Note: for index of full report see: http://jya.com/nrcindex.htm

---------

[Head note all pages: May 30, 1996, Prepublication Copy
Subject to Further Editorial Correction]


                           Part I

                  Framing the Policy Issues


   Part I is intended to explicate the fundamental issues
underlying national cryptography policy. Chapter 1 outlines
basic elements of a critical problem facing the nation -- the
increasing vulnerability of information, a commodity that has
become essential to national well-being and future
opportunity. This vulnerability results from a number of
trends, including the explosive growth of digital
communications and data storage, the increasingly
international dimensions of business, and the growing
dependence of the nation on a number of critical information
systems and networks. Chapter 2 describes how cryptography can
play an important role in reducing the information
vulnerability of the nation, of businesses, and of private
individuals. Chapter 2 also places cryptography into context,
as one element of an overall approach to information security,
as a product that responds to factors related to both supply
and demand, and as a technology whose largescale use requires
a supporting infrastructure. Chapter 3 discusses public policy
issues raised by the need for access to encrypted information.
The prospect of near-absolute confidentialty of information --
a prospect enabled by modern cryptography -- is reassuring to
some and quite disturbing to others. Important public policy
issues are raised by law enforcement authorities, who regard
the ability to obtain information surreptitiously but legally
as essential to their crime-fighting abilities, and by
national security authorities, who place a high value on the
ability to monitor the communications of potential
adversaries. Even private individuals, who might wish to
encrypt records securely, may face the need to recover their
data as though they were outsiders if they have forgotten how
to gain "legitimate" access; the same is true for businesses
in some situations.

____________________________________________________________


                              1

        Growing Vulnerability in the Information Age


   Chapter 1 frames a fundamental problem facing the United
States today -- the need to protect against the growing
vulnerability of information to unauthorized access and/or
change as the nation makes the transition from an industrial
age to an information age. Society's reliance on a changing
panoply of information technologies and technology-enabled
services, the increasingly global nature of commerce and
business, and the ongoing desire to protect traditional
freedoms as well as to ensure that government remains capable
of fulfilling its responsibilities to the nation all suggest
that future needs for information security will be large.
These factors make clear the need for a broadly acceptable
national cryptography policy that will help to secure vital
national interests.


      1.1 THE TECHNOLOGY CONTEXT OF THE INFORMATION AGE

   The information age is enabled by computing and
communications technologies (collectively known as information
technologies) whose rapid evolution is almost taken for
granted today. Computing and communications systems appear in
virtually every sector of the economy and increasingly in
homes and other locations. These systems focus economic and
social activity on information -- gathering, analyzing,
storing, presenting, and disseminating information in text,
numerical, audio, image, and video formats -- as a product
itself or as a complement to physical or tangible products.(1)

   Today's increasingly sophisticated information technologies
cover a wide range of technical progress:

   +    *Microprocessors and workstations* are increasingly
important to the computing infrastructure of companies and the
nation. Further increases in speed and computational power
today come from parallel or distributed processing with many
microcomputers and processors rather than faster
supercomputers.

   +    *Special-purpose electronic hardware* is becoming
easier to develop. Thus, it may make good sense to build
specialized hardware optimized for performance, speed, or
security with respect to particular tasks; such specialized
hardware will in general be better adapted to these purposes
than general-purpose machines applied to the same tasks.

   +    *Media* for transporting digital information are
rapidly becoming faster (e.g., fiber optics instead of coaxial
cables), more flexible (e.g., the spread of wireless
communications media), and less expensive (e.g., the spread of
CD-ROMs as a vehicle for distributing digital information).
Thus, it becomes feasible to rely on the electronic
transmission of larger and larger volumes of information and
on the storage of such volumes on ever-smaller physical
objects.

   +    *Convergence* of technologies for communications and
for computing. Today, the primary difference between
communications and computing is the distance traversed by data
flows: in communications, the traversed distance is measured
in miles (e.g., two people talking to each other), while in
computing the traversed distance is measured in microns (e.g.,
between two subcomponents on a single integrated circuit). A
similar convergence affects companies in communications and in
computing -- their boundaries are blurring, their scopes are
changing, and their production processes overlap increasingly.

   +    *Software* is increasingly carrying the burden of
providing functionality in information technology. In general,
software is what gives hardware its functional capabilities,
and different software running on the same hardware can change
the functionality of that hardware entirely. Since software is
intangible, it can be deployed widely on a very short time
scale compared to that of hardware. Box 1.1 contains more
discussion of this point.

   As these examples suggest, information technologies are
ever more affordable and ubiquitous. In all sectors of the
economy, they drive demand for information systems; such
demand will continue to be strong and experience significant
growth rates. High-bandwidth and/or wireless media are
becoming more and more common. Interest in and use of the
Internet and similar public networks will continue to
experience very rapid growth.

----------

   (1)  Citations to a variety of press accounts can be found
in Computer Science and Telecommunications Board (CSTB),
National Research Council, *Information Technology and
Manufacturing: A Research Agenda*, National Academy Press,
Washington, D.C., 1993; CSTB, *Information Technology in the
Service Society: A Twenty-First Century Lever*, 1993; CSTB,
*Realizing the Information Future: The Internet and Beyond*,
1994; CSTB, *Keeping the Computer and Communications Industry
Competitive: Convergence of Computing, Communications, and
Entertainment*, 1995; and CSTB, *The Unpredictable Certainty:
Information Infrastructure Through 2000*, 1996.

____________________________________________________________


         1.2 TRANSITION TO AN INFORMATION SOCIETY --
       INCREASING INTERCONNECTIONS AND INTERDEPENDENCE

   As the availability and use of computer-based systems grow,
so, too, does their interconnection. The result is a shared
infrastructure of information, computing, and communications
resources that facilitates collaboration at a distance,
geographic dispersal of operations, and sharing of data. With
the benefits of a shared infrastructure also come costs.
Changes in the technology base have created more
vulnerabilities, as well as the potential to contain them. For
example, easier access for users in general implies easier
access for unauthorized users.

   The design, mode of use, and nature of a shared
infrastructure create vulnerabilities for all users. For
national institutions such as banking, new risks arise as the
result of greater public exposure through such
interconnections. For example, a criminal who penetrates one
bank interconnected to the world's banking system can steal
much larger amounts of money than are stored at that one bank.
(Box 1.2 describes a recent electronic bank robbery.) Reducing
vulnerability to breaches of security will depend on the
ability to identify and authenticate people, systems, and
processes and to assure with high confidence that information
is not improperly manipulated, corrupted, or destroyed.

   Although society is entering an era abounding with new
capabilities, many societal practices today remain similar to
those of the 1960s and 1970s, when computing was dominated by
large, centralized mainframe computers. In the 1980s and
1990s, they have not evolved to reflect the introduction of
personal computers, portable computing, and increasingly
ubiquitous communications networks. Thus, people continue to
relinquish control over substantial amounts of personal
information through credit card transactions, proliferating
uses of Social Security numbers, and participation in
frequent-buyer programs with airlines and stores.
Organizations implement trivial or no protection for
proprietary data and critical systems, trusting policies to
protect portable storage media or relying on simple passwords
to protect information.

   These practices have endured against a backdrop of
relatively modest levels of commercial and individual risk;
for example, the liability of a credit-card owner for credit
card fraud perpetrated by another party is limited by law to
$50. Yet most computer and communications hardware and
software systems are subject to a wide range of
vulnerabilities, as described in Box 1.3. Moreover,
information on how to exploit such vulnerabilities is often
easy to obtain. As a result, a large amount of information
that people say they would like to protect is in fact
available through entirely legal channels (e.g., purchasing a
credit report on an individual) or in places that can be
accessed improperly through technical attacks requiring
relatively modest effort.

