e-Prints

TAKEDOWN:

Targets, Tools, & Technocracy

Robert David Steele

[email protected]

ABSTRACT

This paper is a "primer" which attempts to place national security and national intelligence in a larger context, one which must be understood if America is to survive and prosper at the dawn of the 21^英石世纪。目标太多了，无法详细讨论，但可以将它们分为四个大类：物理，控制论，数据和思维方式。这些工具也太多了，无法详细讨论 - 像纸条和拾音器一样基本的工具会对非常复杂且固有的脆弱系统造成严重破坏。在考虑对我们国家基础设施造成严重破坏的工具时，最令人担忧的是，我们仍然是我们自己最大的敌人的简单事实 - 我们积极打开了内幕滥用，外源代码和裸体数据的大门。我们的技术官僚及其文化将继续阻碍变化。如果我们要在给定的任务下在未来取得成功，即捍卫国家免受所有敌人的“国内外”，那么我们必须重新定义国家安全和国家情报，以专注于数据和知识以及国家情报范围很小，但很广泛。我们必须从国防部现有预算范围内资助，每年耗资10亿美元用于电子安全和反情报，以我们的真正重力中心为私营部门；而且，我们必须同时向国防部提出一笔匹配金额，每年额外的10亿美元。为了资助一个扩展的“虚拟情报界”，需要后一个金额，其中包括一个新的“战斗”，能够在国内外执行“信息维持和平”运营，以阻止和解决地方，州，国家和地区级别的冲突。

INTRODUCTION

This is not a technical paper--there are many of those, each delving into the minutia of taking down power, financial, transportation, or general communications systems.⁽¹⁾相反,本文旨在提供一个一般的爱rview of target categories and potentially catastrophic outcomes; a review of the range of tools or means by which these targets can be taken down; and a brief discussion of the technocracy and its culture which perpetuates our vulnerability to cybernetic melt-down. All this, however, is but a preamble to a larger discussion of national security and national information strategy.

这"pyramid of vulnerability" for developed nations, and most especially for the United States of America--which owns, uses, and is severely dependent on the bulk of the communications and computing resources of the world--is illustrated below.

Figure 2: Pyramid of Vulnerability

This pyramid of vulnerability seeks to distinguish between four distinct "kinds" of vulnerability:

1. The vulnerability of major physical infrastructure elements, such as:

�桥梁，堤坝和水坝 - 就像2800位易于绘制的公众映射，其中200个是孤立的战略后果⁽⁸⁾

�Canals--such as the Panama Canal, with very vulnerable locks

�Pipelines--such as the Alaska Pipeline

�Critical railway switching points

5. The vulnerability of obvious military Achilles' heels, as well as obvious civilian infrastructure, such as:

�AWACS and Aerial Tankers (anti-tank missiles, or plastique on landing gear--tend to be concentrated in one place)

�海底通信天线（例如，安纳波利斯高尔夫球场）

�Charleston channel (major sealift departure area)

�Civilian power and communications nodes supporting command centers and key facilities (Falcon AFB Study, Kansas City payroll)

�主要的电网节点（转移和发电）

�Major telecommunications nodes, including microwave towers

7. The vulnerability of core data streams vital to national security and national competitiveness, such as:

�Historical environmental and other critical planning data

�Civilian fuel stock data

�军事物流库存数据

�Transportation status data (induce rail crashes, cripple airports)

�Financial accounts data (incapacitate procurement, induce panic, impose costs of alternative accounting)

�金融传输数据（腐败转移，国际和区域性转移到网格锁中，引起恐慌）

6. The vulnerability of our Intelligence Community (IC) to both external attacks against its systems as well as its perceptions, and internally-perpetuated misperceptions and gaps in understanding, such as:

�Attacks against down-links (Area 58, NSA, CIA, Suitland, Bolling)

�Attacks against Joint Intelligence Centers

�Internal lack of global geo-spacial data

�Internal lack of integrated analysis model

�Internal lack of foreign language and foreign area expertise

�Internal lack of access to international experts and open sources

In summary, this rough depiction seeks to drive home the point that a "takedown" of America is not simply a matter of electronic attacks against electronic systems, but rather a much more comprehensive range and scale of vulnerability which encompasses everything from key geo-physical nodes to our intelligence mind-sets, and which can be attacked with a range of tools that includes: pick-axes and chain saws against selected cables; anti-tank missiles against AWACS and aerial refuelers and satellite dishes; eighteen-wheeler trucks with and without explosives against specific transformers or other key nodes;

electrical attacks, and finally--the area least considered today, data and mind-set attacks and self-generated vulnerabilities.

