Loss of Sanctuary

Module 7

The Lesson

• Understand the concept of an Information (electronic) Pearl Harbor.
• Understand loss of sanctuary.

Historical Review

What was Pearl Harbor? A strike at the heart of America.

Why Pearl Harbor? Japan wanted to eliminate the US's ability to project power in the Pacific.

How do countries today project power?

• Politically
• Economically
• Military option removed

Another Consideration

Why are Third World nations so desperately seeking weapons of mass destruction (WMD)?

Many nations do not have the resources to maintain a powerful military force. WMDs, such as nuclear, biological, or chemical weapons present an economically viable alternative for security.

What was wrong with Japan's WWII strategy and recent efforts by Third World nations? Pearl Harbor ensured a response from the United States. Japan wanted to erase the U.S. Pacific military threat. They, of course, did not accomplish that. Iran, Iraq, Libya, and others want to reduce the effectiveness of American military influence, but they know doing so explicitly and deliberately would result in war.

An Effective Information (electronic) Pearl Harbor

An Effective Information (electronic) Pearl Harbor So what would an effective Information Pearl Harbor look like? Today, our critical infrastructures consist of the transportation, power, and industrial networks. These all could be likely targets.

The U.S. may find it difficult to use military force in response to an Information Pearl Harbor-type attack. It is difficult for the U.S. to retaliate using military action when the country did not suffer loss of life and cannot even determine who to target.

Weapons Choice From a Non-US Perspective

Information Pearl Harbor Summary

1. Many developing nations are seeking to level the field with respect to the basic elements of power.
2. Most nations have started advancing their economic and political development, and thus are seeking to increase their international status.
3. No nation on earth can afford to challenge the U.S. militarily. IW can level the field.
4. The political, economic, and military reaction to an IW Pearl Harbor is an acceptable risk to an attacking nation.
5. Therefore, it is reasonable to assume that the next Pearl Harbor will be against a critical aspect of America's infrastructure. Further, it is reasonable to suggest that this attack will be launched via cyberspace.

The Military Perspective

Module 8

The Lesson

• To examine Information Warfare from the military perspective.

The Military Perspective - War Fighting in the Information Age

Carl von Clausewitz reasoned that commitment to war merges from the confluence of three characteristics or tendencies: the people, the military, and the government. He suggested that when these three components unify around a common purpose to be achieved by force of arms, an interactive trinity emerges that produces the national will to fight.

This suggests the following formulation:

National Will = Will of the People + Will of the Military + Will of the Government

This proposition has been supported in the emerging information age. For examples look at Somalia and Haiti. Information had the power to break the will of the people.

The Military - Planning For Future Conflict

Our military must assume that future conflicts will be viewed real-time in the homes of every American. War must be quick, decisive, and limit civilian casualties to few or none.

Furthermore, because of our system, the military and political leadership cannot lie or deny access to the American press.

These include: immediate battlefield awareness, precision weapons, and most importantly, new non-lethal weaponry. However, we must understand America's potential adversaries may have the same capabilities. Therefore, many believe future conflicts will be waged on the information plane.

Why Will the Military Choose Information Warfare?

Consider infrastructure as a target; power plants, communications facilities, factories, petroleum pipelines, transportation systems (air, sea, rail). All are either currently or will soon be operated and managed by computers. Computers that receive critical sensing and requirement changes via the net. Therefore, by attacking or taking control of the net an adversary controls the infrastructure.

A nation's air force may take out an air defense system using a computer virus in lieu of an iron bomb. It's cheaper, quieter, and safer. And it is psychologically more effective!

Infrastructure

A nation's infrastructure can be exploited, disrupted, or destroyed by infiltrating the computer networks that control such. Many ask will an army still be required to occupy a nation to impose its will? In total war, most likely; however, in the emerging age of economic warfare occupation can be achieved by precipitation a condition conducive to a leveraged buy-out, i.e., foreign corporations with the assistance of their government will simply procure critical portions of an enemy's infrastructure. As a result, ultimate control can be achieved through the corporate board room.

Remember, the trinity concept offered by Clausewitz: a nation's will is a combination of the people's, military's, and government's will. The people will as always desire a non-military solution to challenges of national interest. The information age offers many non-military options for exerting national will.

IW offers a new peace time application of warfare. A new type of infrastructure attack focused against a nation's political, economic, and social infrastructure.

Economic Warfare - Taking Away a Nation's Ability to Produce and Trade for Needed Commodities

An old quote:

The greatest happiness is to vanquish your enemies, to chase them before you rob them of their wealth, to see those dear to them bathed in tears, to clasp to your bosom their wives and daughters. Genghis Khan

Today, translated by America's competitors:

The greatest happiness is to crush your American competitor, to chase them before you, to rob them of their market share, to clasp to your income statement their former sales revenues, and to hear the lamentations of their stockholders. Asian Strategy

The Military Perspectives of Information Warfare

You can examine each service's perspective on IW:

• Army
• Air Force
• Navy

Recommendations

Module 9

The Lesson

• To examine recommendations for a national policy on Information Warfare.

Directions

Congress is being pulled in all directions by these groups:

• Supreme Court
• Industry
• Individual citizens
• Defense
• Foreign interests
• Law enforcement
• Special interest groups

Although a political solution has not been identified, it does exist. The path toward the answer can be significantly narrowed. The historical evolution of our constitutional rights provides the reliable road map. Our country's Constitution, legislative enactment, executive orders, and Supreme Court rulings form the boundaries within which future policies.

Congressional leaders will be challenged to set upon the path to deriving legislation that secures our nation's critical infrastructures. In doing so our nation's leaders will have to pay close attention to the following influences. Otherwise, the legislative process will become bogged down in debate or litigation and much needed legislation will ultimately be delayed.

• First, fourth and fourteenth amendments
• Individual citizens
• Special interest groups
• Law enforcement
• Defense
• Lochner lesson
• Industry
• Foreign interests
• Supreme Court rulings

Finding the Path

Finding the path consists of:

1. Identifying the problem (threat) and opportunity.
2. Determining a process (committee structure).
3. Gathering information (who has interest and what are those interests?).
4. Forming a strategy (review of draft legislation).
5. Implementing the strategy.