   Today, the rising level of familiarity with computer-based
systems is combining with an explosion of experimentation with
information and communications infrastructure in industry,
education, health care, government, and personal settings to
motivate new uses of and societal expectations about the
evolving infrastructure. A key feature of the new environment
is connection or exchange: organizations are connecting
internal private facilities to external public ones; they are
using public networks to create virtual private networks, and
they are allowing outsiders such as potential and actual
customers, suppliers, and business allies to access their
systems directly. One vision of a world of electronic commerce
and what it means for interconnection is described in Box 1.4.

   Whereas a traditional national security perspective might
call for keeping people out of sensitive stores of information
or communications networks, national economic and social
activity increasingly involves the exact opposite: inviting
people from around the world to come in -- with varying
degrees of recognition that all who come in may not be
benevolent. Box 1.5 describes some of the tensions between
security and openness. Such a change in expectations and
perspective is unfolding in a context in which controls on
system access have typically been deficient, beginning with
weak operating system security. The distributed and
internetworked communications systems that are emerging raise
questions about protecting information regardless of the path
traveled (end-to-end security), as close to the source and
destination as possible.

   The international dimensions of business and the growing
importance of competitiveness in the global marketplace
complicate the picture further. Although "multinationals" have
long been a feature of the U.S. economy, the inherently
international nature of communications networks and the
growing capabilities for distributing and accessing
information worldwide are helping many activities and
institutions to transcend national boundaries. (See Box 1.6.)

   At the same time, export markets are at least as important
as domestic U.S. markets for a growing number of goods and
service producers, including producers of information
technology products as well as a growing variety of high- and
low-technology products. The various aspects of globalization
-- identifying product and merchandising needs that vary by
country; establishing and maintaining employment, customer,
supplier, and distribution relationships by country;
coordinating activities that may be dispersed among countries
but result in products delivered to several countries; and so
on -- place new demands on U.S.based and U.S.-owned
information, communication, organizational, and personal
resources and systems.


          1.3 COPING WITH INFORMATION VULNERABILITY

   Solutions to cope with the vulnerabilities described above
require both appropriate technology and user behavior and are
as varied as the needs of individual users and organizations.
Cryptography -- a technology described more fully in Chapter
2 and Appendix C -- is an important element of many solutions
to information vulnerability that can be used in a number of
different ways. National cryptography policy -- the focus of
this report -- concerns how and to what extent government
affects the development, deployment, and use of this important
technology. To date, public discussion of national
cryptography policy has focused on one particular application
of cryptography, namely its use in protecting the
confidentiality of information and communications.

   Accordingly, consideration of national cryptography policy
must take into account two fundamental issues:

   +    If the public information and communications
infrastructure continues to evolve with very weak security
throughout, reflecting both deployed technology and user
behavior, the benefits from cryptography for confidentiality
will be significantly less than they might otherwise be.

   +    The vulnerabilities implied by weak security overall
affect the ability of specific mechanisms such as cryptography
to protect not only confidentiality but also the integrity of
information and systems and the availability of systems for
use when sought by their users. Simply protecting (e.g.,
encrypting) sensitive information from disclosure can still
leave the rest of a system open to attacks that can undermine
the encryption (e.g., the lack of access controls that could
prevent the insertion of malicious software) or destroy the
sensitive information.

   Cryptography thus must be considered in a wider context. It
is not a panacea, but it is extremely important to ensuring
security and can be used to counter several vulnerabilities.

   Recognition of the need for system and infrastructure
security and demand for solutions are growing. Although demand
for solutions has yet to become widespread, the trend is away
from a marketplace in which the federal government (2) was the
only meaningful customer. Growing reliance on a shared
information and communications infrastructure means that all
individuals and organizations should be, and the committee
believes will become, the dominant customers for better
security. That observation is inherent in the concept of
infrastructure as something on which people rely.

   What may be less obvious is that as visions of ubiquitous
access and interconnection are increasingly realized,
individual, organizational, and governmental needs may become
aligned. Such an alignment would mark a major change from the
past. Again, sharing of a common infrastructure is the cause:
everyone, individual or organization, public or private
sector, is a user. As significantly, all of these parties face
a multitude of threats to the security of information (Box
1.7). Consideration of the nation's massive dependence on the
public switched telecommunications network, which is one of
many components of the information and communications
infrastructure, provides insight into the larger set of
challenges posed by a more complex infrastructure (Box 1.8).

   To illustrate the broad panorama of stakeholder interests
in which national cryptography policy is formulated, the next
several sections examine different aspects of society from the
standpoint of needs for information security.

----------

   (2)  The more general statement is that the market
historically involved national governments in several
countries as the principal customers.

____________________________________________________________


          1.4 THE BUSINESS AND ECONOMIC PERSPECTIVE

   For purposes of this report, the relationship of U.S.
businesses to the information society has two main elements.
One element is that of protecting information important to the
success of U.S. businesses in a global marketplace. The second
element is ensuring the nation's continuing ability to exploit
U.S. strengths in information technology on a worldwide basis.


       1.4.1 Protecting Important Business Information

   A wide range of U.S. companies operating internationally
are threatened by foreign information-collection efforts. The
National Counterintelligence Center (NACIC) reports that "the
U.S. industries that have been the targets in most cases of
economic espionage and other foreign collection activities
include biotechnology; aerospace; telecommunications; computer
hardware/software, advanced transportation and engine
technology; advanced materials and coatings; energy research;
defense and armaments technology; manufacturing processes; and
semiconductors."(3) Foreign collectors target proprietary
business information such as bid, contract, customer. and
strategy information, as well as corporate financial and trade
data. Of all of the information vulnerabilities facing U.S.
companies internationally (Box 1.7), electronic
vulnerabilities appear to be the most significant. For
example, the NACIC concluded that "specialized technical
operations (including computer intrusions, telecommunications
targeting and intercept, and private-sector encryption
weaknesses) account for the largest portion of economic and
industrial information lost by U.S. corporations." The NACIC
noted,

   Because they are so easily accessed and intercepted,
   corporate telecommunications -- particularly international
   telecommunications -- provide a highly vulnerable and
   lucrative source for anyone interested in obtaining trade
   secrets or competitive information. Because of the
   increased usage of these links for bulk computer data
   transmission and electronic mail, intelligence collectors
   find telecommunications intercepts cost-effective. For
   example, foreign intelligence collectors intercept
   facsimile transmissions through government-owned telephone
   companies, and the stakes are large -- approximately half
   of all overseas telecommunications are facsimile
   transmissions. Innovative "hackers" connected to computers
   containing competitive information evade the controls and
   access companies' information. In addition, many American
   companies have begun using electronic data interchange, a
   system of transferring corporate bidding, invoice, and
   pricing data electronically overseas. Many foreign
   government and corporate intel]igence collectors find this
   information invaluable.(4)

   Why is electronic information so vulnerable? The primary
reason is that it is computer-readable and thus much more
vulnerable to automated search than are intercepted voice or
postal mail transmissions. Once the information is collected
(e.g., through an existing wiretap or a protocol analyzer on
an Internet router), it is relatively simple for computers to
search streams of electronic information for word combinations
of interest (e.g., "IBM," "research," and "superconductivity"
in the same message). As the cost of computing drops, the cost
of performing such searches drops.(5) The threat posed by
automated search, coupled with the sensitivity of certain
communications that are critical for nongovernment users, is
at the root of nongovernment demand for security.(6)

   Note that solutions for coping with information-age
vulnerabilities may well create new responsibilities for
businesses. For example, businesses may have to ensure that
the security measures they take are appropriate for the
information they are protecting, and/or that the information
they are protecting remains available for authorized use.
Failure to discharge these responsibilities properly may
result in a set of liabilities that these businesses currently
do not face.