"Top Ten" lists cannot possibly capture the full extent of the Nation's vulnerability, but they are a helpful means of highlighting the diversity and the imminence of our vulnerability. They can help accelerate constructive change.

TAKEDOWN: TARGETS & TOOLS

John Perry Barlow, lyricist for the Grateful Dead and co-founder of the Electronic Frontier Foundation, once said that "the Internet interprets censorship as an outage, and routes around it."^（9）Exactly the same can be said for any strategy that seeks to "harden" or protect specific nodes. It simply will not be effective.

We are at a point in time where, as Steward Brand has noted, the Year 200o problem is but "a wholesome first sniff of the carnage to come". Our system of systems is internally vulnerable from the first line of code on up, and externally vulnerable at every single switching point that relies on either software or electronic transfer. The figure that follows illustrates this larger discussion.

图3：取消美国的目标和工具

Let us take each of these in turn. On the left we have a column of possible targets, ranging from the process-oriented (secret decisions), down through data links and data stocks, into computers and power stations, and finally to larger physical infrastructure features which can be attacked by physical and electronic means. On the right we have a column of attack categories ranging from the mundane hand-held instrument, passing through foreign code embedded in major U.S. system, and culminating in the inherent weaknesses of our national electronic engineering training and our existing decision mind-sets.

Representative Targets

1.桥梁，堤坝和水坝。在美国，密西西比州和密苏里河本身就是自然的奇观，也是巨大比例的自然障碍。这些大河流遍布这些大河流，完全有六个主流铁路桥梁，绝大多数谷物都必须从平原到东海岸城市，绝大多数货物必须从东北和南部回报。正如1993年自然洪水所表明的那样，⁽¹⁰⁾when these bridges are closed, whether by accident or intent, there are severe repercussions for trade, and especially for the stockage of food and fuel. Recent breaks in levees in the south have demonstrated our vulnerability to the assumption that man can contain nature without regard to human attack. This bears emphasis: all insurance and risk calculations today assume natural causes of disaster. There are no calculations for risk and damage associated with deliberate human attack of any normal civil structure. Dams, in contrast, present computer controlled physical infrastructures which can be taken over to either release flood waters, or to avoid the release of flood waters with the intent of weakening if not destroying the dam.

2.阿拉斯加管道。这条管道越过广阔的空地领土，将美国的10％用于美国。⁽¹¹⁾

3.Cincinnati Rail Yards. As of three years ago, and very likely still today, the entire East-West railway architecture depended on exactly one major turnstile for redirecting railcars. It is located in the Three Rivers area, and represents a significant vulnerability.⁽¹²⁾

4. Culpepper Switch. A popular target, this simply represents the kind of critical communications node (voice and data, especially financial and logistics data) which can be attacked in both physical and electronic ways. The Internet has various equivalent nodes, two of which merit special attention--MAYEAST and MAYWEST. Taking out MAYEAST disconnects the U.S. government from the rest of the Internet world, and not incidentally does terrible things to all of the Wall Street capitalists who are "tunneling" their Intranets across the larger Internet.

5. Power Generators. Power generators and the grids they support can be browned out, burned out, and confused. Altering the computer readings can cause them to draw more power than they can handle, or less power than they need. Burning out the generators or melting core lines creates the interesting challenge of replacement in the absence of mainstream power. There are exactly eighteen main power transformers that tie together the entire U.S. grid, and we have only one--perhaps two--generators in storage. Interestingly, all of these come from Germany, where there is a six to eighteen month waiting period for filling orders--assuming the Germany generators have not been burned out at the same time by someone attacking the Western powers in a transatlantic cyber-war.⁽¹³⁾

6. Data Computers. Any computer holding large quantities of critical data, especially parts inventories and data associated with either the transfer of funds or the operational effectiveness of critical equipment, is vulnerable to data distortion--this is a far more insidious and dangerous problem than the more obvious denial and destruction attacks.

