Uri
Fisher
November 2001
|
Uri Fisher received his B.A. in political science in 1998 from Allegheny College and his M.A. in 2001 from the Department of Government and International Affairs at the University of South Florida. He is currently a PhD candidate focusing on international relations in the Department of Political Science at the University of Colorado-Boulder. Uri has a forthcoming article in the Journal of African Policy Studies examining the ramifications of the Information Revolution on Africa's future security environment. He has also presented a number of papers at professional conferences on cyber-security issues. His research interests include security, intelligence, US foreign policy, Russia, and terrorism. |
Introduction
The “information revolution” has become a master metaphor for today's world. Society has gone digital. Connectivity and instantaneity have become the order of the day, as major portions of the world have moved into an information-intensive postindustrial environment. Information technologies continue to evolve and further permeate everyday life. Although societal technological inculcation echoes of sophistication and poise, questions linger and adaptation challenges are newly emerging.
One of the least resolved ramifications of the information revolution is its effects on national security and homeland defense. It is becoming apparent that society's growing reliance on information technology is more perilous than it has thus far recognized. Although no blood has been spilled during the information revolution, we are witnessing the first “casualties” on the front lines of this technological uprising. As the Cold War's fog has almost completely lifted from the security landscape, new threats must be confronted. The objectives of this article are to (1) discuss the newly emerging cyberterrorism threat and (2) analyze how cyber-security threats are deterritorializing national security and the bearing this has on homeland defense.
Information technologies have upended a number of traditional assertions involving spatial and geographical security. Because of the extent to which information technology applications, such as the Internet, are inherently dislocated from the physical realm, state sovereignty has become more ambiguous and the defense of a nation is becoming more complex. Threats to security through the use of information technology have fundamentally altered the notion of territorial sanctuary. A country such as the United States, which for more than 200 years has enjoyed the sanctuary provided by vast oceans and benevolent neighbors, can no longer secure itself by mere control of the air, land, and seas. Boundaries and borders become lost in the ever-expanding realm of cyberspace. Cyberspace has no front line, and potential battlefields can materialize anywhere networked systems permit entry. Traditional “castle and moat” views of security are not applicable to this new threat.
No longer a figment of Hollywood's often-apocalyptic imagination, Information Age security threats have become real and urgent aspects of national security for developed nations. While chemical, biological, and nuclear attacks remain at the forefront of most states' security concerns, less tangible and more unconventional threats are becoming significant issues for defense and intelligence establishments around the world. Cybercrime, cyberterrorism, and cyberwar are salient issues that will threaten both military and civilian aspects of security. Computer hackers are now often involved in many regional, religious, and ethnic conflicts. Countries such as the United States, Russia, Israel, China, and France are known to be developing robust cyberwarfare arsenals, while terrorist groups have long been known to use information technologies for communication, organization, and propagandizing. The necessity to protect information systems, which have become the spinal cord of many industrialized nations, is pressing. Cyberspace has become the “locus of valuable national assets and activities and is an important medium of passage. It thus needs defending and can be used to attack others,” wrote S. E. Goodman 1996. [1] There exists a deep-seated new peril in the cyber-dimension, where the facility to network has outpaced the ability to ensure security. Information Age nations are already witnessing the first wave of attacks, assaults, and manipulations on their information systems.