   Appendix I of this report elaborates issues of information
vulnerability in the context of key induskies such as banking
and financial services, health care, manufacturing, the
petroleum industry, pharmaceuticals, the entertainment
industry, and government.

----------

   (3)  National Counterintelligence Center, *Annual Report to
Congress on Foreign Economic Collection and Industrial
Espionage*, Washington, D.C., July 1995, p. 15.

   (4)  From the National Counterintelligence Center, *Annual
Report to Congress on Foreign Economic Collection and
Industrial Espionage*, Washington, D.C., July 1995. Further,
intelligence collections by foreign powers are facilitated
when a hostile government interested in eavesdropping controls
the physical environment in which a U.S. company may be
operating. For example, the U.S. company may be in a nation in
which the telecommunications system is under the direct
control of the government. When a potentially hostile
government controls the territory on which a company must
operate, many more compromises are possible.

   (5)  As a rough rule of thumb, Martin Hellman estimates
that 10 billion (10^10) words can be searched for $1. This
estimate is based on an experiment in which Hellman used the
Unix utility program "fgrep" to search a 1 million (10^6)
character file for a specific string of 10 characters known to
be at the end of the file and nowhere else. It took the NeXT
workstation on which this experiment was run approximately 1
second to find these last 10 characters. Since there are
approximately 10^5 seconds in a day and 10^3 days (about 3
years) in the useful life of the workstation, it can search
roughly 10^13 over its life. Since such a workstation is worth
on the order of $1,000 today, this works out to 10^10 words
searched for $1. (With the use of specialized hardware, this
cost could be reduced significantly. For example, in the 1976
Book IV of the Senate Select Committee on Intelligence Report,
R.L. Garwin describes the use of "match registers" to
efficiently implement queries against a database.)

   (6)  Other noncomputer-based technology for the clandestine
gathering of information is widely available on the retail
market. In recent years, concern over the ready availability
of such equipment has grown. See, for example, Ross E. Milloy,
"Spying Toys for Adults or Supplies for Crimes?," *New York
Times*, August 28, 1995, p. A-10; Pam Belluck, "A Shadow over
the Spy-Shop Business," *New York Times*, September 22, 1995,
p. B-3; and James C. McKinley, Jr., "U.S. Agents Raid Stores
in 24 Cities to Seize Spy Gear," *New York Times*, April 6,
1995, p. A-1.

____________________________________________________________


             1.4.2 Ensuring the Nation's Ability
                  to Exploit Global Markets

   With the increasing globalization of business operations,
information technology plays a key role in maintaining the
competitive strengths of U.S. business. In particular, U.S.
businesses have proven adept at exploiting information and
information technologies to create new market niches and
expand old ones. This pattern has deep roots. For example,
beginning in the 1960s, American Airlines pioneered in
computerized reservations systems and extended use of the
information captured and stored in such systems, generating an
entire new business that is more profitable than air kansport
services. More recently, creative uses of information
technology have advanced U.S. leadership in the production of
entertainment products (e.g., movies and videos, recorded
music, on-line services) for the world.

   U.S. innovation in using information technology reflects in
part the economic vitality that makes new technology
affordable. It also reflects proximity to the research and
production communities that supply key information technology
products, communities with which a variety of U.S. industries
have successfully exchanged talent, communicated their needs
as customers, and collaborated in the innovation process. In
other words, it is not an accident that innovation in both use
and production of information technology has blossomed in the
United States.

   The business advantages enjoyed by U.S. companies that use
information technology are one important reason that the
health of U.S. computer, telecommunications, and information
industries is important to the economy as a whole. A second
important reason is the simple fact that the U.S. information
technology sector (the set of industries that supply
information technology goods and services) is the world's
strongest.(7) The industry has an impressive record of product
innovation; key U.S. products are de facto world standards;
U.S. marketing and distribution capabilities for software
products are unparalleled; and U.S. companies have
considerable strengths in the manufacture of specialized
semiconductor technologies and other key components. A strong
information technology sector makes a significant contribution
to the U.S. balance of payments and is responsible for large
numbers of high-paying jobs. These strengths establish a firm
foundation for continued growth in sales for U.S. information
technology products and services as countries worldwide
assimilate these technologies into their economies.

   Finally, because of its technological leadership the United
States should be better positioned to extend that lead, even
if the specific benefits that may result are not known in
advance. The head start in learning how to use information
technology provides a high baseline on which U.S. individuals
and organizations can build.

   The committee believes that information technology is one
of a few high-technology areas (others might include aerospace
and electronics) that play a special role in the economic
health of the nation, and that leadership in this area is one
important factor underlying U.S. economic strength in the
world today.(8) To the extent that this belief is valid, the
economic dimension of national security and perhaps even
traditional national security itself may well depend
critically on a few key industries that are significant to
military capabilities, the industrial base, and the overall
economic health of the nation. Policy that acts against the
health and global viability of these industries or that
damages the ability of the private sector to exploit new
markets and identify niches globally thus deserves the most
careful scrutiny.

   Because it is inevitable that other countries will expand
their installed information technology bases and develop their
own innovations and entrepreneurial strengths, U.S. leadership
is not automatic. Already, evidence of such development is
available, as these nations build on the falling costs of
underlying technologies (e.g., microprocessors, aggregate
communications bandwidth) and worldwide growth in relevant
skills. The past three decades of information technology
history provide enough examples of both successful first
movers and strategic missteps to suggest that U.S. leadership
can be either reinforced or undercut: leadership is an asset,
and it is sensitive to both public policy and private action.

   Public and private factors affecting the competitive health
of U.S. information technology producers are most tightly
coupled in the arena of foreign trade.(9) U.S. producers place
high priority on ease of access to foreign markets. That
access reflects policies imposed by U.S. and foreign
governments, including governmental controls on what can be
exported to whom. Export controls affect foreign trade in a
variety of hardware, software, and communications systems.(10) 
They are the subject of chronic complaints from industry, to
which government off1cials often respond by pointing to other,
industry-centered explanations (e.g., deficiencies in product
design or merchandising) for observed levels of foreign sales
and market shares. Chapter 4 addresses export controls in the
context of cryptography and national cryptography policy.

----------

   (7)  For example, a staff study by the U.S. International
Trade Commission found that 8 of the world's top ten
applications software vendors, 7 of the world's top ten
systems software vendors, the top 5 systems integration firms,
and 8 of the top ten custom programming firms are U.S. firms;
the top nine global outsourcing firms have headquarters in the
U.S. See Office of Industries, U.S. International Trade
Commission, *Global Competitiveness of the U.S. Computer
Software and Service Industries*, Staff Research Study #21,
Washington, D.C., June 1995, Chapter 5.

   (8)  The committee acknowledges that there is a wide range
of judgment among responsible economists on this matter. Some
argue that the economy is so diverse that the fate of a single
industry or even a small set of industries has a relatively
small effect on broader economic trends. Others argue that
certain industries are important enough to warrant subsidy or
industrial policy to promote their interests. The committee
discussed this specific issue to a considerable extent and
found a middle ground between these two extremes -- that
information technology is one important industry among others,
and that the health and well-being of that industry are
important to the nation. This position is also supported by
the U.S. government, which notes that telecommunications and
computer hardware/software are among a number of industries
that are of "strategic interest to the United States ...
because they produce classified products for the government,
produce dual use technology used in both the public and
private sectors, and are responsible for leading-edge
technologies critical to maintaining U.S. economic security."
National Counterintelligence Center, *Annual Report to
Congress on Foreign Economic Collection and Industrial
Espionage*, Washington, D.C., July 1995, p. 15.