7. Fuel Stock Data. Fuel stock data is isolated because of its implications in terms of overloading large tanks, with the fire storm hazards of large spillage, or of failing to channel fuels because of false readings.

8. Federal Reserve. Until a couple of years ago there were twelve regional computing centers, one for each of the Federal Reserve regions. Then we went to a single national system which a single hot back-up computing system, and an additional cold back-up alternative.

9. IC Downlinks. Past surveys have focused on buildings, but the more capable attackers will focus on downlinks. All of the main satellite downlinks--for NSA, CIA, Area 58, key other government departments, are out in public sight and reachable with a hand-held anti-tank missile fired from outside the fence line.

10.人类的决定。“我们遇到了敌人，他就是我们。”Pogo经常引用的话语是由另一种观察结果补充的，这是一个匿名的，“一个国家的最佳辩护是受过教育的公民”。列出了这个“目标”，以带来脆弱性和“硬化”国防的机会。正如“指挥官的意图”用于计划浪费通信的复杂操作，至关重要的是，有一个更大的国家决策建筑，几乎没有秘密，公众充分参与。这样，当灾难确实发生并且许多通信渠道确实发生了故障时，公众将不太可能恐慌，更有可能利用常识和善意看到危机。对我们的脆弱性和应对这些脆弱性的计划有透彻的公众了解对于我们的进步至关重要。该“目标”还旨在指出所有系统中最弱的链接不是系统本身，而是与系统相关的人。

Representative Tools

1.拾取轴和后屋。纸卷耗尽了战略警告计算机。拾音器可以在难以发现的奇怪地方剪下关键电缆。后置很容易拿出电缆 - 也许是最著名的电缆，由Winn Schwartau普及，是后者，它拿出了Newark机场的主要通信和空中交通管制，并且在那里运行 - 与它一起运行，“冗余”电缆旨在用作主电缆的备份。在整个美国，在每一个电缆交叉点上，我们都会在本质上发布大型迹象。

2.十八轮。十八轮，无论是否装满了炸药，区域有用的智力结构。任何关键节点都应接受18轮测试的约束 - 如果十八轮旋转器以全部重量和速度在各个点中的任何一个中崩溃，会发生什么？或者，如果在特定点上一个18轮“融化”并且需要拆分或抬起碎片，将会发生什么？

3.Random Viruses. The recent spate of NT melt-downs are simply another step down the path started by the Robert Morris virus a decade ago. This situation needs to be taken very seriously because many of the viruses are encased in shrink-wrapped hardware and software coming directly from the production facilities.^（14）Until software is self-healing (and code is encrypted at levels above what is presently available), this will continue to be a serious vulnerability. All of the following problem tool areas will exacerbate this situation.

4. Info-Marauders. As has been noted by one prominent wag in this area, "hacker tools are now in the hands of idiots and criminals".⁽¹⁵⁾A single individual, empowered by hacking software freely available on the Internet, is now able to cause the kind of damage to corporate and national systems which was previously only in the province of Great Nations. Disgruntled, dishonest, crazy, and zealot individuals and gangs are now is a position to damage data, deny access, and extort funds from hapless system owners who did not realize that they were buying into a "naked Emperor" environment.

5.生气的内部人。外部渗透和外部采购病毒的损失高得多。国际计算机安全协会（ICSA）教育总监Mich Kabay博士在计算机损失的开创性工作中指出，⁽¹⁶⁾the largest losses after fire & water/errors & omissions come frominsiders--dishonest or paid insiders (roughly 10%) and angry insiders seeking revenge (roughly 9%). These are people with authorized access who are able to do unauthorized things that are not detected because the systems are all designs under the assumption that insiders can be controlled through a few simple (and often very poorly administered) control measures.

6. Paid Insiders. Paid insiders can be simply dishonest employees who seek to exploit access for financial gain, or insiders who have been recruited by outsiders for a price. There are also former insiders who return to their place of employment (e.g. selected Wall Street firms with marginal physical access controls and worse computer access controls) to take internal actions which are not authorized and for which authorized access has expired administratively but not technically.