Cyberterrorism, Information Warfare, and the Frumious Bandersnatch
To put it mildly, there has arisen a “definition quagmire” in terms of Information Age security threats. Perhaps the situation would be better termed a “definition maelstrom.” Due to the newness of the topic and its sensationalistic nature, there have been few walls erected around the pertinent concepts in cyber-security taxonomy. There exists a body of literature that is chaotic and disorganized. Attempts to harness this topic analytically have faltered. Analyst Geoffrey French noted that “Terms such as cyber war and net war have so many meanings and nuances, that the words quickly become confusing or lose their meaning altogether … Before too long, the articles seem to have been written by Lewis Carroll, with dire warnings of the Jabberwock, the Jubjub bird, and the frumious Bandersnatch.” [2]
This article focuses on the cyber-security component of the Information Age, not the spectrum of information operations that have begun to permeate military jargon. The threats pertinent to this discussion are often referred to as information warfare or cyberterrorism. Ivan Goldberg defined information warfare as “the offensive and defensive use of information and information systems to deny, exploit, corrupt, or destroy, an adversary's information, information-based processes, information systems, and computer-based networks while protecting one's own.” [3] Another analyst, Roger Thrasher, maintained that the purest form of information warfare is “the use of information and information systems as weapons against target information and information systems.” [4] Similarly, Canada's Department of National Defense defines information warfare as “actions taken to achieve a goal by influencing and controlling adversary information, computer processes and information systems, while protecting one's own information, computer processes and information systems.” [5] The United Kingdom Ministry of Defence characterizes information warfare as the “deliberate … and systematic attack on critical information activities” that seek to exploit, modify, corrupt information or to deny service. [6]
Trends and Evidence
Further enhancing the poignancy and relevance of cyber-security threats is a growing body of statistical evidence. Because of the newness of Information Age security threats and their ethereal nature, skepticism is common. Information Age threats continue to reside on the extraordinary and exotic end of the security spectrum. They are sometimes portrayed as alarmist or as mere hyperbole. However, empirical indicators are changing these perceptions to a certain degree. Policy makers and security analysts must recognize the significant trends in information security.
The Computer Security Institute fifth annual CSI/FBI Computer Crime and Security Survey (2000) represented perhaps the most thorough and sound empirical analysis of cyber-security threats up to that time in the United States. The study was based on the responses of 643 security practitioners in U.S. corporations and government agencies.
Some of the more prominent findings by CSI were that the aggregate cost of computer crimes and security breaches had risen dramatically over a 4-year period. Of those surveyed, total annual financial losses because of cybercrime activities in 1997 was $100 million. In 2000, financial losses were estimated to be more than $265 million. Furthermore, in 1996, 42 percent of the respondents said they had “experienced unauthorized use of computer systems.” In 2000, 70 percent answered that they had. Moreover, 25 percent of the respondents said that they detected systems penetrations from outside (non-employee) sources. In summation, the findings of the 2000 survey confirmed that (1) “Organizations are under cyber attack from both inside and outside of their electronic perimeters,” (2) “A wide range of cyber attacks have been detected,” and (3) “Cyber attacks can result in serious financial losses.” [7]
Carnegie Mellon University's Crime Response Team (CERT), America's premier cybercrime center, also has statistics pointing to increased cyber-security breaches. The Defense Advanced Research Projects Agency created CERT in December 1988 in response to the Morris Worm incident that crippled approximately 10 percent of all computers connected to the Internet. CERT's charter is to work with the Internet community to detect and resolve computer security incidents. CERT reports that there were 132 cyber-incidents reported to them in 1989, 252 in 1990, 1,334 in 1993, 2,412 in 1995, and 9,859 in 1999. There was an increase of approximately 120 percent from 1999 to 2000, with 21,756 incidents being reported in 2000. Moreover, there have already been more than 7,000 incidents reported to CERT in the first quarter of 2001. [8]
There remains an uncertainty concerning what exactly such indices mean for a nation's security. Most of these breaches can probably be categorized as “nuisance” attacks. More critical to national security are attacks with the goal of diminishing the ability of the nation to maintain its national interests, rather than simply misbehaving with a computer. These statistics do little to differentiate between levels of threats. However, they do illustrate that cyberspace is increasingly becoming a forum for malevolent activity. As states become ever more dependent on information and information systems, such trends are foreboding.
