Tactics used in this period fall within the Tofflers' first wave of warfare, including crossbows and swords. Modern weapons would include industrial tools like bombs or guns.

14. Remember that earlier a slight contrast was made between pure IW and partial IW. Pure IW would be when digital tools are used against a digital target. Partial IW would be if digital or physical tools target physical or digital targets.

15. There are over two million feet of workstation cable, 12,000 personal computers, 280 LANs, and more than 750 gigabytes of information backed up daily (five terabytes a month) that control Disney's popular theme park. See Kirsner, Scott. "Hack the Magic." Wired, March 1998.

16. For a greater explanation of the first, second and third waves of warfare, see War and Anti-War by Heidi and Alvin Toffler. Another way to understand the distinction is to say that what Sun Tzu was to the first wave, and Clausewitz was to the second wave, Schwartau and the Tofflers are to the third wave. As a former history professor, Newt Gingrich does a good job of putting the third wave by the Tofflers into layman's terms. See Gingrich, Newt. To Renew America. New York: Harper Collins Pub., 1995, 51-61. To then determine if the conventional terrorists become information terrorists, as I propose will happen for an intermediate period, a future battle between the two sides of conventional terrorism and information terrorism, similar to the North (second industrial wave) verses the South (first agrarian wave) during the Civil War, will prove that we have come full force into the third wave of warfare if the informational terrorists win.

17. Because IW is about information or information systems, it is reasonable to say that the digitized manifestation of information through programs composed of one and zero digits is the final base product that all IW tactics rely on.

Chapter 3

1. See Molander, Roger, Andrew Riddile and Peter Wilson. "Strategic Information Warfare." Santa Monica: RAND Corporation, 1996.

2. Marshall McLuhan's "the medium is the message" has been used for decades, but usually only literally. The manner that I am using this phrase best represents the true meaning of this popular communications phrase. See McLuhan's original work and Neill, S.D. Clarifying McLuhan. Westport: Greenwood Press, 1993. See also Arquilla, John and David Ronfeldt. "Information, Power, and Grand Strategy" in Schwartzstein, J.D. The Information Revolution and National Security. Washington: Center for Strategic and International Studies, 1996, 134-139.

3. See Clutterbuck, Richard. Terrorism in an Unstable World. New York: Routledge, 1994 for a greater traditional look at how terrorists have shifted attacks and targets within the industrial wave. Clutterbuck's work also shows that at least in terrorism, the industrial and information wave of warfare do not clash as the Tofflers argue, but instead blend together.

4. At times there may be some confusion between when discussing the "target" within this section. From this point further the means used by terrorists to achieve a certain end will be called a victim target even though this may also include bombing symbolic or physical structures, and the end target audience or audience of influence shall be called the audience.

5. Throughout this section IW is described as offensive in nature. This is technically the correct manner of discussing IW within this section. While the definition of IW contains both offensive and defensive aspects, defensive IW aims to protect one's own information and information systems from attack, therefore referring to items like the NII as potential targets must be described in an offensive manner, as opposed to a defensive stance.

6. See Douglas, J.D. and N.C. Livingston. America the Vulnerable. New York: Lexington Books, 1987; Bowman, Stephen. When the Eagle Screams. New York: Birch Lane Press, 1994.

7. In the State of Iowa, efforts have increased in the 1990's to connect the entire State together electronically. Using fiber-optic cables the State hopes to eliminate many problems associated with traditional bureaucracy, however, the planners might have possibly ignored the costs or risks associated with the benefits of inter-connectivity. See Power, Kevin. "Iowa will be the NII Test Bed." Government Computer News, March 1995, 1.

8. Similar to the lack of preventive action to stop the attack on Pearl Harbor in WWII, similar arguments have been made that another impending crisis, this time on the electronic front, have not been heard. As such, similar direct harms and secondary indirect harms will result. See Browning 1997; Munro 1995. To expand this analogy if a full blown IW attack would occur, the results of the attack might be the equivalent of an information winter (e.g. - a nuclear winter). Considering that the U.S. government has been playing IW Day After scenarios, the realistic threat and impact of a mass attack seems valid. See also Carlin 1997; Craddock 1997.

9. Kluepful does a good job examining the defensive IW security network in "Countering Nonlethal IW: Lessons Learned on the Foiling of the Information Super-Highwayman of the North American Public Switched Telephone Network" (PSN or PTN) in Schwartau 1996, 201-212. In this work he examines the weaknesses of hacker attacks between Masters of Deception (MOD) and Legion of Doom (LOD) [See also Slatalla, Michelle and Joshua Quittner. Masters of Deception. New York: Harper Perennial, 1996.] and the espionage operative hacker located in Germany.