7. Calcutta Code. Also Moscow code�.this refers to computer code written by the legions of off-shore coding houses. Computer code in the U.S. is notorious for its lack of documentation, with the result that older systems tend to have millions and millions of lines of code that are completely incomprehensible to the most skilled examiner, and replete with patches from a variety of sources, all also undocumented. As the Year 2000 problem takes on greater urgency, many organizations are being forced to provide intimate access to their code for legions of external programmers, generally without any assurance at all as to their criminal and psychological history, and also without any ability to audit their access or their code.⁽¹⁷⁾

8. Existing EE Skills. Our electrical engineering education is abysmal, despite the wealth of opportunity in the field and the shortage of skilled professionals. For reasons that escape the author, the electrical engineering discipline decided to completely ignore electronic security and counterintelligence issues after the demise of the mainframe (and even those standards were mediocre), and entire complex systems have been built from the ground up without any embedded security at all. In fact, some systems require or choose to turn off those rare security features provided in some software and hardware. Until national legislation establishes "due diligence" standards for managers responsible for the protection of intellectual property, and for communications and computing product and service providers, this severe and pervasive vulnerability will prevent any substantial success in hardening individual targets or constraining the utility of other attack tools.

9. Existing Mind-Sets. Winn Schwartau, author ofINFORMATION WARFARE: Chaos on the Electronic Superhighway⁽¹⁸⁾值得将这种情况带到公众面前的全部信誉。没有他的努力，包括他在全国范围内的许多主题演讲，以及他个人参与赞助一系列高度挑衅的Infowarcon会议，总统对关键基础设施保护委员会的不可能是很不可能创建的。它的报告有许多缺陷和疏忽，包括对国际当局和地下黑客的非常有效且有用的观点的了解不足，但这是一个很好的开始，我们对一个重要事实表示同意：创建可生存的电子环境需要每年10亿美元。这是作者在1994年提出的数字，证明了国家信息基础设施工作组的证词。⁽¹⁹⁾Unfortunately, the U.S. government continues to drag its feet in assuming its proper role as a provider of "order & protection" services in cyberspace, and this has been cited by many in the private sector as the reason they continue to ignore computer security issues.⁽²⁰⁾

TECHNOCRACY

这就引出了专家管理。下面的图表is a very authoritative depiction of just what are the sources of damage to computer systems and data. Although the originator, Dr. Mich Kabay likes to use the words "rough guesses" with this chart, he is an internationally respected individual with enormous access to restricted data. This one chart is as authoritative as any major study anywhere, and should be carefully considered in that light.

Figure 4: The Facts, Just The Facts

这bottom line here is that fully seventy percent of our losses can be attributed to very poor design--poor data entry and data management programs which induce major errors & omissions (and cannot audit or flag possible errors & omissions in passing) and poor system design and system back-up practices which permit fire and water to wreak irreversible damage to important data. Only the last thirty percent have anything to do with humans.Insidersdo roughly twenty percent of the damages. Roughly five percent of the remaining damages are done by outsiders, and a final five percent by viruses from various sources.

In the immortal words of Robert Stratton, one of the most capable of international hackers (and one of the few never to be indicted or considered for indictment),

If houses were built like computers, the first woodpecker to come along would bring down civilization.⁽²¹⁾

这technocracy--the culture of technocracy--is the major impediment to change today, and we have to come to grips with the fact that all the money in the world is not going to heal our rapidly atrophying system of systems unless we first come to grips with the intellectual cancer that permeates this element of our society which is at once so very important, but also so very dangerous.We have seen the enemy, and he is us.

Among the sins of the technocracy are the following:

1. Blind faith in technology

2. Not legally liable for failure (by permission of Congress)

3.No requirement for inherent security at the code and data level

4. No requirement for data integrity and survivability

5. Marginal adherence to existing back-up and access control standards

6. Elitist (largely ignorant) attitude about cryptography and privacy

7. History of ignoring detailed warnings

8.唇部服务和追逐尾巴的最新记录

这point of this section is that both the people and their government must accept responsibility for designing and protecting the future system of systems upon which every aspect of national security and national competitiveness must depend. It is we as individuals, willing to accept self-obsoleting technology with built in hazards to our data, who have permitted this gross external diseconomy to persist, and it is we the people--not the profit-taking beltway bandit creators of these systems--who will ultimately pay the final price for failure: individual poverty, scattered catastrophe, and national weakness.