In addition to the growing body of empirical evidence supporting increased intrusions of cyber-based systems, there have also been documented incidents in the United States that illustrate the fragility of current information systems. Probably the best-known cyber-incident in the U.S. defense community is “Eligible Receiver,” a June 1997 military exercise that was conducted to illustrate the vulnerability of critical U.S. information systems. During the exercise, the National Security Agency (NSA) demonstrated how a hostile enemy could disrupt computer operations at major military command centers, molest the electrical power grid, and tamper with processes relevant to national security. NSA hackers could have shut down the U.S. electric power grid in days and shut down the command and control capability in the Pacific theater. The “hackers,” posing as instruments of North Korea, used easily obtained software from hacker sites on the Internet. U.S. officials said that within days, the team of 50 to 75 NSA hackers had inflicted crippling damage. Moreover, the hackers were successful in foiling almost all efforts to trace them. Of the NSA groups involved in the exercise, only one was uncovered and identified. [9]
Another prominent incident was not an exercise. On 6 October 1999, U.S. officials reported to Congress that an extensive attack on government information systems had been under way for a year. The attack, named “Moonlight Maze,” remains mostly classified. However, a hacker broke into the Department of Defense system, the Energy Department's nuclear weapons and research labs computers, NASA, and some defense contractors' systems. The systems breached were unclassified; however, the amount of extracted material was extensive. The attacks were traced to an Internet service provider just outside Moscow that had ties to the Russian Academy of Science. Russian foreign intelligence denied any connection to the Academy, and the motives and identity of the attackers were never clearly established. [10]
These are just two of the many cyber-incidents that have occurred in the past decade. Breaches in information systems have become commonplace. In fact, 80 to 100 cyber-intrusions of varying degrees are detected daily, and roughly 10 require detailed investigations at the Department of Defense. The actual number of intrusions is thought to be much higher, as many attacks go undetected. There are more than 80 open counterintelligence cases involving cyber-breaches, with 15 to 20 being added every month. [11]
Furthermore, security specialists acknowledge that countries such as China, Russia, Israel, France, and the United States are developing highly sophisticated information warfare capabilities. The Department of Defense has developed a Cyberwarfare Center that develops cyber-capabilities and strategies designed to manipulate and interfere with enemy logistical and defense systems. Programmers at the Center were used during the Kosovo conflict to mount “computer attacks on foreign bank accounts held by President Slobodan Milosevic of Yugoslavia and other Serbian leaders, with the goal being to drain assets or alter banking records.” [12] Both China and Russia also have schools that focus on developing information warfare methodologies. [13] China's Communication Command Academy in Wuhan has emerged has a focal point for information warfare research and development. Moreover, the Chinese view information warfare strategies as legitimate means to disrupt the enemy. “A Chinese General in 1996 indicated in a military publication that in future wars computers would be vulnerable in three ways,” John A. Serabian, Jr., told the Joint Economic Committee on Cyber Threats and the U.S. Economy in 2000. “'We can make the enemy's command centers not work by changing their data system. We can cause the enemy's headquarters to make incorrect judgment by sending disinformation. We can dominate the enemy's banking system and even its entire social order.'” [14]
The primary questions of this dialogue no longer can afford to simply be whether cyber-security is a viable concern for a nation's defense calculus. Security threats in cyberspace are real. Information Age nations have assembled exceptionally complex information systems on unstable foundations, paving the way for a bevy of new threats. Increased reliance on information and information systems, the ease of mounting cyber-attacks, and the present lack of countermeasures will make cyberspace an Achilles' heel for any Information Age nation.
Territoriality in Flux
The state and its monopolistic jurisdiction, or sovereignty, over a particular territorial unit has been the basic unit for the division of global space in modernity. This territorial space, delineated by a combination of geography and human manufacture, serves as a sphere of control over various social, political, economic, and security dimensions. A central authority characterizes nation-states exercising political power over the discrete geographical territory formed by national borders. The nation-state has a claim to the allegiance of that territory's population, has control of national resources, and acts as the sole representative of that territory in relations with the similar entities that control other territories. [15]
A number of proclamations have been put forth recently asserting the “death of distance,” a “porosity of borders,” and even the “end of the nation-state” in the Information Age. The deterritorialization of the state has become a common theme in international relations. These arguments should be tempered to some extent, as much of the world has not succumbed to a new territorial order. For many states, the erection of new fences and boundaries, rather than their removal, was commonplace in the past decade, for example in the former Soviet Union and Eastern Europe. Moreover, the Westphalian state system remains entrenched. States continue to assert the territorial extent of their sovereignty through delineation and control over their borders.