The Next Step

The IW threat has been identified and the process of reporting such is on-going. The next step, Determining a Process, has been done by the formation of a presidential bipartisan committee (commission) on securing our Nation's critical infrastructures.

This committee will focus on protecting those infrastructures critical to national defense and preserving the American way of life; however, in doing so issues that resonate at the core of each American's individual right to freedom will have to be considered. Groups which support various positions during these debates will have to carefully formulate their strategy to insure that the needs of their constituents are addressed.

What is the Problem (an example in problem solving)?

This may sound elementary, but one of the most difficult aspects of problem solving is correctly identifying the problem, or determining what really needs to be fixed. Interestingly, the threat of an informational attack itself is not the central issue. Depending upon the specific target infrastructure the central issue may be one of several: knowing the event has occurred, motivations of the attackers, the loss of service, or the attacker's ultimate goal (which could be the second or third order effect).

The following example is offered as a mental exercise to help illustrate that identifying the central issue is not always easy and that often solutions are sought that do not solve the actual problem.

The Scenario

The setting is a college class room.

On the first day of a freshman engineering class thirty students have filled the room, confident that they have the ability to become world-class engineers. The instructor introduces himself and displays the following sign for the student's consideration:

The instructor asked two questions, with the first being What is the problem? After about twenty minutes, the students were ready to present their analysis. The students finally decided that the following was the problem: the bridge freezes before the road surface.

The second question was, What is the best solution? There was little consensus. The students devised clever solutions to the problem. Here are some of their creative solutions:

• An automatic salt dispenser that operates during freezing conditions.
• Keep bridges dry with an inexpensive covering.
• Heat the bridge during the winter months.

The Result

So, two questions were asked: What is the problem? and What is the solution? Obviously, the students did not get either question correct. As the students continued to work on this assignment, the voice of a young lady emerged from the back of the room.

The sign is the solution, she said.

The instructor then asked, What is the problem?

She replied that the problem is not the bridge freezing. It is the fact that a driver who is not paying attention and traveling on a surface with good traction suddenly reaches an area where the road surface is icy. The problem is the unsuspecting driver, not the freezing bridge.

Therefore, the sign is the solution as it makes the driver aware of a potential hazard. She was right!

Example Summary

The example was given to illustrate how easy it is to arrive at a solution to the wrong problem and miss the issue. Look at the recent Indecency Law passed by Congress and struck down by a Philadelphia Court as unconstitutional. The law sought to stop the posting of pornographers from being accessed by minors via the Internet. Did the engineers of this legislation lose focus of the real problem? As a young person, did you ever see pornography? Is the material the problem, its mode of publication, or its manufacturer?

As our nation enters the age of information many different issues will come into play: privacy, free speech, law enforcement, etc. Our congressional leaders (more importantly their staff members performing the analyses) will have to remain constantly aware that it is easy to diverge from the core issue, which is the national security threat posed by IW. The IW threat will raise many issues for congressional review. Not all of these issues deal with national security. Congress and executive agencies must continue to keep the national debate focused upon securing America. Only then can our nation adequately deal with the more social aspects of the emerging information age.

Here is a recommended rule of thumb. If you are suggesting a solution ask yourself, Why would I want to do that? Continue asking yourself until you arrive at a basic, repeating conclusion. Considering our students in the example and their initial solutions. Would they have come to closure more quickly had they asked the simple question, why? Would Congress have passed the recent Indecency Law had they done the same?

Summary and Conclusions

Module 10

The Lesson

• To summarize and draw conclusions from the previous lessons.

Module 1 Summary - How Did We Get Here?

1. The Internet was born from a DoD requirement for a survivable communications system. As a result the Global Information Infrastructure (GII) which utilizes the Internet protocol is evolving into a robust information sphere where individuals are discovering a political and social freedom never before available. There is an evolving new indestructible cyberspace where individuals are free from race, color, age, or sexual bias; only one's ideas matter. Our planet is undergoing an information revolution. Module 1 illustrates what many call the nuclear model. This reference suggest that just as the threat of nuclear war forced America to develop new national policy focused on defending America from a new threat, so does the emergence of an Information Warfare threat establish a need for an Information Civil Defense. Such an IW Civil Defense would consolidate national policy to protect America's critical infrastructures (communications, power, financial, transportation) from attacks launched via the net.
2. A comparison between now and then: The Internet concept (ARPANET) was born from a Cold War requirement when the United States government leveraged over 90% of all telecommunications research. As a result, the Internet protocol (TCP/IP) was accepted by industry and academia. Today, the Internet offers a viable market place rich for corporate and public investment. With the end of the Cold War, the United States government now contributes less than 10% of telecommunications research funds.
3. Once capable of supporting an independent communications network, the Department of Defense enjoyed the security of a dedicated and redundant network. However, faced with diminishing defense budgets and a rapidly expanding commercial telecommunications infrastructure, DoD is now economically forced to rely on the Public Switched Network, a network that has been demonstrated to be vulnerable to information attack. For the first time in history, DoD is critically dependent upon an infrastructure that it does not control or influence. This begs the question, "Who will be responsible for securing America's critical infrastructures?" And for the first time, DoD and the intelligence community must grapple with the concept of leading from behind, where contributions to the national debate are to provide accurate, sound advice on what constitutes the Threat, and which entities are positioning themselves to take advantage of America's critical infrastructures.

Module 2 Summary - The Threat

1. Why is Information Warfare a threat? IW levels the international playing field (political, economic, and military), i.e., most nations cannot challenge American policy using traditional force-on-force. Information Warfare is very cost effective, and offers a non-attribution capability that can be completely hidden during development and deployment. Finally, the United States, whose policy is often the target of attack by emerging or rogue states, is the most vulnerable to IW.
2. DoD analysis suggests that when 95% of government networks were subjected to informational attacks, less then 5% were detected. Further, of the 5% detected, very few are successful in closing the hole to future attacks.
3. The groups posing the threat to America's critical infrastructure are:
   

   Threat	Threat Level
   Individual Hackers	Low lever threat (nuisance)
   Coordinated hacking (Instructor/tutor)	Low/Med level of threat
   Funded, coordinated (focused, employed)	High level
   State sponsored, focused (Intel provided, spec tasking)	Extremely High

   
   A new management philosophy is needed.
   