   (9)  Of course, many intrafirm and intraindustry factors
shape competitive strength, such as good management, adequate
financing, good fit between products and consumer preferences,
and so on.

   (10) See, for example, John Harvey et al, *A Common-Sense
Approach to High-Technology Export Controls*, Center for
International Security and Arms Control, Stanford University,
Stanford, California, March 1995; National Research Council,
*Finding Common Ground: US. Export Controls in a Changed
Global Environment*, National Academy Press, Washington, D.C.,
1991; Computer Science and Telecommunications Board, National
Research Council, *Global Trends in Computer Technology and
Their Impact on Export Control*, National Academy Press,
Washington, D.C., 1988.

____________________________________________________________


      1.5 INDIVIDUAL AND PERSONAL INTERESTS IN PRIVACY

   The emergence of the information age affects individuals as
well as businesses and other organizations. As numerous
reports argue, the nation's information infrastructure
promises many opportunities for self-education, social
exchange, recreation, personal business, cost-effective
delivery of social programs, and entrepreneurship.(11) Yet the
same technologies that enable such benefits may also convey
unwanted side effects. Some of those can be considered
automated versions of problems seen in the paper world; others
are either larger in scale or different in kind. For
individuals, the area relevant to this report is privacy and
the protection of personal information. Increasing reliance on
electronic commerce and the use of networked communication for
all manner of activities suggest that more information about
more people will be stored in network-accessible systems and
will be communicated more broadly and more often, thus raising
questions about the security of that information.

   Privacy is generally regarded as an important American
value, a right whose assertion has not been limited to those
"with something to hide." Indeed, assertion of the right to
privacy as a matter of principle (rather than as all
instrumental action) has figured prominently in U.S. political
and social history; it is not merely abstract or theoretical.

   In the context of an information age, an individual's
privacy can be affected on two levels: privacy in the context
of personal transactions (with businesses or other
institutions and with other individuals), and privacy
vis-a-vis governmental units. Both levels are affected by the
availability of tools, such as cryptography in the context of
information and communications systems, that can help to
preserve privacy. Today's information security technology, for
example, makes it possible to maintain or even raise the cost
of collecting information about individuals. It also provides
more mechanisms for government to help protect that
information. The Clinton Administration has recognized
concerns about the need to guard individual privacy,
incorporating them into the security and privacy guidelines of
its Information Infrastructure Task Force.(12) These
guidelines represent an important step in the process of
protecting individual privacy.

----------

   (11) See, for example, Comnputer Science and
Telecommunications Board (CSTB), National Research Council,
*The Unpredictable Certainty: Information Infrastructure
Through 2000*, National Academy Press, Washington, D.C., 1996;
and CSTB, *The Unpredictable Certainty: Companion Volume of
White Papers*, 1996; CSTB, *The Changing Nature of
Telecommunications/Information Infrastructure*, National
Academy Press, Washington, D.C., 1995.

   (12) Information Infrastructure Task Force, National
Information Infrastructure Security Issues Forum, *NII
Security: The Federal Role*, Washington, D.C., June 5, 1995.

____________________________________________________________


           1.5.1 Privacy in an Information Economy

   Today, the prospect for easier and more widespread
collection and use of personal data as a byproduct of ordinary
activities raises questions about inappropriate activities by
industry, nosy individuals, and/or criminal elements in
society. Criminals may obtain sensitive financial information
to defraud individuals (credit card fraud, for example,
amounts to approximately $20 per card per year). Insurance
companies may use health data collected on individuals to
decide whether to provide or deny health insurance -- putting
concerns about business profitability in possible conflict
with individual and public health needs. On the other hand,
much of the personal data in circulation is willingly divulged
by individuals for specific purposes; the difficulty is that
once shared, such information is available for additional
uses. Controlling the further dissemination of personal data
is a function both of procedures for how information should be
used and of technology (including but not limited to
cryptography) and procedures for restricting access to those
authorized.

   Given such considerations, individuals in an information
age may wish to be able to:

   +    Keep specific information private. Disclosure of
information of a personal nature that could be embarrassing if
known, whether or not such disclosure is legal, is regarded as
an invasion of privacy by many people. A letter to Ann Landers
from a reader described his inadvertent eavesdropping on some
very sensitive financial transactions being conducted on a
cordless telephone.(13) A staff member of this study committee
has heard broadcasts of conversations that apparently emanate
from a next-door baby monitor whose existence has been
forgotten. Home banking services using telephone lines or
network connections and personal computers will result in the
flow on public networks of large amounts of personal
information regarding finances. Even the ad copy in some of
today's consumer catalogues contains references to information
security threats.(14)

   +    Ensure that a party with whom they are transacting
business is indeed the party he or she claims to be. Likewise,
they may seek to authenticate their own identity with
confidence that such authentication will be accepted by other
parties, and that anyone lacking such authentication will be
denied the ability to impersonate them.(15) Such a capability
is needed to transfer money among mutual funds with a
telephone call or to minimize unauthorized use of credit card
accounts.(16) In an electronic domain without face-to-face
communications or recognizable indicators such as voices and
speech patterns (as used today in telephone calls), forgery of
identity becomes increasingly easy.

   +    Prevent the false repudiation of agreed-to
transactions. It is undesirable for a party to a transaction
to be able to repudiate (deny) his agreement to the terms of
the transaction. For example, an individual may agree to pay
a certain price for a given product; he or she should not then
be able to deny having made that agreement (as he or she might
be tempted to do upon finding a lower price elsewhere).

   +    Communicate anonymously (i.e., carry out the opposite
of authenticated communication). Individuals may wish to
communicate anonymously to criticize the government or a
supervisor, report illegal or unethical activity without
becoming further involved, or obtain assistance for a problem
that carries a social stigma. In other instances, they may
simply wish to speak freely without fear of social reprisal or
for the entertainment value of assuming a new digital identity
in cyberspace.

   +    Ensure the accuracy of data that is relevant to them.
Many institutions such as banks, financial institutions, and
hospitals keep records on individuals. These individuals often
have no personal control of these records, even though the
integrity of the data in these records can be of crucial
significance. Occasional publicity attests to instances of the
inaccuracy of such data (e.g., credit records) and to the
consequences for individuals.

   Practical safeguards for privacy such as those outlined
above may be more compelling than abstract or principled
protection of a right to privacy.

----------

   (13) Ann Landers. "Ann Landers," *Washington Post*,
Creators Syndicate, October 20, 1995, p. D-5.

   (14) For example, a catalogue from Comtrad Industries notes
that "burglars use 'Code Grabbers' to open electric garage
doors and break into homes," defining "code grabbers" as
"devices that can record and play back the signal produced
from your garage door remote control." Comtrad Industries, (p.
20, catalogue from 1995). The Herrington catalogue advertises
the "Enigma" phone scrambler by noting that "[a] recent Wall
Street Journal article documents the increasing acceptance and
prevalence of industrial espionage" and mentions as an
"example of the alarming intrusion of the federal government
into citizens' private lives" the fact that "the FBI
petitioned Congress to further expand its wiretapping
authority." Herrington, Winter 1996, p. 13. Note that both of
these mail-order firms cater to mainstream consumer sentiment.

   (15) Is For example, a journalist that had reported on the
trafficking of illegally copied software on America Online was
the victim of hackers that assumed his on-line identity,
thereby intercepting his e-mail messages and otherwise
impersonating him. See Peter Lewis, "Security Is Lost in
Cyberspace," *New York Times*, February 22, 1995, p. D-1.
Other cases of "stolen identities" have been reported in the
press, and while these cases remain relatively isolated, they
are still a matter of public concern. Thieves forge signatures
and impersonate identities of law-abiding citizens to steal
money from bank accounts and to obtain credit cards in the
name of those citizens; see Charles Hall, "A Personal Approach
to Stealing," *Washington Post*, April 1, 1996, p. A-1.