Unmistakably, however, important issues have been raised regarding territoriality. Globalization and the agents of change of this era have challenged the concept of territorial dominion. Joseph A. Camilleri and J. Falk argued that the new environment is one in which “decisions and outcomes do not correspond with the choices of sovereign wills and are not contained by the boundaries within which they operate.” [16] Globalization, many argue, is presenting a different articulation of time and space. Simon Dalby wrote that “states may no longer be the neat containers of political community that international relations and political geography have for so long assumed" and this calls for “more nuanced political cartographies.” These new cartographies, he continued, “suggest the need for multiple and overlapping maps … which pay less attention to the boundaries of states and more to the flows and fractures that run across these boundaries.” [17]
People, money, images, and ideas now follow increasingly irregular paths. Though we find it comforting to think and talk in terms of landscapes, a more realistic vision of the world may involve ethnoscapes, technoscapes, financescapes, mediascapes, and ideoscapes. [18] The world in which we live can no longer be conveniently delineated by imposed boundaries. The two-dimensional Cartesian reality that we have become accustomed to is becoming less definitive. As Nevzat Soguk wrote, “In reflecting upon the conditions of local and global interactions, there seems to be a loose convergence around an image that makes it increasingly more problematic to speak of the conditions of local and global life in terms of a Cartesian spatial segmentation built around the image/name of the modern state.” [19]
The borderless medium of cyberspace, a de facto representation of globalization, has made considering new perspectives of global organization a necessity. The territorial state, although still an absolute in numerous contexts, is de-emphasized in the Information Age. As James N. Rosenau wrote:
Another means of understanding the altered role of states is to highlight the significant ways in which territoriality has lost much of its organizing focus. The history of states is a history of territorial division, of clearcut links to geographically bound spaces, but in the emergent fragmegrative epoch these links have become frayed and deterritorialization has become a prime consequence of all the boundary-spanning flows … The advent of the Internet and other electronic mechanisms for transgressing-rather, ignoring-differentiated territorial units is illustrative in this respect. [20]
The very fabric of the “information superhighway” reconceptualizes our antediluvian approach to space. Electronic information does not correspond with the geographical doctrines that most morphological and cartographic depictions have customarily leaned upon. Cyberspace is a nonphysical place. It has no location; it has no fixed identity; it is an imaginary world. Cyberspace is a virtual reality. A detachment from the earthly world of matter is occurring as more processes that are human move into the “ether.” As French philosopher Paul Virilio stated, “I think that the infosphere-the sphere of information-is going to impose itself on the geosphere. We are going to be living in a reduced world. The capacity of interactivity is going to reduce the world to nearly nothing.” [21]
The empowerment of individuals by way of information technologies has been fairly well contemplated by now, if not completely understood. New technologies have given people the ability to obtain information, communicate, organize, conduct economic transactions, and politicize with little or no regard for national borders. These activities are now beyond the control of governments in many ways. Furthermore, distance itself has come to represent a lesser challenge than ever before. E-mails are sent back and forth, taking no time to observe the once formidable geographic and temporal impediments of oceans, mountains, inclement weather, a flat tire, or things of that ilk. Web surfers hop online and immediately can access a world of “distant encounters and instant connections,” where “knowledge and information do not have to wait.” [22] The proverbial global village persists as citizens exchange information, browse the cyber-bazaar, conduct a myriad of economic transactions, or simply trade banalities in a digital salon. Information is carried by the “wings of energy” around the world and “leaks like a universal solvent.” [23] The global deluge of money, images, ideas, and threats has overflowed the accepted system of “national dikes” that has long preserved state autonomy and control, according to the Commission on Global Governance. [24] Advents such as the Internet and the cornucopia of newly emerging telecommunication and information technologies, as well as the applications and processes that they have engendered, do not succumb to territorial and geographical restraints.
Territoriality and Security
A rich body of literature exists on geopolitical aspects of security, exemplified by the writings of Montesquieu, Mahan, and Mackinder. Throughout time, there have been very few issues in international relations that have been connected to territoriality as much as security. Switzerland, for instance, which is landlocked and surrounded by mountains, must view territorial defense in a different manner than does Britain.
Irrespective of geographical reality, the protection of core values or vital interests within a sovereign space is one of the more universally accepted premises of security. It can be said that territory “ties down” security and “supplies the traditional referent for its enjoyment.” [25] Security without territory makes for a conceptual morass.