10. See also Ranum, Marcus J. "Future Problems with Firewalls" in Schwartau, Winn. Information Warfare. New York: Thunder Mouth Press, 1996, 199-200.

Chapter 4

1. Within the political science field works be people such as Simon, March, Blau and Olson are also important to examine in order to understand organizations in a political context. However, there is strong evidence to suggest that "the discipline of political science [in studying organizations] has evolved to a point at which it has lost its institutional roots" and instead become dominated by rational actor theory while the true aspects of organizational theory have become increasingly abstracted. See Pfeffer, Jeffrey. New Directions for Organizational Theory. New York: Oxford University Press, 1997, 9-18. As such, I have used more recent and inclusive publications by authors respected specifically in the organizational theory research.

2. There are several reasons why certain reference groups, including terrorists, have the influence they do over their members. These reasons include a smaller group, intense interaction over a period of time, clear norms, saliency, cohesiveness, homogeneity, external threats to the group, individuals needing acceptance being less important than the group. See Madsen, Douglas. "The Everyday Politics of 'Us' Against 'Them.'" (A Working Paper). Iowa City: University of Iowa, 1991.

3 Maslow's hierarchy of needs states that in order for an individual to achieve the goal of self-actualization, the individual must obtain basic needs prior to obtaining the next level of needs. Similarly, terrorist organizations must have a hierarchy of needs met before they become efficient in the production of terrorism.

4 The environment refers to both the physical environment, such as the climate and terrain, and the human environment, such as demographic distribution, social structure, economic factors and political culture. While the environment is important to understanding either conventional or information terrorism within a specific context, all aspects of the environment have not been included in order to focus on information terrorism on a broader theoretical level. See O'Neil, Bard E. Insurgency and Terrorism. Washington: Maxwell Macmillan Inc., 1990, 53-69.

5 See Stoll, Cliff. The Cuckoo's Egg. New York: Pocket Books, 1990. Stoll will be discussed more in Chapter VI.

6 Bush has been instrumental in a number of scientific projects over his lifetime, from the creation of the first computer and the National Science Foundation, to his involvement with the Manhattan project, ARPANET and SDI. See Zachary, Pascal G. "The Godfather." Wired, November 1997, 152-160.

7 A firewall is the term used to describe what separates one information system from another. Some require passwords, others screen for different viruses. While there are some criticisms of them, firewalls remain an important defense against IW attacks.

8 Not only are the characteristics of IW leaders represented by the MOD and LOD, but these IW groups exhibited all of the aspects about IW organization, including a horizontal power structure, the low cost needed from external or active support, and the abilities and characteristics of individual hackers and information warriors representing the active cadre. See Slatalla, Michelle and Joshua Quittner. Masters of Deception: the Gang that Ruled Cyberspace. New York: Harper Perennial, 1996.

9 UNIX is a form of computer language or code that composes and controls an array of operating systems, mostly communication networks, around the world.

10 Since it was shown earlier that terrorists prefer to seek out options and use tactics which net them high yields at low costs, the degree to which a group is successful can be measured using this spectrum. In this example, the relationship to China was not an arbitrary example. In fact, there is serious evidence to support the statement that the Chinese, including the terrorist factions supported by the Republic of China, are at a serious advantage when it comes to offensive IW capabilities. See also Gill, Bates and Lonnie Henley. "China and the Revolution in Military Affairs." U.S. War College: 20 May 1996; and the related piece by Metz, Steven and James Kievit. "Strategy and the Revolution in Military Affairs." U.S. War College: 27 June 1995.

11 By the time that a full-scale pure IW attack is likely against the U.S., which would include PSYOPS attack, a healthy dose of skepticism should prevail. This will mainly be due to the fact that with PSYOPS an information terrorist could manipulate the information that travels across satellites into televisions. Thus, with advanced pure-IW, an information terrorist would not have to fight for air-time, but could actually be in control of all air-time. The converse to this is that if psychological operations by information terrorists become routine, then the American culture and people may not believe what they see on television until they see or experience it in person.

Chapter 5

1. See also "Creating a Smart Nation: Information Strategy, Virtual Intelligence, and Information Warfare" in Campen, Al, ed. Cyberwar. Fairfax: AFCEA International Press, 1996.

2 The argument that "if information terrorists can be secure then so can the U.S." demonstrates a lack of understanding of the depth of U.S. reliance on parts of the NII. Essentially, the example of the hacker breaking into the Pentagon shows that there is a weakness even in allegedly secure locations. Thus, finding the Pentagon on the electronic map is relatively easy. However, trying to locate where the attack originated from would be like trying to find a needle in an electronic haystack. Even after an attack there would be few, if any, signatures to trace the path of the attack. With a conventional attack, however, as demonstrated in the Pan Am bombing of Flight 103, an attack can be traced with comparable ease.