   (16) For example, a recent press article calls attention to
security concerns raised by the ease of access to 401(k)
retirement accounts (for which there is no cap on the
liability incurred if a third party with unauthorized access
to it transfers funds improperly). See Timothy Middleton,
"Will Thieves Crack Your Automated Nest Egg?," *New York
Times*, March 10, 1996, Business Section, p. 10. Another
article describes a half-dozen easy-to-apply methods that can
be used by criminals to undertake fraud. See Albert Crenshaw,
"Creative Credit Card Crooks Draw High-Tech Response,"
*Washington Post*, August 6, 1995, Business Section, p. H-1.

____________________________________________________________


                 1.5.2 Privacy for Citizens

   Public protection of privacy has been less active in the
United States than in other countries, but the topic is
receiving increasing attention. In particular, it has become
an issue in the political agenda of people and organizations
that have a wide range of concerns about the role and
performance of government at all levels; it is an issue that
attracts advocates from across the spectrum of political
opinion. The politicization of privacy may inhibit the orderly
consideration of relevant policy, including cryptography
policy, because it revolves around the highly emotional issue
of trust in government. The trust issue surfaced in the
initial criticisms of the Clipper chip initiative proposal in
1993 (Chapter 5) and continues to color discussion of privacy
policy generally and cryptography policy specifically.

   To many people, freedom of expression and association,
protection against undue governmental, commercial, or public
intrusion into their personal affairs, and fair treatment by
various authorities are concems shaped by memories of highly
publicized incidents in which such rights were flouted.(17) It
can be argued that such incidents were detectable and
correctable precisely because they involved government units
that were obligated to be publicly accountable -- and indeed,
these incidents prompted new policies and procedures as well
as greater public vigilance. It is also easy to dismiss them
as isolated instances in a social system that for the most
part works well. But where these episodes involve government,
many of those skeptical about government believe that they
demonstrate a capacity of government to violate civil
liberties of Americans who are exercising their constitutional
rights.(18) This perception is compounded by attempts to
justify past incidents as having been required for purposes of
national security. Such an approach both limits public
scrutiny and vitiates policy-based protection of personal
privacy.

   It is hard to determine with any kind of certainty the
prevalence of the sentiments described in this section. By
some measures, over half of the public is skeptical about
government in general,(19) but whether that skepticism
translates into widespread public concem about government
surveillance is unclear. The committee believes that most
people acting as private individuals feel that their
electronic communications are secure and do not generally
consider it necessary to take special precautions against
threats to the confidentiality of those communications. These
attitudes reflect the fact that most people, including many
who are highly knowledgeable about the risks, do not give much
conscious thought to these issues in their day-to-day
activities.

   At the same time, the committee acknowledges the concerns
of many law-abiding individuals about government surveillance.
It believes that such concerns and the questions they raise
about individual rights and government responsibilities must
be taken seriously. It would be inappropriate to dismiss such
individuals as paranoid or overly suspicious. Moreover, even
if only a minority is worried about government surveillance,
it is an important consideration, given the nation's history
as a democracy,(20) for determining whether and how access to
and use of cryptography may be considered a citizen's right
(Chapter 7).

----------

   (17) Some incidents that are often cited include the
surveillance of political dissidents, such as Martin Luther
King, Jr., Malcolm X, and the Student Non-Violent Coordinating
Committee in the mid to late 1960s; the activities of the
Nixon "plumbers" in the late 1960s, including the harassment
and surveillance of sitting and fommer govemment officials and
joumalists and their associates in the name of preventing
leaks of sensitive national security information; U.S.
intelligence surveillance of the intemational cable and
telephone communications of U.S. citizens from the early 1940s
through the early 1970s in support of FBI and other domestic
law enforcement agencies; and the creation of FBI dossiers on
opponents of the Vietnam War in the mid-1960s. The description
of these events is taken largely from Frank J. Donner, *The
Age of Surveillance*, Alfred A. Knopf, Inc., New York, 1980
(surveillance of political dissidents, pp. 244-248; plumbers,
pp. 248-252; FBI dossiers on antiwar protesters, pp. 252-256;
NSA surveillance, pp. 276-277.) Donner's book documents many
of these events. See also *Final Report of the Senate Select
Committee to Study Governmental Operations with respect to
Intelligence Activities*, Book II, April 26, 1974, U.S.
Govemment Printing Office, Washington, D.C., p. 12.

   (18) For example, at the 4th Conference on Computers,
Freedom, and Privacy in Chicago, Illinois, held in 1994, a
government speaker asked the audience if they were more
concerned about govemment abuse and harassment or about
criminal activity that might be directed at them. An
overwhelming majority of the audience indicated greater
concern about the first possibility. For recent accounts that
give the flavor of concerns about malfeasance by law
enforcement officials, see Ronald Smothers, "Atlanta Holds Six
Policemen In Crackdown," *New York Times*, September 7, 1995,
p. 9; George James, "Police Officer Is Arrested on Burglary
Charges in Sting Operation," *New York Times*, September 7,
1995, p. B-5; Kenneth B. Noble, "Many Complain of Bias in Los
Angeles Police," *New York Times*, September 4, 1995, p. 11;
Kevin Sack, "Racism of a Rogue Officer Casts Suspicion on
Police Nationwide," *New York Times*, September 4, 1995, p. 1;
Gordon Witkin, "When the Bad Guys are Cops," *U.S. News &
World Report*, September 11, 1995, p. 20; Barry Tarlow, "Doing
the Fuhrman Shuffle," *Washington Post*, August 27, 1995, p.
C-2; David W. Dunlap, "F.B.I. Kept Watch on AIDS Group During
Protest Years," *New York Times*, May 16, 1995, p. B3.

   (19) For example, a national Harris poll in January 1994
asked "Which type of invasions of privacy worry you the most
in America today -- activities of government agencies or
businesses?" Fifty-two percent said that government agencies
were their greater worry, while 40% selected business. See
Center for Social and Legal Research, *Privacy & American
Business*, Volume 1(3), Hackensack, New Jersey, 1994, p. 7.

   (20) Protecting communications from government surveillance
is a time-honored technique for defending against tyranny. A
most poignant example is the U.S. insistence in 1945 that the
postwar Japanese constitution include protection against
government surveillance of the communications of Japanese
citizens. In the aftermath of the Japanese surrender in World
War II, the United States drafted a constitution for Japan.
The initial U.S. draft contained a provision saying that "[n]o
censorship shall be maintained, nor shall the secrecy of any
means of communication be violated." The Japanese response to
this provision was a revised provision stating that "[t]he
secrecy of letter and other means of communication is
guaranteed to all of the people, provided that necessary
measures to be taken for the maintenance of public peace and
order, shall be provided by law." General Douglas MacArthur,
who was supervising the drafting of the new Japanese
constitution, insisted that the original provision regarding
communications secrecy and most other provisions of the
original U.S. draft be maintained. The Japanese agreed, this
time requesting only minor changes in the U.S. draft, and
accepting fully the original U.S. provision on communications
secrecy. See Osamu Nishi, *Ten Days Inside General
Headquarters (GHQ): How the Original Draft of the Japanese
Constitution Was Written in 1946*, Seibundo Publishing Co.
Ltd., Tokyo, 1989.