The United States has significantly capitalized on its own geographical place in the world. Transnational military striking ability, coupled with being located in an unthreatening hemisphere, has allowed the United States to become much of what it is today. However, both Pearl Harbor and the Soviet nuclear capability in the 1950s called into question the primacy of U.S. geographic sanctuary. Soviet intercontinental missile capabilities fundamentally challenged from afar the industries and institutions that had formed the foundation for U.S. economic prosperity. Territory was significantly unbundled at that point.
John Hertz believed that the demise of the territorial state was inevitable because it was no longer able to provide the protection that had been the necessity for the selection of various forms of human organization. [26] Instead, he argued, a larger mode of organization would emerge, one dominated by a single power and more adept at surviving in a bipolar nuclear world. Security, before the intercontinental missile capacity of a number of states, devoutly clung to geographical separation and national borders, known as the “hard shell” of states. Nuclear weapons defied the most basic elements of the territorial defense argument.
The effect of information technologies on the erosion of territorial importance is similar to the erosion engendered by intercontinental missiles. Cyber-threats also have transnational reach. However, cyberspace defies the principle of physicality in a more profound manner. Whereas nuclear weapons may be more potent in destructive capability, cyberspace “unbundles territory” more completely. Even with nuclear weapons, the traditional representation of security characterized by “external actors penetrating the threatened state in some material fashion” persists. [27]
All forms of warfare in the past involved threats to geographically based assets by physically based assets. Massed armies, ballistic missiles, or the host of other instruments used in warfare and conflicts are grounded in physicality. They attack physical entities and are physical entities themselves. They can be located territorially and counterattacked.
However, actors no longer need to penetrate a country such as the United States physically to threaten its sanctuary. Control of the physical elements of air, land, water, and space can no longer make up the entirety of a nation's security strategy. As President Clinton stated in a 1999 address to the National Academy of Sciences: “Terrorist and outlaw States are extending the world's fields of battle, from physical space to cyberspace … We must be read ready if our adversaries try to use computers to disable power grids, banking, communications and transportation networks, police, fire and health services-or military assets.” [28]
The new topography of cyber-security threats poses unfamiliar challenges to state security. Attacks levied in cyberspace defy all forms of physical impediments. Thus, an ambiguity surrounds them at almost every level. It is often impossible to determine where an attack originated, who is behind it, or what the motive may have been. [29] Furthermore, an attack in cyberspace disrupts a less tangible entity than physical installations. Because of cyberspace's placelessness, defining the “where” and “what” of that which has been attacked proves to be an exercise in spatial philosophy as much as anything else. Networks are no longer based in physical structure; they are based on information flow. The exact location of information is not readily apparent. Specific information might be located in different places or nations simultaneously. It can also travel at immense speeds, quickly changing its location. These realities make targeting or defending information resources complicated. Recent computer hacking and other forays into cyberspace by various actors have transited multiple continents, bouncing from one server to another across Europe, Asia, and South America, finally finding their target somewhere in the United States.
The temporal and geographical sanctuary to which the United States has become accustomed is now distinctively weakened. Jeffrey Cooper wrote, “The increasingly intertwined nature of the 'infosphere' also means that there are no impenetrable boundaries between nations or domestic domains; and this loss of geographic reality has exposed the formerly safe rear areas of the nation's domestic infrastructure.” [30] Cybercriminals, cyberterrorists, information warfare campaigns waged by states, and other information security threats are not hampered by distance between themselves and their target. As analysts Richard O. Hundley and Robert H. Anderson noted, “Since threats in cyberspace pay no regard to regional or national boundaries … the perpetrator of a security incident can just as well be on the other side of the world as across the street.” [31]
Military forces alone forming a wall between the aggressor and the homeland in this new information era are ineffectual in cyberspace. Weapons of the Information Age are able to outflank and circumvent military capabilities. Attacks materialize in the ether, corrupting, manipulating, and unleashing havoc on entities that are more notional than physical. The bulwarking against enemies of the state, by way of securing national borders, does not work to deter cyber-threats. Although a cliché, the statement that “electrons do not stop to show passports” is very telling.
The antiquated castle-and-moat security, with the construction of stronger walls and deeper moats being the primary protocol, no longer applies in the Information Age. The interdependence and connectivity of information systems do not permit divisible segregation. The stark provincialism of “national security” must be replaced by a cognizance of the global threat environment of spatial interlinkage. [32] Cyber-security is acutely transnational, as no state maintains sovereignty over cyberspace.