这President's Commission on Critical Infrastructure Protection (PCCIP) was at once a small sign of hope and a large symbol of despair. Apart from the fact that it did not talk to any of the serious professionals outside the beltway, and even more so, outside the Nation, who actually know in detail the vulnerabilities and solutions the Commission was supposed to address; the Commission also neglected to provide the public and the private sector with an authoritative unclassified work that addresses the critical issues of data integrity, data privacy, and the use of unencumbered encryption in order to secure electronic commerce. No doubt the Commission marched to its secret drummer and gave its masters exactly what theywanted--unfortunately, it did not give the Nation what itneeded, and we are left--as we were left in the aftermath of the Report of the Commission on the Roles and Capabilities of the United States Intelligence Community--with no clear-cut direction, no one clearly in charge, and no basis for which to mobilize the private sector into its new and urgent role as the first line of national defense against cyber-attack and self-destructive electronic systems.

CIVIL CENTER OF GRAVITY

Apart from the failings of the technocracy, there is another element that makes it difficult for America to secure her computing foundation from attack, and that is the fact that the vast bulk of the critical data and the critical electronic pathways and storage facilities, are all in the civil sector--in the private sector. It is literally not possible for the government to control and protect the most vital targets in traditional ways, nor is it even possible for the government to regulate this arena in detail. This is why the PCCIP--for all of its good intentions--must be regarded as a distraction if not a failure. It did not address the threat or the solution in terms that could be executed by the ultimate responsible party, the private sector and the public.

图5：民用部门重心

Every aspect of Information Operations--from offensive information warfare to proactive Information Peacekeeping⁽²²⁾; from electronic security & counterintelligence to protect intellectual property on the home front, to education as the foundation for a truly "national" intelligence community, the "center of gravity" is solidly within the "information commons" defined and dominated by the private sector. The Department of Defense cannot defend this critical terrain--nor should it--using traditional methods.

在考虑美国的“撤离”，并考虑一些代表性的目标和工具以及产生了我们普遍存在的全国对信息启示录的脆弱性的技术专制时，我们被迫承认，美国已经从一个世界转移到了下一个世界到下一个世界的迫切世界，这需要美国的概念，并要求美国的概念和全民概念的概念，并在国民的概念上进行概念，并在国民的概念上进行操作。

VIRTUAL INTELLIGENCE AND INFORMATION PEACKEEPING

这author has published extensively on these two original topics,⁽²³⁾但是对于这个“底漆”，几点值得突出显示：

1. Roughly eighty percent of what we need to know to defend the nation is in the private sector, "out of control" Roughly ninety-five percent of what we need to know to assure national competitiveness is in the private sector, "out of control".

2. The greatest obstacle our government faces today in assuring national security and national competitiveness--the cause of causes for conflict and economic loss--is the growing gap between those with power and those with knowledge.

3.我们的概念必须——“信息作战”bsolutely must--come to grips with this reality. Information Warfare and Electronic Security & Counterintelligence are anemic if not counterproductive endeavors if they are executing in isolation from this larger construct.

4. In order to be effective in the 21^英石Century, especially during the first half of the century when we continue to live in the largest of the glass houses and our enemies--be they individuals, gangs, corporations, or states--have the most rocks, we must adopt three concepts as fundamental to our national security:

a. "National Intelligence" must evolve rapidly to become the core of a larger "virtual intelligence community" in which we are able to fully harness and exploit private sector data from multi-lingual sources.

b. "Electronic Security & Counterintelligence" must become pervasive, and this is only possible if we release the private sector from artificial constraints on encryption, and if we return to our democratic foundation, the respect for personal privacy. We cannot regulate this, we can only nurture this fundamental national security arena.

c. "Information Peacekeeping" must become our first line of defense in dealing with enemies both domestic and foreign. This will require new concepts and doctrines, a completely new order of battle, new relations between elements of the government and between the government and the private sector, and--most importantly--a completely new attitude about how to deal with problems and threats.

