The author cites law enforcement as a primary area where global information security can be enhanced. He calls for "the harmonization of national laws against computer attack, multinational cooperation in tracing attacks across national lines, international treaties on extradition of attackers, and a readiness to impose sanctions on those who protect attackers." He believes a willingness to share information on research and development, on attack indications and warnings, and on attack incidents and responses "can also improve the efficacy of each nation's protective measures." Computer attacks, if sufficiently systematic, may be war by other means -- hence "information warfare," as an overarching concept. But information warfare understood broadly -- attacking an adversary's information and decision processes -- is as old as warfare itself. Such tactics encompass psychological operations, attacks on an enemy's command apparatus, espionage and counter-espionage, and operations against adversary infrastructures and surveillance systems. During the U.S. Civil War (1861-1865) there were incidents of propaganda operations, snipers targeting opposing generals and observers in hot-air balloons, marauders tearing up telegraph lines, cavalry pickets and counter-cavalry demonstrations -- all information warfare. World War II saw the advent of electronic warfare in the form of radar, electronic deception, radio-frequency jamming, codemaking, and computer-aided codebreaking. Two indicators may reveal a great deal about the true risk from systems attack. One is how people react to the year 2000 computer problem. Assume a large share of the world's information systems crash at midnight on December 31, 1999. Will panic and paralysis result, or will people quickly find ways of working around the problem or doing without information for awhile? If lawsuits erupt, what precedents will be established to assign responsibility to people for harm done if their systems fail? The other harbinger is of more recent origin. Were one to imagine the most plausible perpetrator of serious information warfare terrorism, it would be someone with nothing that can be held at risk (i.e., not a country), several hundred million dollars in hidden cash, an appreciation of technology, an international network of nefarious friends, and a vicious score (real or imagined) to settle with the United States or some other nation. Sound familiar? If it does, what happens in the next year may reveal whether powerful individuals or groups might try to bring a country to its knees through information warfare -- or whether they direct their efforts elsewhere.
Cyberthreat: Protecting U.S. Information Networks: U.S.Foreign Policy Agenda: An Electronic Journal of the U.S.Department of State, v.3, no.4, p. 21-24