The Locus of Valuable Assets
Although it is clear that cyberspace is detached from the tangible world, in terms of spatiality, questions persist. One of these is “So what?” Cyberspace is placeless, information bounds across the globe, and geography means nothing there. What does this have to do with a nation's security? Moreover, what exactly is “located” in cyberspace that threatens a nation's geographic sanctuary? How does the defense of the homeland relate to cyberspace?
At the heart of these questions lie “critical information infrastructures.” As already noted, many developed countries have erected extremely complex information systems in the past decade. Sweden, Norway, Denmark, England, Canada, Japan, Germany, Singapore, Australia, Switzerland, and the United States have placed some of the most fundamental pillars of modern society in the hands of information systems. Infrastructures, or “the basic facilities, services, and installations needed for the functioning of a community or society” [33] are now often controlled and operated by computers and information networks.
The Clinton Administration's White Paper on Presidential Decision Directive 63 (1998) defined “critical infrastructures” as “those physical and cyber-based systems essential to the minimum operations of the economy and government.” The President's Commission on Critical Infrastructure Protection verified that the following sectors make up U.S. infrastructures [34]:
The United States depends heavily on the operation of these systems, and their protection directly involves national security. American society relies on their functionality. As the President's Commission on Critical Infrastructure Protection wrote in 1997: “Reliable and secure infrastructures are thus the foundation for creating the wealth of our nation and our quality of life as a people.… Certain of our infrastructures are so vital that their incapacity or destruction would have a debilitating impact on our defense and economic security.” [35]
The effective operation of these infrastructures relies on information networks. These networks are a succession of points that are interconnected by various communication channels common to all users. The speed, efficiency, and effectiveness of networks and digital communications have made network connection, notably to the Internet, a requisite in the Information Age. With the Internet and the millions of computers employed in commercial, academic, government, and private use, all infrastructures have become increasingly dependent on one another. These computer-reliant networks allow for electronic transfer of funds, distribution of electrical power, control of gas and oil pipeline systems, delivery of goods and services, responsive emergency services, and a host of other logistics. Furthermore, they support the military's command and control system, making them a strategic vulnerability. Approximately 95 percent of U.S. military traffic moves over civilian telecommunications and computer systems. [36]
Although this integrated system may improve efficiency, it puts national security in an uncertain position. Due to the lack of borders and boundaries in cyberspace, it has become impossible to strictly demarcate and secure these vital systems. As Michael Vatis stated in 1997:
There is no way to draw a line around the Continental United States and say that our information infrastructure belongs to us. Because there is no way to sever it from the information infrastructure that connects the rest of the world. What that means is that our infrastructure is accessible, not only to our friends around the world, but also to our potential foes. It is just as easy to engage in a cyber attack from Tehran as it is from Toledo, Ohio. [37]
A state that places its critical infrastructures under the control of information technologies can no longer rely on geographical boundaries or benevolent neighbors to buffer these systems.
Lawrence Gershin, the top adviser to the U.S. Central Intelligence Agency on science and technology, summed it up well in an address to Congress in 2001: “Attacks on our military, economic or telecommunications infrastructure can be launched from anywhere in the world, and they can be used to transport the problems of a distant conflict directly to America's heartland.” [38]
Conclusion
The cyber-security debate is still very much in its infancy. The information revolution must become increasingly integrated into discussions about 21st-century national security. Defense communities around the globe are beginning to view information system security as perhaps their biggest challenge in the coming decades. The influence of information technologies on state security is so invasive that it is becoming increasingly difficult to separate state security from information security. Just as the transition from agriculture to industry was characterized by an industrialization of state security, the transition from industry to information is also recharacterizing state security.
Because of the unbundling of territoriality in cyber-security, new outlooks on how to procure security are necessary in today's world. The premise of territorially fixed states, with anything of value lying within their national borders, is disintegrating. The state's central authority over a discrete geographical area continues to diminish. Valuable national resources, notably information, cannot be fenced and effectively cut off from the rest of the world. Increasingly, security notions will have to be broadened in the Information Age. Damage brought about by the theft of digital information, destruction of data, or the disruption of communication services requires methodologies starkly different from those used to deal with conventional attacks. The international community, as well as the private sector, will become key players in any nation's efforts to secure their information systems from foreign governments, terrorists, and lone hackers.