3 Note that this point may seem contrary to previous examples of the reactions to various IW attacks. What should be kept in mind, however, is that no large scale or entirely destructive IW attack has yet taken place or been discovered as an IW attack. Until such time, the reaction to such an attack can only be speculative. All of the examples given are based on material available on-line. However, in smaller scale individual attacks, such as the hacker who broke into the Pentagon, people do not believe the hacker could have done serious damage. Instead, past examples show that Americans generally think little of the attack. See on-line world wide web homepages of IASIW, InfoSec., SAC and InterPact for additional details.

4 The argument that could be made here is that, as other technological advances have changed the way that terrorists operate, it should not make IW any different. IW is simply another advance to be used by conventional terrorists. This, however, is a simplification of the whole argument. In other words, following it to its logical ends you would have to concede that IW is the same technologically as the advances brought about by the machine gun. However, previous technological advances did not change the fundamental basic psychology of conventional actors and their actions. With machine guns terrorists were still subject to a group, they still acted with direct violence or the threat of it, and the possibilities of the phoenix complex and the ability to seek vengeance were, if anything, heightened. IW, on the other hand, does exactly the opposite in each of these categories and thus should not be simply compared to other advances which previously aided the terrorists without affecting the very nature of terrorism.

Chapter 6

1. This is partially the idea under which the movie Wargames was created. Ironically though, the false alarm that NORAD suffered in this movie was not a glitch due to EMP, but due to a hacker who found a backdoor into the master system. In reality, NORAD and the nation went on "Full Alert" several times due to computer errors which were thought to be caused by EMP attacks. Recalling that EMPs were first discovered when nuclear explosions were first registered, and that hackers penetrate DoD computers over 250,000 times each year, it is easy to understand the gravity of what could have happened in either the real or fictional NORAD/Wargames scenario.

2 For complete details on the Strategic Forces Modernization program or GWEN see Reynolds, Gary K. The Ground Wave Emergency Network (GWEN). Library of Congress: Congressional Research Service Report, 89-206F, 27 March 1989.

3 As of 1998 there are currently only two MILSTAR satellites in space instead of the six once expected by the year 2000. Despite the increases in technological superiority over GWEN, with secure communications, the effectiveness of these defensive IW tools has also been questioned. It was not until late 1994 that a preliminary MILSTAR satellite was launched at a cost of over $1 billion dollars and was able to communicate with another satellite directly via a "handshake." In its now 15 year history, the program was nearly canceled four times before being scrapped by Congress in FY96 in order to save $4.5 billion dollars between 1996-2001. Thus, should an extensive EMP/T still occur, the effectiveness of MILSTAR protecting ground systems remains unclear. See also on-line source "Cancel MILSTAR Satellite System."

4 See also McLoughlin, Glenn J. The National Information Infrastructure: the Federal Role. The Library of Congress: Congressional Research Service Issue Brief 95051, 6 June 1997.

5 In addition to key escrow, this segment focuses on the overall importance that encryption has and plays in our information security network. See Smith, Marcia S. Encryption Technologies. The Library of Congress: Congressional Research Service Issue Brief 96039, 14 May 1997.

6 See McLoughlin, Glenn J. The Clipper Chip: a Fact Sheet Update. The Library of Congress: Congressional Research Service Report, 95-955 SPR, 8 September 1995.

7 The issue at hand is often whether the U.S. Federal government will have access to a master key, such as the Clipper Chip, that can decrypt otherwise secure communication. Although many rights have been cited, some of those targeted that this bill hoped to protect included the freedom of speech or the rights of people to be secure in their papers and effects, against unreasonable searches and seizures (Amendments I and IV).

8 See PCCIP final report Critical Foundations or web-site www.pccip.gov.

9 There were literally hundreds of useful suggestions and recommendations to change or make policies and procedures within Critical Foundations. Some suggestions included the creation of an Office of National Infrastructure Assurance under the National Security Council (NSC), the expansion of the Federal Emergency Management Agency (FEMA) to handle cyber-induced disasters, specific legal expansions of the Defense Production Act, and suggestions for research and development increases in FY budgets through the year 2004. See PCCIP. Critical Foundations. 1997.