4. Old Business - New Focus (Spies of the 21st century). As security products become available to the public and commercial sector the focus of international espionage will be redirected from the individual with access to desired information toward the network system administrator. Just as any industry seeks the most bang for the buck, so will foreign case officers seek to target the system administrators of key computer systems. This threat transcends the traditional focus and will expose virtually every aspect of American society. In the past corporations needed only to enforce strict security upon those facilities handling classified government material. The spies of tomorrow will target institutions such as banking (ATM, investment), transportation (Federal Express, UPS, rail, trucking) and industry (chemical, power, computer, etc.).
5. The new business of spying. As the world enters the information age, international economic competition will become more fierce. Nations will set as a national priority the goal of acquiring America's customer base. Industrial espionage will escalate into industrial sabotage. For example, a foreign power may recruit a critical software or hardware engineer in an effort to implant destructive code that can be remotely triggered. The focus of such an attack may be as simple as to force a general product recall, and the timing of the execution could coincide with a critically weak period for the company. Thus a simple failure that forces a product recall may precipitate a disastrous fall of stock prices and takeover of the company. (Industry will need to re-think its current security practices and be more aware of the threat posed by grieving and/or disgruntled employees)

Module 3 Summary - DoD Roles and Missions

1. America's military is in the process of aligning itself as the Cold War threat diminishes. Tomorrow's military will continue to stand ready to defend America if faced with the traditional two major regional conflicts scenario; however, it will be forced to do so with fewer resources. Economizing will be sought through advanced Command and Control Warfare. Further, America's military will be more likely to operate with a global reach utilizing new strategic offensive information warfare. Tomorrow's military will prepare the theater of conflict by seizing control of all critical infrastructures utilized by the enemy. Tomorrow's enemy will only be able to communicate, finance, or logistically relocate that which our leadership allows. Our adversary will be blinded by a complete cyberfog of war.
2. Just as these new weapons for peace are being developed, so are the controlling mechanisms. Currently the Joint Chiefs of Staff has both an offensive and defensive group addressing these very issues. Mechanisms are currently in place and being honed to ensure that each new strategic weapon is controlled within the required authority for release.
3. From the defensive perspective, DoD is currently inhibited as its mandated authority prohibits involvement in securing the public and corporate sector of America's critical infrastructure. This offers the greatest challenge to future military leaders, as they have little influence in securing a vulnerable America which is open to an Information Pearl Harbor. Just as America pulled together a nation threatened by a cold war, our nation's leaders must define America's Information (infrastructure) Civil Defense.

Module 4 Summary - Information Assurance

To expand the DoD perspective of securing America from groups that wish to influence U.S. policy throughout infrastructure attacks, our nation's leadership, both political and industrial, must define a process by which America can be secured. The National Information Infrastructure will be used by tomorrow's enemies to gain access and attempt to control or influence our nation's critical infrastructures. Policy makers will be faced with the challenge of respecting and balancing the basic rights of Americans. For example, a balance between the right to privacy vs. law enforcement represents one of many issues which will be hotly debated. However, there is one positive aspect; the threat posed to America's infrastructure via IW attacks is by its nature non-partisan. The threat is real and is focused against all of America. As a result, our political leaders will come to closure on this issue much more quickly. This contrasts sharply with the health care debates of the early 90's which ended with few positive results.

The key to Information Infrastructure security is clearly defined by our forefathers:

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty, and the pursuit of Happiness. That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed. That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.

Our forefathers believed that individual rights were granted by God and secured by government. Our nation's leaders will be challenged to find the right balance - this represents the heart of the debate in securing America.

Module 5 Summary - The Political Quagmire

The focus for change must come from Congress. The issues associated with defending America in the age of information can only be equitably debated through this branch of government. This is not to suggest that the President and the Judicial branch will not play a major role; they will... Congress will have to take the lead in forging new policy as our nation enters the 21st century.

Role of the President: Lead from behind by directing the Executive branch departments and agencies to provide critical information (data) for use by Congress, Industry, and the public in forming the national debate. The Executive branch must provide a clear representation of the Threat that IW poses to our nation's infrastructure. Further, the President must ensure that any technical skills and associated knowledge resident in the U.S. Government is available to industry and Congress for their use in formulating national information policy.

Role of the Supreme Court: The Supreme Court will, as it has in the past, ensure that legislated policy does not encroach on the rights of Americans. Just as the Supreme Court played a major role in interpreting legislation as America entered the Industrial Revolution, it will do so for the Information Revolution. However, history has shown that such interpretations are molded over time as society's needs and perspectives change. For example, the balance between economic rights and the needs of business.

Role of industry: Corporate America will be called upon to provide a realistic view of industry's security needs. This view is currently not possible as most of corporate America is either fearful of disclosing the extent of the threat, or is unaware of the intentions of its adversaries. To remedy this, the President must commit America's intelligence community to directly providing relevant indications and warnings to industry. Congress must engineer a policy where industry is required to report the number and nature of IW attacks against its infrastructures. Such disclosures by industry must be protected to guard against erosion of the public confidence. Today many nations desire U.S. military products, tomorrow they will want American security products that protect critical infrastructure. If our nation's policy makers pass legislation that encourages the will of American industry, the "Made in America" label will appear on security systems world wide.

Role of the individual: The Internet is growing exponentially. Within it there are many references to the sanctuary of cyberspace. There have been declarations of cyber-independence and calls for a hands-off by governments. People of the world are experiencing for the first time what Americans have taken for granted: Freedom of Speech. The ability to publicly voice one's opinion is bringing a passion to the Internet that is indescribable. Non-Americans are naturally hesitant to embrace any government association with the Internet. However it must be remembered that it was America, specifically the U.S. Department of Defense, that made the Internet possible. According to the Declaration of Independence, America's government is formed by its people to protect the rights granted by the Creator. This brings us to one of the most fundamental arguments of society (State): when do the rights of the many outweigh the rights of the few? This issue has been argued since the dawn of logical thought. Our policy makers (Congress and the President) must receive a balanced view from their constituents. Often our nation has applied the oil only to the squeaky wheel. The Congress must initiate public community debates to help bring the message to Washington. When called individuals must educate themselves to the issues and voice their opinion.