Cyberspace and the security threats born out of it have raised the stakes
for the deterritorialized state. The security spectrum can no longer cling to
these notions. Qiao Liang and Wang Xiangsui, senior colonels in China's People's
Liberation Army, encapsulated these ideas candidly in their book Unrestricted
Warfare:
In this world of mutually penetrating political, economic, ideological, technical,
and cultural influences, with networks, clones, Hollywood, hot girls [Internet
pornography], and the World Cup easily bypassing territorial boundary markers,
it is very hard to realize hopes of assuring security and pursuing interests
in a purely national sense. Only a fool like Saddam Hussein would seek to fulfill
his own wild ambition by outright territorial occupation. Facts make it clear
that acting in this way in the closing years of the 20th century is clearly
behind the times, and will certainly lead to defeat.
With society continuing its relentless march toward increased connectivity
and digitalization, the relevance of these remarks will only grow stronger.
As the blurring of “here” and “there” continues, the topography
of the world's security landscape will involve actual landscapes less and less.
1. S. E. Goodman, “War, Information Technologies, and International Asymmetries,” Communications of the Association for Computing, Vol. 39, No. 12, December 1996.
2. Geoffrey S. French, “Shunning the Frumious Bandersnatch: Current Literature on Information Warfare and Deterrence,” the Terrorism Research Center, 2000 (www.terrorism.com/analysis/iw-deterrence.shtml).
3. Ivan Goldberg, Institute for the Advanced Study of Information Warfare, 2000 (www.psycom.net/iwar.1.html).
4. Roger Thrasher, “Information Warfare Delphi: Characteristics of Information Warfare” in Winn Schwartau (ed.) Information Warfare (New York: Thunder's Mouth Press, 1996), p. 579.
5. Annex B to 1350-004-D001, “Information Warfare and the Canadian Forces” (www.dnd.ca/img/library/ewa/b-gloss.pdf).
6. Andrew Rathmell, “Cyber-Terrorism: The Shape of Future Conflict?” Royal United Service Institute Journal, October 1997.
7. 2000 CSI/FBI Computer Crime and Security Survey (San Francisco: Computer Security Institute, 2000).
8. “CERT/CC Statistics 1988-2001” (www.cert.org/stats/).
9. Bill Gertz, “Computer Hackers Could Disable Military,” Washington Times, 16 April 1998 (www.newdimensions.net/headlines/m02.htm).
10. Anthony H. Cordesman, Defending America: Redefining the Conceptual Borders of Homeland Defense (draft) (Washington, DC: Center for Strategic and International Studies Press, 2000), p. 47.
11. Steven M. Rinaldi, “Sharing the Knowledge: Government-Private Sector Partnerships to Enhance Information Security” (U.S. Air Force Institute for National Security Studies, 2000) (www.usafa.af.mil/inss/ocp33.doc).
12. Elizabeth Becker, “Pentagon Sets Up New Center for Waging Cyberwarfare,” New York Times, 8 October 1999(www.nytimes.com/library/tech/99/10/biztech/articles/08military.html).
13. Stephen W. Magnan, “Are We Our Own Worst Enemy? Safeguarding Information Operations,” Studies in Intelligence (unclassified edition) No. 9, Summer 2000 (www.cia.gov/csi/studies/summer00/art08.html).
14. John A. Serabian, Jr., statement for the record before the Joint Economic Committee on Cyber Threats and the U.S. Economy, 23 February 2000 (www.cia.gov/cia/public_affairs/speeches/archives/2000/cyberthreats_022300.html).
15. S. E. Goodman, “War, Information Technologies, and International Asymmetries,” p. 11.
16. Joseph A. Camilleri and Jim Falk, The End of Sovereignty? The Politics of a Shrinking and Fragmenting World (Aldershot, England: E. Elgar, 1992), p. 77.
17. Simon Dalby, “Crossing Disciplinary Boundaries: Political Geography and International Relations after the Cold War” in Eleonore Kofman and Gillian Youngs (eds.), Globalization Theory and Practice (London: Pinter, 1996), p. 39.