5. All of the above--the full integration of a national electronic security & counterintelligence capability which protects and harnesses down to the data and code level, requires a National Information Strategy and a reconstruction of the administrative, legal, financial, and operational relationships between civilian, military , and law enforcement elements of government, and between government and the private sector. Once we have our own act together, then we can contemplate setting standards and requesting collaboration in kind from other states.

CONCLUSION

We are at war today. It is a total war, yet we have failed to mobilize the Nation and we have therefore left ourselves without sanctuary, without a defendable rear area, and without any plan for recovering from the catastrophic consequences that can be brought about so very easily by individuals, gangs, or other nations who choose to hurt us where we are least able to detect, block, or retaliate.

Everything we are doing today, from the PCCIP to the Information Operations activity at Fort Meade, to the billions of dollars being spent on the current and planned force structure, is out of touch with the reality that pioneers--Alvin Toffler, Martin Libicki, Winn Schwartau--have been trying to articulate.

It is out of touch with the reality that Eric Bloodaxe, Emmanuel, Phiber Optic, Dark Angel, Andy Mueller-Maguhn and many, many others have been actively demonstrating.

It is out of touch with the efforts of Marc Rotenberg, David Banisar, and many others associated with responsible computing. Sadly, it is also out of touch with the American people and with the larger global community that actively seeks open intellectual engagement with responsible electronic security.

如今，美利坚合众国再次成为不平衡的巨人，又是一只纸质的老虎，再次受到不理解的力量的摆布，不愿意以非常规的方式参与。We have seen the enemy, and he is us.

Figure 6: We have seen the enemy, and he is us.

这re is, however, good news. The price tag for all of this is authoritatively estimated at $2 billion a year (half for electronic security & counterintelligence, half for creating the virtual intelligence community able to execute information peacekeeping operations)⁽²⁴⁾。这是一个价格,国防部很容易负担得起y, and a price that--if paid by DoD--will permit us to reinvent the concept of national defense, deter cyber-war, and surprise friends and enemies alike with our ability to adapt to the chaotic environment we have ourselves created.国防部可以解决这个问题，但只有当它付费并放手时才可以解决这个问题。

1.

1.Endnotes

Although other papers have been written since then, the three "originals" in the author's view are Major Gerald R. Hust, "Taking Down Telecommunications", School of Advanced Airpower Studies, 1993); Major Thomas E. Griffith, Jr., "Strategic Attack of National Electrical Systems", School of Advanced Airpower Studies, 1994; and H. D. Arnold, J. Hukill, and A. Cameron of the Department of the Air Force, "Targeting Financial Systems as Centers of Gravity: 'Low Intensity' to 'No Intensity' Conflict", inDefense Analysis(Volume 10 Number 2, pages 181-208), 1994. The authors first major statement in this area, after several years of involvement, was "The Military Perspective on Information Warfare: Apocalypse Now", keynote speech to the Second International Conference on Information Warfare: Chaos on the Electronic Superhighway (Montreal, 19 January 1995). There have been many fine conferences on the subject of information warfare, both within the military and in the private sector.http://www.infowar.com提供大量有用的材料，以及从海军研究生院和其他军事机构中选择的论文。这Proceedingsof the InfoWarCon series (the author was a founding partner but left the partnership in 1996) appear to be in a class by themselves and can still be obtained from the International Computer Security Association. The author's first call for $1 billion a year for electronic security was published as a U.S. Newswire press release dated 11 August 1994. Two other papers deserve mention up front: Maj Roger Thrasher,Information Warfare: Implications for Forging the Tools（1996年6月，海军研究生院），通过电子邮件提供给作者“ Roger D. Major Drasher，AFRL/IFSA” <<[email protected]>; and--dealing with the tough issues of what constitutes an attack and what the legal authorities are for retaliation, and what constitutes proper retaliation--Cdr James N. Bond,Peacetime Foreign Data Manipulation as One Aspect of Offensive Information Warfare: Questions of Legality Under the United Nations Charter Article 2(4)(Naval War College, 14 June 1996).