10 Cliff Stoll worked at LBL in 1986 when he accidentally discovered an unauthorized person using the University's computer network. After over four years, however, it was discovered that the infiltration was due to a German hacker who used the University's computer to access sensitive databases, searching for words like stealth, nuclear, White Sands and SDI at the Jet Propulsions Lab in Pasadena or the Redstone Missile Command in Alabama. This case demonstrates how difficult it is to track a hacker. Until this point in 1990, there were no clear documented cases of hacker attacks and no procedures if one was discovered. Even today, it is much more difficult to track a hacker through the internet than a person who detonates a conventional bomb. See Stoll, Cliff. The Cuckoo's Egg. New York: Pocket Books, 1990.

11 Only some of these questions are attributed to Devost. See Devost, Matthew G. "Information Terrorism: Can you Trust your Toaster?" 1997, 3. Additionally, because the motive of an act or information attack cannot usually be determined until the source is located, it is difficult to separate policies or procedures that would serve only to defend against information terrorism or IW. Therefore at early stages of defensive planning, such as is needed currently and in the immediate future, the defenses suggested should guard against anyone who uses IW, including information terrorists.

12 As noted earlier, The Times of London published an article on 2 June 1996 that stated several London financial institutions had paid up to $400 million to fend off extortionists who used logic bombs to demonstrate their ability to destroy these institution's global operations. See also Buyer, Bond. "Cyber Terrorism." American Banker, 8 September 1997.

13 CERTs have easily become overwhelmed by the amount of security breaches and have been wholly unable to respond to them. As a result, in 1995, CERTs began decreasing their rapid-response role in favor of basic research into computer security. See Tehan, Rita. Welcome to Cyberia. The Library of Congress: Congressional Research Service report, 97-544C, 12 May 1997.

14 There are many strong arguments for an electronic civil defense platform. One of them is that in order to combat the information terrorist, who will likely attack Disney World before they attack the Pentagon, the military and general government are rendered irrelevant. In other words, the defensive model designed by Col. John Warden needs to be essentially inverted to be effective. While the PCCIP has pushed the United States into the right direction, it will by no means conquer the information terrorist threat. See Schwartau, Winn. "The Ethics of Civil Defense and Information Warfare." Available on-line; Schwartau, Winn. Information Warfare. 1996, 43-46, 643-647; Round, W. Oscar and Earle L. Randolph, Jr. "Civil Defense in the Information Age." Institute for National Strategic Studies. No. 46; National Defense University: September, 1995. Although throughout this thesis I have used examples from "fictional" movies, such as Wargames and Sneakers, the U.S. government needs to take an active role in convincing citizens that threats from IW attack are by no means fictional. The incident at NORAD, for example, needed to be reported immediately and not partially explained to the public through a movie.

15 Using hackers as a national resource is not a new idea. See Devost 1995, 90-93 or Devost's "Hackers as a National Resource" cited in Schwartau, Winn. Information Warfare. 1996, 366-369; and Schwartau's longer examination of hackers as the first information warriors, 344-366.

16 The strongest argument for the U.S. government keeping technology secret, including both the offensive tools like EMP/T and the defensive protections from it, is due to the belief that people, including information terrorists, could use this technology. The response to this concern is primarily why the U.S. has had very tight export policies on encryption software. Despite export restrictions, however, encryption technology has shown up all over the world. The same argument to support the release of almost all information protection software and equipment has been made elsewhere. See Nye, Joseph S., Jr. and William A. Owens. "America's Information Edge." Foreign Policy (March/April 1996): 20-36.

17 See PCCIP final report Critical Foundations, 1997 or web-site at www.pccip.gov.

18 For each of these documents a review of them directly is urged. I directly consulted Oliver et al, eds. International Legal System: Cases and Materials/and Document Supplement. 4th Ed. Westbury: Foundation Press Inc., 1995.

19. There are a variety of sources that engage the legal debate between privacy and other rights in the information age and the need in many cases to ensure that law enforcement and national security can still be effective. See Aldrich, Richard. "International Legal Implications of Information Warfare." April 1996; Schwartau 1996, 648-655, (Barlow) 655-657, 687; Cate, Fred H. Privacy in the Information Age. Washington: Brookings Institution Press, 1997; and DeCew, Judith W. In Pursuit of Privacy. Ithaca: Cornell University Press, 1997.

20. Kornblum noted in her article that Attorney General Janet Reno also recognized this question and hinted toward the fact that future pro-active offensive strategies by the FBI, CIA, State Department and NSA could be already underway or forthcoming.

Conclusion

1. See Haines, Ted (Director). Discovery Channel, Discovery Magazine: The Doomsday Plan. 22 March 1998.

Bibliography

1. Material from the Congressional Research Service may not be immediately available to the public. Generally CRS material is available only to members of Congress.

BIBLIOGRAPHY

Return To Index