____________________________________________________________


               1.6 SPECIAL NEEDS OF GOVERNMENT

   Government encompasses many functions that generate or
depend on information, and current efforts to reduce the scope
and size of government depend heavily on information
technology. In many areas of government, the information and
information security needs resemble those of industry (see
Appendix I). Government also has important responsibilities
beyond those of industry, including those related to public
safety. For two of the most important and least understood in
detail, law enforcement and national security, the need for
strong information security has long been recognized.

   Domestic law enforcement authorities in our society have
two fundamental responsibilities: preventing crime and
prosecuting individuals that have committed crimes. Crimes
committed and prosecuted are more visible to the public than
crimes prevented (see Chapter 3).

   The following areas relevant to law enforcement require
high levels of information security:

   +    *Prevention of information theft from businesses and
individuals*, consistent with the transformation of economic
and social activities outlined above.

   +    *Tactical law enforcement communications*. Law
enforcement officials working in the field need secure
communications. At present, police scanners available at
retail electronics stores can monitor wireless communications
channels used by police; criminals eavesdropping on such
communications can receive advance warning of police
responding to crimes that they may be committing.

   +    *Efficient use by law enforcement officials of the
large amounts of information compiled on criminal activity*.
Getting the most use from such information implies that it be
remotely accessible and not be improperly modified (assuming
its accuracy and proper context, a requirement that in itself
leads to much controversy (21) ).

   +    *Reliable authentication of law enforcement
officials*. Criminals have been known to impersonate law
enforcement officials for nefarious purposes, and the
information age presents additional opportunities.

   In the domain of national security, traditional missions
involve protection against military threats originating from
other nation-states and directed against the interests of the
United States or its friends and allies. These traditional
missions require strong protection for vital information.

   +    U.S. military forces require secure communications.
Without cryptography and other information security
technologies in the hands of friendly forces, hostile forces
can monitor the operational plans of friendly forces to gain
an advantage.(22)

   +    Force planners must organize and coordinate flows of
supplies, personnel, and equipment. Such logistical
coordination involves databases whose integrity and
confidentiality as well as remote access must be maintained.

   +    Sensitive diplomatic communications between the United
States and its representatives or allies abroad. and/or
between critical elements of the U.S. government, must be
protected as part of the successful conduct of foreign
affairs, even in peacetime.(23)

   In addition, the traditional missions of national security
have expanded in recent years to include protection against
terrorists (24) and international criminals, especially drug
cartels.(25) Furthermore, recognition has been growing that in
an information age, economic security is part of national
security.

   More broadly, there is a practical convergence under way
among protection of individual liberties, public safety,
economic activity, and military security. For example, the
nation is beginning to realize that critical elements of the
U.S. civilian infrastructure -- including the banking system,
the air traffic control system, and the electric power grid --
must be protected against the threats described above, as must
the civilian information infrastructure that supports the
conduct of sensitive government communications. Because
civilian infrastructure provides a significant degree of
functionality on which the military and defense sector
depends, traditional national security interests are at stake
as well, and concerns have grown about the implications of
what has come to be known as information warfare (Box 1.9).
More generally, the need for more secure systems, updated
security policies, and effective procedural controls is taking
on truly nationwide dimensions.

----------

   (21) See for example, U.S. General Accounting Office,
*National Crime Information Center: Legislation Needed to
Deter Misuse of Criminal Justice Information*,
GAO/T-GGD-93-41, 1993.

   (22) For example, the compromise of the BLACK code used by
Allied military forces in World War Il enabled German forces
in Africa in 1942, led by General Erwin Rommel, to determine
the British order of battle (quantities, types, and locations
of forces), estimate British supply and morale problems, and
know the tactical plans of the British. For example, the
compromise of one particular message enabled Rommel to thwart
a critical British counterattack. In July of that year, the
British switched to a new code, thus denying Rommel an
important source of strategic intelligence. Rommel was thus
surprised at the Battle of Alamein, widely regarded as a
turning point in the conflict in the African theater. See
David Kahn, *The Codebreakers: The Story of Secret Writing*,
MacMillan, New York, 1967, pp. 472-477.

   (23) An agreement on Palestinian self-rule was reached in
September 1995. According to public reports, the parties
involved, Yasir Arafat (leader of the Palestinian Liberation
Organization) and Shimon Peres (then Foreign Minister of
Israel), depended heavily on the telephone efforts of Dennis
Ross, a U.S. negotiator, in mediating the negotiations that
led to the agreement. Obviously, in such circumstances, the
security of these telephone efforts was critical. See Steven
Greenhouse, "Twist to Shuttle Diplomacy: U.S. Aide Mediated by
Phone," *New York Times*, September 25, 1995, p. 1.

   (24) Terrorist threats generally emanate from
nongovernmental groups, though at times involving the tacit or
implicit (but publicly denied) support of sponsoring national
governments. Furthermore, the United States is regarded by
many parties as a particularly important target for political
reasons by virtue of its prominence in world affairs. Thus,
terrorists in confrontation with a U.S. ally may wish to make
a statement by attacking the United States directly rather
than its ally.

   (25) See. for example, Phil Williams, "Transnational
Criminal Organizations and International Security,"
*Survival*, Volume 36(1), Spring 1994, pp. 96-113.

____________________________________________________________


                          1.7 RECAP

   Chapter 1 underscores the need for attention to protecting
vital U.S. interests and values in an information age
characterized by a number of trends:

   +    The world economy is in the midst of a transition from
an industrial to an information age in which information
products are extensively bought and sold, information assets
provide leverage in undertaking business activities, and
communications assume evergreater significance in the lives of
ordinary citizens. At the same time, national economies are
increasingly interlinked across national borders, with the
result that international dimensions of public policy are
important.

   +    Trends in information technology suggest an
ever-increasing panoply of technologies and technology-enabled
services characterized by high degrees of heterogeneity,
enormous computing power, and large data storage and
transmission capabilities.

   +    Given the transition to a global information society
and trends in information technology, the future of
individuals and businesses alike is likely to be one in which
information of all types plays a central role. Electronic
commerce in particular is likely to become a fundamental
underpinning of the information future.

   +    Government has special needs for information security
that arise from its role in society, including the protection
of classified information and its responsibility for ensuring
the integrity of information assets on which the entire nation
depends.

   Collectively, these trends suggest that future needs for
information security will be large. Threats to information
security will emerge from a variety of different sources, and
they will affect the confidentiality and integrity of data and
the reliable authentication of users; these threats do and
will affect businesses, government, and private individuals.

   Chapter 2 describes how cryptography may help to address
all of these problems.

____________________________________________________________

        BOX 1.1 Communications and Computing Devices
                  and the Role of Software

   Communications and computing devices can be dedicated to a
single purpose or may serve multiple purposes. Dedicated
single-purpose devices are usually (though not always)
hardware devices whose functionality cannot be easily altered.
Examples include unprogrammable pocket calculators,
traditional telephones, walkie-talkies, pagers, fax machines,
and ordinary telephone answering machines.

   A multipurpose device is one whose functionality can be
altered by the end user. In some instances, a hardware device
may be "reprogrammed" to perform different functions simply by
the physical replacement of a single chip by another chip or
by the addition of a new circuit board. Open bus architectures
and standard hardware interfaces such as the PC Card are
intended to facilitate multipurpose functionality.

   Despite such interfaces and architectures for hardware,
software is the primary means for implementing multipurpose
functionality in a hardware device. With software, physical
replacement of a hardware component is unnecessary -- a new
software program is simply loaded and executed. Examples
include personal computers (which do word processing or
mathematical calculations, depending on what software the user
chooses to run), programmable calculators (which solve
different problems, depending on the programming given to
them), and even many modern telephones (which can be
programmed to execute functions such as speed dialing). In
these instances, the software is the medium in which the
expectations of the user are embedded.