Lessons from the Past

Look to our nation's transition during times of great change, e.g., the industrial revolution, the Great Depression, and the nuclear threat (Cold War). During each period the concept of free enterprise provided the technical means to a solution. Likewise, each transition, required a new assessment of the balance of rights. Looking more recently to the second half of the 20th century, it can again be illustrated that free enterprise enabled America to become the global leader in technology. The voices of our forefathers offer guidance; if only we would listen.

Specific Lessons from History

1. Legislative actions have historically supported economic and industrial growth.
2. The mean trend of U.S. Courts has been to lean toward the rights of the individual. The right to privacy has and will continue to be at the center of such debates.
3. The technical solutions to all of America's needs have come from the industrial sector. History has shown that with the encouraging government policy the pace of development can be greatly accelerated, e.g., America's race for the moon in the 1960's.
4. Look to the benefits of AT&T's divestiture. What other aspects of America's critical infrastructure could benefit from similar considerations, i.e., electric power distribution?
5. Consider the recent cases involving free speech; for example the Philadelphia Court striking down legislation on indecency. What can be learned from this? Was Congress reactive or proactive? Were legislators responding to impulse demands of a minority? Congress must carefully consider the implications of oiling the squeaky wheel, as this may lead to action without thoughtful representation.

Module 6 Summary - IW Weapons

Information Warfare Weapons fall into three categories: Strategic, Theater, and Tactical. Each category has its own unique capabilities and thus requires different safety mechanisms to prevent inadvertent release. Consider nuclear weapons. They too can be employed to support a tactical, theater and/or strategic objective. However, nuclear weapons must ultimately be released for use by the President and usually by recommendation of the National Security Council. IW weaponry is very similar, but there are exceptions.

The Commander In Chief (CINC) will always implement the directions of the President. In such a capacity certain IW weapons can be left to the discretion of the CINC for implementation. Likewise, traditional theater level Electronic Warfare (EW) or PSYOP that is enhanced by IW capabilities fall under CINC authority.

Strategic IW weapons however, will most likely be reserved for release by the highest level. For example, a computer virus that would cripple a nation's monetary system or may seize control of international satellites must be controlled by either the President (SECDEF if authority has been delegated). Justification: a response in-kind would have a direct impact on the American homeland, i.e., the loss of sanctuary.

So who pulls the trigger? In general the command to launch an IW attack will at least be reviewed by the National Security Council, possibly the President (weapon dependent), and ordered by the CINC. One must remember that some strategic weapons will only be released on authority of the President. Note: during the planning process the CINC will be the single person responsible for the overall campaign and will decide his or her weapons of choice, but just as in the case of nuclear weapons, IW weaponry will require a higher lever of coordination and authorization for release.

Module 7 Summary - Loss of Sanctuary

America has the strongest, most capable military in the world. This fact challenges many nation's objectives which conflict with American policy. No nation has the capability to challenge the United States using traditional force-on-force. Further, the acquisition of weapons of mass destruction by such nations is also considered futile, as America's response would be direct and massive. This leaves many developing nations with few options in countering America's military force. That was until the introduction of Information Warfare.

Many nations in competition with the United States, either in the political or economic realm, are actively developing IW capabilities. They hope to use these capabilities to gain an industrial edge by stealing U.S. industrial secrets, and when possible disrupt America's industrial base.

America possesses many infrastructures: power, transportation, economic. But there are others not normally considered. Our nation possesses a knowledge infrastructure where critical scientific information is freely shared between academia, government, and industry. This infrastructure, like others, is open to attack by IW weapons.

America has typically enjoyed a protected sanctuary provided by the two great oceans. Not until Pearl Harbor and the subsequent nuclear threat did America become aware of it's loss of sanctuary. With the fall of the Iron Curtain and the end of the Cold War, Americans have returned to believing in a new protected sanctuary. This is far from the truth. Daily, America's critical infrastructures are being probed and investigated by foreign powers. Our nation's industries currently lack the capability to adequately detect the implantation of IW weapons into our infrastructure.

Many nations are looking for ways to attack our financial networks to gain economic advantage. Likewise our industrial base is under attack. Cyberspace has no geographic boundaries. Nations are contracting the efforts of cyber-terrorists to maintain non-attribution. It is possible that some nations we traditionally consider allies and friendly are set on a path of economically and industrially conquering America.

America's sanctuary has been lost. Our nation is under a quiet, sometimes organized attack by many forces whose goal is to topple America's global position.

Module 8 Summary - The Military Perspective

The military perspective on the beta version of this tutorial was composed from various unclassified briefings and presentations. Each service has been distributed the beta version with the intent of providing input into the final version due in October 1996. As you explore the military perspective please remember that military offensive aspects of IW cannot be discussed openly. Nonetheless these efforts are ongoing!

Just as America's military transitioned into the industrial age and adopted the concept of mechanized war, so will it adapt to warfare in the information age. That said, the transition will not be easy. Just as military leaders resisted accepting a mechanized calvary and concept of an Air Force there will be great hesitation to adopt IW. By its nature any military must adhere to tradition and order. How else can a person be commanded into combat? But tradition typically stalls advancement of new technologies. America's military will become tomorrow's information warriors, and when future military leaders look to this period they will again wonder why acceptance of such an natural concept was hard to comprehend.

The Army has and will always command the ground aspect of warfare. The information revolution will provide a battlefield (situational) awareness unimaginable today. The fog of war will be greatly reduced if not totally eliminated. Likewise, offensive IW will render our nation's enemies dispersed and informationally isolated. The enemy's fog will be extended to a complete blindness. All aspects of today's Army will be enhanced by the information revolution.