2.

^2.Stewart Brand, a distinguished member of the Global Business Network, was the founder of both theCoEvolution Quarterlyand theWhole Earth Reviewas well as the original organizer of the Lake Tahoe Hacker's Conference, of which the author is an invited honorary member. Among his booksare How Buildings Learn : What Happens After They're Built(1995), and麻省理工学院的媒体实验室:发明未来(1988).

3.

^3.Mr. John Peterson, President of the Arlington Institute and a noted futurist, devised the original two-dimensional matrix (war-peace, here-there) to make the point that we train, equip, and organize our defense forces for "war, there" when in fact the bulk of the modern threat is "here, home". The author added the dimension of time to drive home the point that in this day and age of ad hoc coalitions and "off-the-shelf" nuclear and chemical take-out, we must be ready to deal with "no-notice" emergent threats on a "come as you are" basis.

4.

^4.Among the author's contributions are "INFORMATION PEACEKEEPING: The Purest Form of War", chapter in Doug Dearth et alCYBERWAR 2.0: Myths, Mysteries, and Realities(AFCEA Press, 1998); "Virtual Intelligence: Conflict Resolution and Conflict Avoidance Through Information Peacekeeping",Proceedings1997年4月1日至2日在华盛顿特区（美国和平研究所）举行的虚拟外交会议，在http://www.oss.net/VIRTUAL; "Intelligence and Counterintelligence: Proposed Program for the 21^英石Century" , OSS White Paper of 14 April 1997 athttp://www.oss.net/OSS21; "The Military Perspective on Information Warfare: Apocalypse Now",Enjeux Atlantiques(#14, February 1997); "Creating a Smart Nation: Strategy, Policy, Intelligence, and Information",Government Information Quarterly(Summer 1996); "Creating a Smart Nation: Information Strategy, Virtual Intelligence, and Information Warfare", in Alan D. Campen, Douglas H. Dearth, and R. Thomas Goodden (contributing editors),CYBERWAR: Security, Strategy, and Conflict in the Information Age(AFCEA, 1996); "The Military Perspective on Information Warfare: Apocalypse Now", Keynote Speech, Proceedings of the Second International Conference on Information Warfare, 19 January 1995; "Reinventing Intelligence: The Vision and the Strategy",International Defense & Technologies(December 1995), bi-lingual in French and English; "Hackers as a National Resource", Keynote Presentation to Hackers on Planet Earth, New York, 13-14 August 1994 (1500 hackers); and "War and Peace in the Age of Information", Superintendent's Guest Lecture, Naval Postgraduate School, 17 August 1993.

5.

^5.Observation made on the C4I List by[email protected]，再加上其他文献来源的许多其他出色的报价，其中一些引用了本文的其他内容。

6.

^6.Winn Schwartau，个人交流，1998年3月17日。

7.

^7.这author and his friend and former partner Winn Schwartau, who is the author ofINFORMATION WARFARE: Chaos on the Electronic Superhighway（Thunders嘴巴出版社，1994年）他们知道大多数主要黑客以及大多数主要的“笔直”电子安全专家，在这种情况下，在大多数情况下，出现的是没有咨询的人，因为NIE并没有提供nie的专业知识和外地专家的访谈。不幸的是，总统关键基础设施保护委员会也是如此。

8.

^8.这Surface Water and Related Land Resources Development Map is designed to portray both the development and preservation aspects of Federal water resources activities, with the main theme being the spatial distribution of dams and reservoirs. Dams are shown that have normal storage capacity of at least 5,000 acre-feet, or a maximum storage capacity of at least 25,000 acre-feet. This includes about 800 dams owned by Federal agencies and about 2,000 dams owned by non-Federal organizations.FGDC Manual of Federal Geographic Data Products - Surface Water Map可以在www.fgdc.gov/FGDP/Surface_Water_Map.html。

9.

^9.他在自发的讲话中对参加第一次开源情报会议的629个情报专业人员的观众发表了这一评论，“国家安全与国家竞争力：开源解决方案”，1992年12月2日，在华盛顿特区华盛顿特区。

10.