   Today, the lines between hardware and software are
blurring. For example, some "hardware" devices are controlled
by programs stored in semi-permanent read-only memory.
"Read-only memory" (ROM) originally referred to memory for
storing instructions and data that could never be changed, but
this characteristic made ROM-controlled devices less flexible.
Thus, the electronics industry responded with "read-only"
memory whose contents take special effort to change (such as
exposing the memory chip to a burst of ultraviolet light or
sending only a particular signal to a particular pin on the
chip). The flexibility and cheapness of today's electronic
devices make them ubiquitous. Most homes now have dozens of
microprocessors in coffee makers, TVs, refrigerators, and
virtually anything that has a control panel.

____________________________________________________________

     BOX 1.2 An Attempted Electronic Theft from Citicorp

   Electronic money transfers are among the most closely
guarded activities in banking. In 1994, an international group
of criminals penetrated Citicorp's computerized electronic
transfer system and moved about $12 million from legitimate
customer accounts to their own accounts in banks around the
world. According to Citicorp, this is the first time its
computerized cash-management system has been breached.
Corporate customers access the system directly to transfer
funds for making investments, paying bills, and extending
loans, among other purposes. The Citicorp system moves about
$500 billion worldwide each day. Authority to access the
system is verified with a cryptographic code that only the
customer knows.

   The case began in June 1994, when Vladimir Levin of St.
Petersburg, Russia, allegedly accessed Citicorp computers in
New York through the international telephone network, posing
as one of Citicorp's customers. He moved some customer funds
to a bank account in Finland, where an accomplice withdrew the
money in person. In the next few months, Levin moved various
Citicorp customers' funds to accomplices' personal or business
accounts in banks in St. Petersburg, San Francisco, Tel Aviv,
Rotterdam, and Switzerland.

   Accomplices had withdrawn a total of about $400,000 by
August 1994. By that time, bank officials and their customers
were on alert. Citicorp detected subsequent transfers quickly
enough to warn the banks into which funds were moved to freeze
the destination accounts. (Bank officials noted they could
have blocked some of these transfers, but they permitted and
covertly monitored them as part of the effort to identify the
perpetrators.) Other perpetrators were arrested in Tel Aviv
and Rotterdam; they revealed that they were working with
someone in St. Petersburg. An examination of telephone-company
records in St. Petersburg showed that Citicorp computers had
been accessed through a telephone line at AO Saturn, a
software company. A person arrested after attempting to make
a withdrawal from a frozen account in San Francisco
subsequently identified Levin, who was an AO Saturn employee.
Russia has no extradition treaty with the United States;
however, Levin traveled to Britain in March 1995 and was
arrested there. As of September 1995, proceedings to extradite
him for trial in the United States were in progress.

   Levin allegedly penetrated Citicorp computers using
customers' user identifications and passwords. In each case,
Levin electronically impersonated a legitimate customer, such
as a bank or an investment capital firm. Some investigators
suspect that an accomplice inside Citicorp provided Levin with
necessary information; otherwise, it is unclear how he could
have succeeded in accessing customer accounts. He is believed
to have penetrated Citicorp's computers 40 times in all.
Citicorp says it has upgraded its system's security to prevent
future break-ins.

----------

SOURCES: William Carley and Timothy O'Brien, "Cyber Caper: How
Citicorp System Was Raided and Funds Moved Around World,"
*Wall Street Journal*, September 12, 1995, p. A-1; Saul
Hansell, "A $10 Million Lesson in the Risks of Electronic
Banking," *New York Times*, August 19, 1995, p. 31.

____________________________________________________________

 BOX 1.3 Vulnerabilities in Information Systems and Networks

   Information systems and networks can be subject to four
generic vulnerabilities:

   1.   Eavesdropping or data browsing. By surreptitiously
obtaining the confidential data of a company or by browsing a
sensitive file stored on a computer to which one has obtained
improper access, an adversary could be in a position to
undercut a company bid, learn company trade secrets (e.g.,
knowledge developed through proprietary company research) that
would eliminate a competitive advantage of the company, or
obtain the company's client list in order to steal customers.
Moreover, stealth is not always necessary for damage to occur
-- many companies would be damaged if their sensitive data
were disclosed, even if they knew that such a disclosure had
occurred.

   2.   Clandestine alteration of data. By altering a
company's data clandestinely, an adversary could destroy the
confidence of the company's customers in the company, disrupt
internal operations of the company, or subject the company to
shareholder litigation.

   3.   Spoofing. By illicitly posing as a company, an
adversary could place false orders for services, make
unauthorized commitments to customers, defraud clients, and
cause no end of public relations difficulties for the company.
Similarly, an adversary might pose as a legitimate customer,
and a company -- with an interest in being responsive to user
preferences to remain anonymous under a variety of
circumstances -- could then find itself handicapped in seeking
proper confirmation of the customer's identity.

   4.   Denial of service. By denying access to electronic
services, an adversary could shut down company operations,
especially time-critical ones. On a national scale, critical
infrastructures controlled by electronic networks (e.g., the
air traffic control system, the electrical power grid)
involving many systems linked to each other are particularly
sensitive.

____________________________________________________________

      BOX 1.4 Electronic Commerce and the Implications
                    for Interconnectivity

   A number of reports have addressed the potential nature and
impact of electronic commerce.(1) Out of such reports, several
common elements can be distilled:

   +    The interconnection of geographically dispersed units
into a "virtual" company.

   +    The linking of customers, vendors, and suppliers
through videoconferencing, electronic data interchange, and
electronic networks.

   +    The creation of temporary or more permanent strategic
alliances for business purposes.

   +    A vastly increased availability of information and
information products on line, both free and for a fee, that is
useful to individuals and organizations.

   +    The electronic transaction of retail business,
beginning with today's toll-free catalog shopping and
extending to electronic network applications that enable
customers to:

        --  apply for bank loans;

        --  order tangible merchandise (e.g., groceries)
            for later physical delivery;

        --  order intangible merchandise (e.g. music,
            movies) for electronic delivery;

        --  obtain information and electronic documents
            (e.g., official documents such as driver's
            licenses and birth certificates).

   +    The creation of a genuinely worldwide marketplace that
matches buyers to sellers largely without intermediaries.

   +    New business opportunities for small entrepreneurs
that could sell low-value products to the large numbers of
potential customers that an electronic marketplace might
reach.

   In general, visions of electronic commerce writ large
attempt to leverage the competitive edge that information
technologies can provide for commercial enterprises.
Originally used exclusively to facilitate internal
communications, information technology is now used by
corporations to connect directly with their suppliers and
business partners.(2) In the future, corporate networks will
extend all the way to customers, enabling improvements in
customer service and more direct channels for customer
feedback. Furthermore, information technologies will
facilitate the formation of ad hoc strategic alliances among
diverse enterprises and even among competitors on a short time
scale, driven by changes in business conditions that demand
prompt action. This entire set of activities is already well
under way.

   In the delivery of services, the more effective use and
transmission of information has had dramatic effects. Today's
air transportation system would not exist without rapid and
reliable information flows regarding air traffic control,
sales, marketing, maintenance, safety, and logistics planning.
Retailers and wholesalers depend on the rapid collection and
analysis of sales data to plan purchasing and marketing
activities, to offer more differentiated services to
customers, and to reduce operational costs. The insurance
industry depends on rapid and reliable information flows to
its sales force and to customize policies and manage risks.
(See Computer Science and Telecommunications Board, National
Research Council, *Information Technology in the Service
Society,: A Twenty-First Century Lever*, National Academy
Press, Washington, D.C., 1994.)