The Navy and Marine Corps will continue to control the seas and provide the heavy strategic reach capability America now enjoys. Global sensory networks will ensure the Navy has the capability to track any form of naval enemy on a global basis. New information technologies will extend the track and reaction time of many naval weaponry for both hard and soft kills.

The Air Force and its command of the skies will continue. Tomorrow's air defense weaponry and electronic warfare will be unrecognizable to today's military leaders. The ability to precisely strike a hostile nation's command and control, air defense, or critical infrastructures will be just a push-button away. If a hard kill is required, the enhancement of IW will ensure the safety of our service personal and reduce the amount of physical force necessary. Precision strike will place munitions on a target in ways now considered impossible.

Module 9 Summary - Recommendations

The nation is ready to debate the issue of Information Warfare and begin to decide that delicate balance between protecting the individual rights and national security. For the past three years we have come a long way. First the term Information Warfare was discussed, i.e., what does it mean. Then groups began to discuss organization structure and identify needed policy. Today, insiders understand IW and its threat to America's infrastructure. It is now time to mode the debate to the people and industry and answer the question, how do we protect America's Critical Infrastructure form Information Warfare.

The following Executive Order was issues by President Clinton on July 15, 1996. It focuses the necessary ingredients for the national debate:

WASHINGTON, July 15, 1996

Executive Order  
     
Certain national infrastructures are so vital that their incapacity or 
destruction would have a debilitating impact on the defense or economic 
security of the United States.
     
These critical infrastructures include
     
 telecommunications,
 electrical power systems,
 gas and oil storage and transportation, 
 banking and finance,
 transportation,
 water supply systems,
 emergency services (including medical, police, fire, and rescue), and 
 continuity of government.
     
     
Threats to these critical infrastructures fall into two categories:
     
1. physical threats to tangible property ("physical threats"),
     
2. and threats of electronic, radio-frequency, or computer-based attacks 
on the information or communications components that control critical 
infrastructures ("cyber threats").
     
Because many of these critical infrastructures are owned and operated by 
the private sector, it is essential that the government and private 
sector work together to develop a strategy for protecting them and 
assuring their continued operation.
     
     NOW, THEREFORE, by the authority vested in me as President by the 
Constitution and the laws of the United States of America, it is hereby 
ordered as follows:
     
Section 1.  Establishment.  There is hereby established the President's 
Commission on Critical Infrastructure Protection ("Commission").
     
        (a) Chair. A qualified individual from outside the Federal
Government shall be appointed by the President to serve as Chair of the 
Commission. The Commission Chair shall be employed on a full-time basis.
     
        (b) Members.  The head of each of the following executive branch
departments and agencies shall nominate not more than two full-time 
members of the Commission:
     
        (i)     Department of the Treasury;
        (ii)    Department of Justice;
        (iii)   Department of Defense;
        (iv)    Department of Commerce;
        (v)     Department of Transportation; 
        (vi)    Department of Energy;
        (vii)   Central Intelligence Agency;
        (viii)  Federal Emergency Management Agency;
        (ix)    Federal Bureau of Investigation;
        (x)     National Security Agency.
     
One of the nominees of each agency may be an individual from outside the 
Federal Government who shall be employed by the agency on a full-time 
basis.  Each nominee must be approved by the Steering Committee.
     
Sec. 2.  The Principals Committee.  The Commission shall report to the 
President through a Principals Committee ("Principals Committee"), which 
shall review any reports or recommendations before submission to the 
President.  The Principals Committee shall comprise the:
     
        (i)     Secretary of the Treasury;
        (ii)    Secretary of Defense;
        (iii)   Attorney General;
        (iv)    Secretary of Commerce;
        (v)     Secretary of Transportation;
        (vi)   Secretary of Energy;
        (vii)   Director of Central Intelligence;
        (viii)  Director of the Office of Management and Budget; 
        (ix)    Director of the Federal Emergency Management
                Agency;
        (x)     Assistant to the President for National
                Security Affairs;
        (xi)    Assistant to the Vice President for National
                Security Affairs.
     
Sec. 3.  The Steering Committee of the President's Commission on 
Critical Infrastructure Protection.  A Steering Committee ("Steering 
Committee") shall oversee the work of the Commission on behalf of the 
Principals Committee.  The Steering Committee shall comprise four 
members appointed by the President.  One of the members shall be the 
Chair of the Commission and one shall be an employee of the Executive 
Office of the President. The Steering Committee will receive regular 
reports on the progress of the Commission's work and approve the 
submission of reports to the Principals Committee.
     
Sec. 4. Mission. The Commission shall:
     
        (a) within 30 days of this order, produce a statement of its
mission objectives, which will elaborate the general objectives set 
forth in this order, and a detailed schedule for addressing each mission 
objective, for approval by the Steering Committee;
     
        (b) identify and consult with: (i) elements of the public and
private  sectors that conduct, support, or contribute to infrastructure 
assurance; (ii) owners and operators of the critical infrastructures; 
and (iii) other elements of the public and private sectors, including 
the Congress, that have an interest in critical infrastructure assurance 
issues and that may have differing perspectives on these issues;
     
        (c) assess the scope and nature of the vulnerabilities of, and
threats to, critical infrastructures;
     
        (d) determine what legal and policy issues are raised by efforts
to protect critical infrastructures and assess how these issues should 
be addressed;
     
        (e) recommend a comprehensive national policy and implementation
strategy for protecting critical infrastructures from physical and cyber 
threats and assuring their continued operation;
     
        (f) propose any statutory or regulatory changes necessary to
effect its recommendations; and
     
        (g) produce reports and recommendations to the Steering
Committee as they become available; it shall not limit itself to 
producing one final report.
     
Sec. 5. Advisory Committee to the President's Commission on Critical 
Infrastructure  Protection.
     
        (a) The Commission shall receive advice from an advisory
committee ("Advisory Committee") composed of no more than ten 
individuals appointed by the President from the private sector who are 
knowledgeable about critical infrastructures. The Advisory Committee 
shall advise the Commission on the subjects of the Commission's mission 
in whatever manner the Advisory Committee, the Commission Chair, and the 
Steering Committee deem appropriate.
     
