Sun Tzu Art of War in Information Warfare, Notes
1. See http://www.cs.princeton.edu/~ddean/java/dns-scenario.html for the DNS attack scenario that Princeton researchers used to exploit a flaw in Java.
2. By a most unfortunate coincidence, this scenario was fully developed four days before the tragic crash of Commerce Secretary Brown's airplane in Croatia. While not wishing to exploit such a tragic loss, we feel the scenario is still clearly relevant. Our most sincere condolences go to the families, friends, and colleagues of all who perished.
3. For the purposes of this paper, "Information warfare" will be defined as offered by the Department of Defense: "Actions taken to preserve the integrity of one's own information system from exploitation, corruption, or destruction, while at the same time exploiting, corrupting, or destroying an adversary's information system and in the process achieving an information advantage in the application of force." (Proposed: JCS Pub 1-02).
4. See Alex P. Schmid & J.F.A. DeGraaf, Violence as Communication: Insurgent Terrorism and the Western News Media. Beverly Hills, CA: Sage, 1982.
5. Philip Fites, Peter Johnson, & Martin Kratz, The Computer Virus Crisis, Second Edition. New York: Van Nostrand Reinhold, 1992 (p.63).
6. London Times, via CNN Web News Digest, 26 March 1996 (http://www.cnn.com).
7. Robert Kupperman, Facing Tomorrow's Terrorist Incident Today. Washington, DC: U.S. Department of Justice, Law Enforcement Assistance Administration, 1977. Cited in Grant Wardlaw, Political Terrorism, Second Edition. Cambridge: Cambridge University Press, 1989 (p.26).
8. Gerald Segal, "Asians in Cyberia," The Washington Quarterly, v.18 n.3 (Summer 1995), pp.12-13.
9. Bruce Hoffman, "Responding to Terrorism Across the Technological Spectrum," RAND Corporation, April 1994 (pp.29-30).
10. "Gray-area phenomena" is political violence that is not easily seen to be sponsored by or connected to a state or an established organization.
11. For example, there is a distinct difference between terrorism and guerrilla warfare (See Walter Laqueur, The Age of Terrorism. Boston: Little, Brown & Co., 1987 [p.5]).
12. This assumption is based on the notion that in political crimes, as opposed to crimes for ego or greed, the perpetrator and the beneficiary are usually not the same person, with more tenuous connections, and the intended long-term gains from the crime are usually abstract. From a law enforcement perspective, this places primacy on the motivations of the act; however, from a military perspective, it is the act itself which merits focus, since it is the act itself which wreaks the damage and poses the threat to national security. This is one of many facets in the argument surrounding the degree to which counterterrorism should be approached from a military vis-…-vis law enforcement perspective. This argument further emphasizes the need for a symmetrical, part-military part-law-enforcement response.
13. Review of Richard Hundley and Robert Anderson, "Security in Cyberspace: An Emerging Challenge for Society," from That Wild, Wild Cyberspace Frontier. Internet source: http://www.rand.org/publications/RRR/RRR.fall95.cyber/wild.html, 5 April 1996.
14. Stephen Sloan, "Terrorism: How Vulnerable is the United States?" Internet Source: The Counter-Terrorism Page, http://www.terrorism.com/Pubs/sloan.htm.
15. Physical violence from terrorism uses Toffler's Second Wave technology, whereas information attacks would fall within the Third Wave paradigm. (See Alvin Toffler, The Third Wave. New York: Willam Morrow & Co., Inc., 1980.)
16. The IRA were specifically targeting the Square Mile of London on a weekend to minimize casualties but maximize damage to a financial center of Western Europe.
17. The authors chose to not to discuss domestic information terrorism, since that falls under the jurisdiction of the FBI, but much of the debate is similar regarding FBI capabilities to counter this threat.
18. "Traditional" terrorists generally operate in an urban environment often without an established geographical locus. Information terrorism further diminishes geographical constraints through the nature of digital connectivity.