^10.During the major floods of 1993 four of the six bridges were closed. Major rail traffic delays and costs were incurred as traffic was routed to the northern and southern bridges still in operation. "Flooding Halts Railroad Traffic Through Major East-West Hub: Freight Lines, Amtrak Rust to Find Detours in North and South",这Washington Post(A4, Tuesday, 27 July 1993).

11.

^11.这first "top ten" listing to be seen by the author was created by Peter Black. His article, "Soft Kill: Fighting infrastructure wars in the 21^英石century",WIRED Magazine(July/August 1993), listed the following targets:

1. Culpepper开关，处理联邦资金的所有电子传输

2. Alaska Pipeline, carrying ten percent of the domestic oil

3.Electronic Switching System (ESS), managing all telephony

4. Internet, the communications backbone of science and industry

5.时间分配系统，所有网络计算机都依赖于此

6. Panama Canal, major choke point for U.S. trade

7. Worldwide Military Command & Control System (WWMCCS)

8. Big Blue Cube, Pacific clearinghouse for satellite reconnaissance

9. Malaccan Straits (Singapore), the maritime link between Europe-Arabia and the Pacific

10.国家摄影解释中心，图像处理中心

12.

^12.Winn Schwartau，个人交流，1998年3月17日。

13。

^13。Ibid。See alsosupranote 1.

14.

^14.In 1992 a major U.S. intelligence community entity, one extremely familiar with computers, briefed the Information Handling Committee with the results of its survey, over the course of one year, into viruses arriving at its loading docks in shrink-wrapped products. The total number found: 500.

15.

^15.作者主旨speaker at Hackers on Planet Earth (HOPE), an extraordinary event that drew over 1,200 hackers and phone phreakers to a dilapidated New York City hotel 13-14 August 1998. Hackers, as the author has noted with frequency, arenot这个问题，甚至不是问题的症状 - 它们是国家资源，因为他们在没有造成严重损害的情况下证明了我们所有系统的脆弱性。

16.

^16.Mich E. Kabay,这NCSA Guide to Enterprise Security: Protecting Information Assets, McGraw-Hill (New York, 1996). ISBN 0-07-033147-2. Chapter 1, Figure 1, page 11. The figure is the book is superceded by this table, provided by Dr. Kabay in personal communications, 12 March 1998. The excellent work can be ordered from ICSA by email to <[email protected]>.

17.

^17.A typical assessment of this looming access problem is found in CIWARS Volume 10, Issue, Intelligence Report dated 2 November 1997. contains this and many other interesting reports on electronic vulnerabilities around the world.

18.

^18.Supranote 6.

19.

^19.作者调查了几个专家cluding Professor William Caelli in Australia, and one of the top computer security advisors to the National Security Agency. The author continues to recommend due diligence legislation, a national testing & certification program, a national computer security education program, and a very robust electronic security & counterintelligence program within the Federal Bureau of Investigation and on behalf of the private sector.

20.

^20.In May 1997 an Information Security Industry Survey done by Delotte & Touche LLP, with 1225 organizations surveyed, reported that 40% blamed "unclear responsibilities" and 26-30% (sic) blamed "lack of central authority" as the reasons why they could not come to grips with computer and telecommunications security requirements. As noted in 11 February 1998 email from <[email protected]>.

21.

^21.Statement made at OSS '96, where Mr. Stratton, a very highly regarded computer security engineer, was a speaker together with his partner, Mr. Chris Goggans, another brilliant security consultant.

22.

^22.这author coined the term in 1994. For two papers defining this aspect, seesupranote 4.

23.

^23.Supranote 4.

24.

^24.In 1995 the author proposed the following annual budget for national information security:

As found in concluding section of keynote speech in Montreal,supranote 4. In 1997 the author proposed a $1.6 billion a year budget for the national virtual intelligence community, comprised of $250 million for commercial imagery to meet DoD and USG needs; $250 million to meet NATO/Partner for Peace open source intelligence needs, $250 million for U.S. Intelligence Community access to open sources; $50 million for a University of the Republic to bring leaders from various sector together; and $400 million for two related largely classified initiatives. Detailed in "Intelligence and Counterintelligence: Proposed Program for the 21^英石Century" (OSS White Paper, 14 April 1997), at .