        (b) A Chair shall be designated by the President from among the
members of the Advisory Committee.
     
        (c) The Advisory Committee shall be established in compliance
with the  Federal Advisory Committee Act, as amended (5 U.S.C. App.). 
The Department of Defense shall perform the functions of the President 
under the Federal Advisory Committee Act for the Advisory Committee, 
except that of reporting to the Congress, in accordance with the 
guidelines and procedures established by the Administrator of General 
Services.
     
Sec. 6. Administration.
     
        (a) All executive departments and agencies shall cooperate with
the Commission and provide such assistance, information, and advice to 
the Commission as it may request, to the extent permitted by law.
     
        (b) The Commission and the Advisory Committee may hold open and
closed  hearings, conduct inquiries, and establish subcommittees, as 
necessary.
     
        (c) Members of the Advisory Committee shall serve without
compensation for their work on the Advisory Committee.  While engaged in 
the work of the Advisory Committee, members may be allowed travel 
expenses, including per diem in lieu of subsistence, as authorized by law 
for persons serving intermittently in the government service.
     
        (d) To the extent permitted by law, and subject to the
availability of  appropriations, the Department of Defense shall provide 
the Commission and the Advisory Committee with administrative services, 
staff, other support services, and such funds as may be necessary for 
the performance of its functions and shall reimburse the executive 
branch components that provide representatives to the Commission for the 
compensation of those representatives.
     
        (e) In order to augment the expertise of the Commission, the
Department of Defense may, at the Commission's request, contract for the 
services of nongovernmental consultants who may prepare analyses, 
reports, background papers, and other materials for consideration by the 
Commission.  In addition, at the Commission's request, executive 
departments and agencies shall request that existing Federal advisory 
committees consider and provide advice on issues of critical 
infrastructure protection, to the extent permitted by law.
     
        (f) The Commission, the Principals Committee, the Steering
Committee, and the Advisory Committee shall terminate 1 year from the 
date of this order, unless extended by the President prior to that date.
     
Sec. 7.  Interim Coordinating Mission.
     
        (a) While the Commission is  conducting its analysis and until
the President has an opportunity to consider and act on its 
recommendations, there is a need to increase    coordination of existing 
infrastructure protection efforts in order to better address, and 
prevent, crises that would have a debilitating regional or national 
impact.  There is hereby established an Infrastructure Protection Task 
Force ("IPTF") within the Department of Justice, chaired by the Federal 
Bureau of Investigation, to undertake this interim coordinating mission.
     
        (b) The IPTF will not supplant any existing programs or
organizations.
     
        (c) The Steering Committee shall oversee the work of the IPTF.
     
        (d) The IPTF shall include at least one full-time member each
from the Federal Bureau of Investigation, the Department of Defense, and 
the National Security Agency.  It shall also receive part-time 
assistance from other executive branch departments and agencies. Members 
shall be designated by their departments or agencies on the basis of 
their expertise in the protection of critical   infrastructures.  IPTF 
members' compensation shall be paid by their parent agency or 
department.
     
        (e) The IPTF's function is to identify and coordinate existing
expertise, inside and outside of the Federal Government, to:
     
                (i) provide, or facilitate and coordinate the provision
of, expert guidance to critical infrastructures to detect, prevent, 
halt, or confine an attack and to recover and restore service;
     
                (ii) issue threat and warning notices in the event
advance information is obtained about a threat;
     
                (iii) provide training and education on methods of
reducing vulnerabilities and responding to attacks on critical 
infrastructures;
     
                (iv) conduct after-action analysis to determine possible
future threats, targets, or methods of attack; and
     
                (v) coordinate with the pertinent law enforcement
authorities during or after an attack to facilitate any resulting 
criminal investigation.
     
        (f) All executive departments and agencies shall cooperate with
the IPTF and provide such assistance, information, and advice as the 
IPTF may request, to the extent permitted by law.
     
        (g) All executive departments and agencies shall share with the
IPTF information about  threats and warning of attacks, and about actual 
attacks on critical infrastructures, to the extent permitted by law.
         
        (h) The IPTF shall terminate no later than 180 days after the
termination of the Commission, unless extended by the President prior to
that date.
     
   Sec. 8.  General.
     
        (a) This order is not intended to change any existing statutes
or Executive orders.
     
        (b) This order is not intended to create any right, benefit,
trust, or  responsibility, substantive or procedural, enforceable at law 
or equity by a party against the United States, its agencies, its 
officers, or any person.
     
WILLIAM J. CLINTON  THE WHITE HOUSE, July 15, 1996.

References

The following list of references are from an excellent paper written by Daniel E. Magsig titled Information Warfare: In the Information Age. Thanks to Daniel for all the effort in compiling this list with abstracts:

[1] Alberts, David S., and Richard E. Haynes. "Information Warfare
Workshop: Decision Support Working Group Report." First International
Symposium on Command and Control Research and Technology (June 1995):
569-76.

Discusses information warfare decision support, and offensive and defensive
information warfare issues. Highlights pervasive nature of information
warfare. Recommends one consistent, widely disseminated policy on
information warfare, full integration of information warfare into military
operations, emphasis on defensive information warfare, and attention to
psychological and coalition warfare issues.


[2] Alberts, David S., and Richard E. Haynes. "The Realm of Information
Dominance: Beyond Information War." First International Symposium on
Command and Control Research and Technology (June 1995): 560-65.

Examines the concept of information dominance. Suggests a data,
information, understanding, knowledge, and wisdom typology of information.
Defines information space across arenas, levels, and natures of interaction
between entities. Highlights danger of focusing too narrowly on commonly
discussed elements of information warfare.


[3] Arquilla, John, and David Ronfeldt. "Cyberwar is Coming!" Comparative
Strategy 12 (April-June 1993): 141-65.

Classic paper introduces terms "cyberwar" and "netwar". Argues mass and
mobility will no longer decide the outcome of conflict. Instead,
decentralized, networked forces with superior command, control, and
information systems will disperse the fog of war while enshrouding the
enemy in it. Provides excellent example of twelfth and thirteenth century
Mongol armies successfully employing such doctrine.