18. James N. Rosenau, “The Challenges and Tensions of Globalized Space” (Tokyo: The Toda Center, 1998) (www.toda.org/conferences/sydney/papers/rosenau.html).
19. Nevzat Soguk, “Transnational/Transborder Bodies: Resistance, Accommodation, and Exile in Refuge and Migration Movements on the US-Mexican Border” in Michael J. Shapiro and Hayward R. Alker (eds.), Challenging Boundaries (Minneapolis: Univ. of Minn. Press, 1996), p. 228.
20. James N. Rosenau, “States, Sovereignty, and Diplomacy in the Information Age,” Virtual Diplomacy, 1999 (www.usip.org/oc/vd/vdr/jrosenauISA99.html).
21. James Der Derian, “Speed Pollution,” Wired, Vol. 121, May 1996, p. 121 (www.wired.com/wired/archive/4.05/virilio.html).
22. Daniel Yergin and Joseph Stanislav, “The Commanding Heights: The Battle Between Government and the Marketplace That Is Remaking the Modern World,” in Frank Lechner and John Boli (eds.), The Globalization Reader (Oxford: Blackwell, 2000), p. 219.
23. Carl Builder and Brian Nichiporuk, “Societal Implications,” in John Arquilla and David Ronfeldt (eds.), In Athena's Camp: Preparing for Conflict in the Information Age (Washington, DC: RAND, 1997), p. 296.
24. Commission on Global Governance, Our Global Neighborhood (New York: Oxford Univ. Press, 1995).
25. Ian Clark, Globalization and International Relations Theory (New York: Oxford Univ. Press, 1999), p. 114.
26. John Hertz, “The Rise and Demise of the Territorial State,” World Politics, Vol. 9, No. 1, 1957, p. 473.
27. Ronnie Lipschutz, “On Security,” in Ronnie Lipschutz (ed.), On Security (New York: MacMillan, 1995), pp. 18-19.
28. Bill Clinton, “Remarks by the President on Keeping America Secure for the 21st Century,” Office of the Press Secretary, 22 January 1999 (www.acronym.org.uk/dd/dd33/33ussec.htm).
29. Gary Chapman, “National Security and the Internet” (Austin, TX: Univ. of Texas, 1998) (www.utexas.edu/lbj/21cp/isoc.htm).
30. Jeffrey Cooper, “The Emerging Infosphere,” Center for Information Strategy and Policy, Science Applications International Corporation, 1997, p. 27 (www.cisp.org/cisp_pub/infosphere_cooper.pdf).
31. Richard O. Hundley and Robert H. Anderson, “Emerging Challenge: Security and Safety in Cyberspace,” in John Arquilla and David Ronfeldt (eds.), In Athena's Camp: Preparing for Conflict in the Information Age (New York: RAND, 1997), p. 238 (www.rand.org/publications/MR/MR880/MR880.ch10.pdf).
32. Center for International Security and Cooperation, “Workshop on Protecting and Assuring Critical National Infrastructure: Next Steps” (Stanford, CA: Center for International Security and Cooperation, 1998).
33. S. E. Goodman, L. T. Greenberg, and S. J. Lukasik, “Infrastructure Protection: An International Perspective” (Stanford, CA: Center for International Security and Cooperation, 1998).
34. President's Commission on Critical Infrastructure Protection (www.info-sec.com/pccip/web/).
35. President's Commission on Critical Infrastructure Protection, Critical Foundations: Protecting America's Infrastructures, 1997 (www.info-sec.com/pccip/pccip2/report.pdf).
36. Frank Cilluffo, Joseph J. Collins, Arnaud de Borchgrave, Daniel Gouré, and Michael Horowitz, “Defending America in the 21st Century” (Washington, DC: Center for Strategic and International Studies, 2000), p. 4 (www.csis.org/homeland/reports/defendamer21stexecsumm.pdf).
37. Michael Vatis, “National Infrastructure Protection,” testimony before the Senate Armed Services Committee, 1997.
38.
Lawrence Gershwin, statement before the Congressional Joint Economic Committee,
2001.
Qiao Liang and Wang Xiangsui, Unrestricted Warfare (Beijing: PLA Literature
and Arts Publishing House, 1999), p. 183.