[4] Arquilla, John. "The Strategic Implications of Information Dominance."
Strategic Review (Summer 1994): 24-30.

Focuses on the importance of information dominance over traditional
attritional and maneuver techniques. Introduces control warfare and
advocates a systems approach to identifying and attacking an adversary's
"center of gravity". Identifies the links between systemic elements as key
targets.


[5] Campen, Alan D., ed. The First Information War: The Story of
Communications, Computers, and Intelligence Systems in the Persian Gulf
War. (Fairfax, VA: AFCEA International Press, 1992.)

Often cited reference on the role of information, communications, command,
control, and electronic warfare in the Persian Gulf War.


[6] Campen, Alan D. "Information Warfare is Rife with Promise, Peril."
Signal 48 (November 1993): 19-20.

Argues military leaders must understand the nature of change in warfare
inherent in information based warfare. The right changes will act as
effective force multipliers. The wrong changes, or failure to change, will
leave the United States dangerously exposed. Discusses specific military
issues.


[7] Campen, Alan D. "Vulnerability of Info Systems Demands Immediate
Action: Reliance by Military on Commercial Communications Infrastructure
Poses Significant Peril to United States." National Defense (November
1995): 26-7.

Focuses on military reliance on commercial communications and market driven
security policy. Argues for stronger government role in assuring the
security of the National Information Infrastructure.


[8] Clausewitz, Carl von. On War. (New York: Viking Penguin, 1988.)

Classic text on warfare that has dominated military thinking for over a
century. Clausewitz regards information as generally unreliable in war.
This can be explained by his focus on operational and tactical level
issues, and his pre-Industrial Age frame of reference. Unfortunately,
Clausewitz so dominates military thinking that his bias against information
and intelligence has in some cases undermined acceptance of the precepts
information warfare.


[9] Dubik, James M., and Gordon R. Sullivan. "War in the Information Age."
AUSA Institute of Land Warfare, Landpower Essay Series 94-4 (May 1994): 16
pages.

Parallels the changes needed in today's Information Age military with the
changes that were necessary in the Industrial Age military at the turn of
the century. Specifically, the network as the model replaces the machine as
the model; near-simultaneous, continuous, short-run production replaces
paced, sequential, continuous, long run production; and, mass-customized
products, precisely targeted, with near-instantaneous distribution replaces
mass output.


[10] Franks, Frederick M., Jr. "Winning the Information War" Vital Speeches
of the Day 60 (May 15, 1994): 453-8.

Discusses the shift from hierarchical organizations to networked
organizations necessary in information based warfare. Traces the evolution
of command, control, communications, and intelligence through major wars.
Emphasizes the need for rapid, reliable sharing of information across units
and at different levels instead of traditional stove-piped intelligence
activities.


[11] Grier, Peter. "Information Warfare." Air Force Magazine (March 1995):
34-7.

Provides overview of information warfare from the U.S. military
perspective. Pulls together information from many sources highlighting key
topics.


[12] Handel, Michael I. Sun Tzu and Clausewitz Compared. (Carlisle
Barracks, Pennsylvania: U.S. Army War College, 1991.)

Compares the two most highly regarded classic texts on warfare. Section on
deception, surprise, intelligence, and command and control speaks to issues
related to information warfare.


[13] Jensen, Owen E. "Information Warfare: Principles of Third-Wave War."
Airpower Journal (Winter 1994): 35-43.

Summarizes War and Anti-War [31] and proposes eight principles of
information warfare grouped into four categories summarized as: "(1)
thicken the fog of war for our enemy, (2) lift the fog of war for ourselves
to create a transparent battlefield, (3) ensure that our enemies can't turn
these tables on us, and (4) always fight the information war with full
intensity."


[14] Johnson, Stuart E., and Martin C. Libicki, eds. Dominant Battlespace
Knowledge: The Winning Edge. (Washington, D.C.: National Defense University
Press, 1995.)

Introduces the concept of dominant battlespace knowledge which is the
ability to collect real-time battlefield information, understand that
information, and turn that knowledge into a decisive battlespace advantage.
Discusses necessary doctrinal changes.


[15] Lawrence, R. E., and A. J. Ross. "Equities: Dissemination vs.
Protection: Information Warfare Workshop Results." First International
Symposium on Command and Control Research and Technology (June 1995):
566-8.

Recommends action to raise public awareness of the threat of information
warfare. Recognizes vulnerabilities to national information infrastructure.
Argues information needs to be shared instead of overprotected, on the
premise that some adversaries, notably hackers, have achieved their
relative effectiveness largely through the practice of information sharing.


[16] Libicki, Martin C. What is Information Warfare? (Washington, D.C.:
National Defense University Press, 1995.)

Proposes seven distinct forms of information warfare: command and control
warfare, intelligence based warfare, electronic warfare, psychological
warfare, "hacker" warfare, economic information warfare, and cyberwarfare.
Posits that the concept of information dominance is hollow.


[17] Libicki, Martin C. The Mesh and the Net: Speculations on Armed
Conflict in a Time of Free Silicon. (Washington, D.C.: National Defense
University Press, 1995.)

Analyzes the "revolution in information technology." Argues that technology
begets doctrine and doctrine begets organization, implying a possible need
for organizational changes in the military. Examines a proposed
"Information Corps".


[18] Libicki, Martin C., and James A. Hazlett. "Do We Need an Information
Corps?" Joint Forces Quarterly 1 (Autumn 1993): 88-97.

Examines the debate as to whether a separate Information Corps should be
created. The benefits would be common doctrine, inherent standardization,
and increased innovation. The downside would be a lack of integration with
other forces.


[19] Libicki, Martin C. "Dominant Battlefield Awareness and its
Consequences." First International Symposium on Command and Control
Research and Technology (June 1995): 550-9.

Introduces the concept of dominant battlefield awareness. Predicts the
ability to achieve perfect knowledge of a 200 mile square battlefield by
the year 2008. Discusses the technological requirements for achieving
dominant battlefield awareness. Examines the pros and cons of related
issues.


[20] Lucky, Robert W. Silicon Dreams: Information, Man, and Machine. (New
York, NY: St. Martin's Press, 1989.)

Discusses in layman's terms the concept of information, information theory,
and information processing. Provides even coverage of philosophical and
technical issues. Touches on almost every important aspect of information.


[21] Mann, Edward. "Desert Storm: The First Information War?" Airpower
Journal (Winter 1994): 4-14.

Takes the theory of information warfare and ties it together with specific
examples from the Persian Gulf War. Discusses many key concepts in concise,
readable terms.


[22] Nielson, Robert E., and Charles B. Gaisson. "Information - The
Ultimate Weapon." First International Symposium on Command and Control
Research and Technology (June 1995): 545-549.

Examines the differences between war in the Industrial Age and war in the
Information Age. Focuses in on the decision environment and the old and new
paradigms for decision making. Argues for greater technological support for
decision making to reduce need for fallible intuition.


[23] Peterson, A. Padgett. "Tactical Computers Vulnerable to Malicious
Software Attacks." Signal 48 (November 1993): 74-5.

Highlights the role of tactical computers in warfare, examining their
vulnerability to viruses. Discusses the history of viruses, how they work,
what they are capable of, and theoretical reasons why no perfect defense
can be established. Examines practical measures that can be taken with
tactical computers to reduce the threat.


[24] Ryan, Donald E., Jr. "Implications of Information Based Warfare."
Joint Forces Quarterly (Autumn-Winter 1994-5): 114-6.

Discusses the need to re-examine doctrine in light of advances in
technology. Draws analogies between traditional Industrial Age warfare
doctrinal elements and proposed future doctrine.


[25] Schwartau, Winn. Information Warfare: Chaos on the Electronic
Superhighway. (New York, NY: Thunder's Mouth Press, 1994.)

Popular text on information warfare in general. Full of anecdotes. Lacks
grounding in the theoretical basis of warfare. Divides information warfare
into personal, corporate, and global information warfare.


[26] Science Application International Corporation (SAIC). Information
Warfare: Legal, Regulatory, Policy, and Organizational Considerations for
Assurance. (Prepared for the Joint Staff, 4 July, 1995.)

Exhaustive legal reference on the legal, regulatory, policy, and
organizational implications of information warfare. Cites specifics in
public law, executive orders, court decisions, etc.


[27] Starr, Stuart H., and Dale K. Pace. "Developing the Intellectual Tools
Needed by the Information Warfare Community." First International Symposium
on Command and Control Research and Technology (June 1995): 577-86.

Outlines a detailed conceptual framework for understanding information from
the military perspective. Leaves room for further definition of
non-military elements of information warfare. Examines toolsets applicable
to the support of the information warfare community.


[28] Stein, George J. "Information Warfare." Airpower Journal (Spring
1995): 31-39.

Discusses a definition of information warfare, development of a strategy
for information warfare, the U.S. Air Force perspective, and the danger of
failing to address information warfare. Sees the rise of information
warfare as similar to the rise of Airpower.


[29] Stoll, Clifford. The Cuckoo's Egg: Tracking a Spy Through the Maze of
Computer Espionage. (New York: Doubleday, 1989.)

Classic true story of international information warfare over the Internet.
Often referenced.


[30] Szafranski, Richard. "A Theory of Information Warfare: Preparing for
2020." Airpower Journal (Spring 1995): 56-65.

Defines information and warfare. Focuses on psychological warfare aspects
on information warfare. Sees the primary target of information warfare as
the knowledge and belief systems of the adversary.


[31] Toffler, Alvin, and Heidi Toffler. War and Anti-War: Survival at the
Dawn of the 21st century. (New York, NY: Little, Brown, and Company, 1993.)

Traces the evolution of warfare through agrarian, industrial, and
informational warfare "waves." Forecasts the future of human conflict.
Constantly referenced and highly recommended by other authors on the
subject of information warfare.


[32] Tzu, Sun (Griffith, Samuel B., trans.) The Art of War. (New York:
Oxford University Press, 1963.)

Ancient text on warfare popularized due to Sun Tzu's holistic view of
warfare and the increasing irrelevance of Clausewitz's classic On War in
the Information Age. Unlike Clausewitz, Sun Tzu regards information as
indispensable in reducing the uncertainty of war. Much of The Art of War is
arguably applicable to information warfare.


[33] Waller, Douglas. "Onward Cyber Soldiers." Time (August 24, 1995):
38-46.

Focuses mostly on examples and speculation to describe information warfare.
Provides a summary of some of the major papers on information warfare.
Includes many salient points.


[34] Wardynski, E. Casey. "The Labor Economics of Information Warfare."
Military Review (May-June 1995): 56-61.

Examines the economics of providing appropriate education in the nation's
public schools to ensure the numbers of quality workers that will be
required to support and defend the nation in the Information Age. Analyzes
the wages these people can expect to make and discusses the tradeoff
between developing technologies that require low skill, low wage workers,
versus developing technologies that require high skill, high wage workers.


[35] Cornerstones of Information Warfare. (Department of the Air Force,
1995.)

States the Air Force's definition of information warfare. Outlines the
traditional elements of warfare which comprise information warfare.
Discusses how Air Force doctrine should change to accommodate information
warfare.


[36] Jumpstart Information Warfare Briefing. (Department of the Air Force,
1995.)

Open source briefing ordered by the Air Force Chief of Staff to educate
Major Command and Numbered Air Force commanders and staffs on the subject
of information warfare. Contains numerous examples of information warfare
activities.


[37] National Defense University School of Information Warfare and Strategy
Syllabus, Academic Year 1995-96.

Details goals, objectives, lessons, and labs taught at the School of
Information Warfare and Strategy.


[38] U.S. Army Field Manual (FM) 100-6, Information Operations, 8 July,
1995 Working Draft.

States the Army's definition of information warfare. Discusses information
environment, threats, information dominance, information operations,
command and control warfare, intelligence, information systems, and
information activities.


[39] U.S. Army TRADOC Pamphlet 525-9, Concept for Information Operations, 1
August, 1995.

"This concept describes the importance of information and how to win the
information war in military operations now and into the twenty-first
century."