----------

   (1)  See for example, Cross-Industry Working Team,
*Electronic Cash, Tokens, and Payments in the National
Information Infrastructure*, Corporation for National Research
Initiatives, 1895 Preston White Drive, Suite 100, Reston,
Virginia 22091-5434 (Internet: info-xiwt@cnri.reston.va.us;
Tel: 703/620-8990), 1994; Office of Technology Assessment,
*Electronic Enterprises: Looking to the Future*, U.S.
Government Printing Office, Washington, D.C., July 1994.

   (2)  For example, in manufacturing, collaborative
information technologies can help to improve the quality of
designs and reduce the cost and time needed to revise designs;
product designers will be able to create a "virtual" product,
make extensive computer simulations of its behavior without
supplying all of its details, and "show" it to the customer
for rapid feedback. Networks will enable the entire
manufacturing enterprise to be integrated all along the supply
chain, from design shops to truck fleets that deliver the
finished products. (See Computer Science and
Telecommunications Board, National Research Council,
*Information Technology and Manufacturing: A Research Agenda*,
National Academy Press, Washington, D.C., 1995.)

____________________________________________________________

       BOX 1.5 Tensions Between Security and Openness

   Businesses have long been concerned about the tension
between openness and security. An environment that is open to
everyone is not secure, while an environment that is closed to
everyone is highly secure but not useful. A number of trends
in business today tend to exacerbate this conflict. For
example:

   +    Modern competitive strategies emphasize openness to
interactions with potential customers and suppliers. For
example, such strategies would demand that a bank present
itself as willing to do business with anyone, everywhere, and
at any time. However, such strategies also offer potential
adversaries a greater chance of success, because increasing
ease of access often facilitates the penetration of security
measures that may be taken.

   +    Many businesses today emphasize decentralized
management that pushes decision-making authority toward the
customer and away from the corporate hierarchy. Yet security
often has been (and is) approached from a centralized
perspective. (For example, access controls are necessarily
hierarchical (and thus centralized) if they are to be
maintained uniformly.)

   +    Many businesses rely increasingly on highly mobile
individuals. When key employees were tied to one physical
location, it made sense to base security on physical presence,
e.g., to have a user present a photo ID card to an operator at
the central corporate computer center. Today, mobile computing
and communications are common, with not even a physical wire
to ensure that the person claiming to be an authorized user is
accessing a computer from an authorized location or to prevent
passive eavesdropping on unencrypted transmissions with a
radio scanner.

____________________________________________________________

             BOX 1.6 International Dimensions of
                 Business and Commerce Today

   U.S. firms increasingly operate in a global environment,
obtaining goods and services from companies worldwide,
participating in global virtual corporations, and working as
part of international strategic alliances. One key dimension
of increasing globalization has been the dismantling of
barriers to trade and investment. In the past 40 years,
tariffs among developed countries have been reduced by more
than two-thirds. After the Uruguay Round reductions are
phased-in, tariffs in these countries will be under 4%, with
43% of current trade free of any customs duties.

   While tariffs of developing countries are at higher levels,
they have recently begun to decline substantially. After the
Uruguay Round, tariffs in these countries will average 12.3%
by agreement and will be even lower as a result of unilateral
reductions. In response to the reductions in trade barriers,
trade has grown rapidly. From 1950 to 1993, U.S. and world
trade grew at an average compound rate of 10% annually.

   Investment has also grown rapidly in recent years,
stimulated by the removal of restrictions and by international
rules that provide assurances to investors against
discriminatory or arbitrary treatment. U.S. foreign direct
investment also has grown at almost 10% annually during the
past 20 years and now totals about half a trillion dollars.
Foreign direct investment in the United States has risen even
faster over the same period -- at almost 19% annually -- and
now also totals almost $500 billion.

   The expansion of international trade and investment has
resulted in a much more integrated and interdependent world
economy. For the United States, this has meant a much greater
dependence on the outside world. More than a quarter of the
U.S. gross domestic product is now accounted for by trade in
goods and services and returns on foreign investment. Over 11
million jobs are now directly or indirectly related to our
merchandise trade.

   Because the U.S. economy is mature, the maintenance of a
satisfactory rate of economic growth requires that the United
States compete vigorously for international markets,
especially in the faster growing regions of the world. Many
sectors of our economy are now highly dependent on export
markets. This is particularly the case for, but is not limited
to, high-technology goods, as indicated in the table below.

   A second international dimension is the enormous growth in
recent years of multinational enterprises. Such firms operate
across national boundaries, frequently in multiple countries.
According to the 1993 World Investment Report of the United
Nations, transnational corporations (TNCs) with varying
degrees of integration account for about a third of the
world's private sector productive assets.

   The number of TNCs has more than tripled in the last 20
years. At the outset of this decade, about 37,000 U.S. firms
had a controlling equity interest in some 170,000 foreign
affiliates. This does not include nonequity relationships,
such as management contracts, subcontracting, franchising or
strategic alliances. There are some 300 TNCs based in the
United States and almost 15,000 foreign affiliates, of which
some 10,000 are nonbank enterprises.

   The strategies employed by TNCs vary among firms. They may
be based on trade in goods and services alone or, more often,
involve more complex patterns of integrated production,
outsourcing, and marketing. One measure of the extent of
integration by U.S. firms is illustrated by the U.S. Census
Bureau, which reported that in 1994, 46% of U.S. imports and
32% of U.S. exports were between related firms. Of U.S.
exports to Canada and Mexico, 44% were between related
parties; for the European Union and Japan, the share was 37%.

   With respect to imports, the shares of related-party
transactions were 75.5% for Japan, 47.2% for the European
Union, 44.6% for Canada and 69.2% for Mexico. Among those
sectors with the highest levels of interparty trade are data
processing equipment, including computers, and parts and 
telecommunications equipment, ranging from 50% to 90%.

____________________________________________________________

                                          Exports As 
   Area of Export                         a Percentage 
                                          of U.S. Output
_____________________________________________________________

   Electronic computing and parts              52

   Semiconductors and related devices          47

   Magnetic and optical recording media   
   (includes software products)                40

----------

SOURCE: U.S. Department of Commerce, Commerce News. August 9,
1995.

____________________________________________________________


                   BOX 1.7 Threat Sources

   +    *Foreign national agencies (including intelligence
services)*. Foreign intelligence operations target key U.S.
businesses. For example, two former directors of the French
intelligence service have confirmed publicly that the French
intelligence service collects economic intelligence
information, including classified government information and
information related to or associated with specific companies
of interest.(1) Foreign intelligence agencies may break into
facilities such as the foreign offices of a U.S. company or
the hotel suite of a U.S. executive and copy computer files
from within that facility (e.g., from a laptop computer in a
hotel room, a desktop computer connected to a network in an
office).(2) Having attained such access, they can also insert
malicious code that will enable future information theft.

   +    *Disgruntled or disloyal employees that work "from the
inside."* Such parties may collude with outside agents.
Threats involving insiders are particularly pernicious because
they are trusted with critical infommation that is not
available to outsiders. Such information is generally
necessary to understand the meaning of various data flows that
may have been intercepted, even when those data flows are
received in the clear.

   +    *Network hackers and electronic vandals* that are
having fun or making political statements through the
destruction of intellectual property without the intent of
theft. Information terrorists may threaten to bring down an
information network unless certain demands are met;
extortionists may threaten to bring down an information
network unless a ransom is paid. Disgruntled customers seeking
revenge on a company also fall into this category.

   +    *Thieves* attempting to steal money or resources from
businesses. Such individuals may be working for themselves or
acting as part of a larger conspiracy (e.g., in association
with organized crime). The spreading of electronic commerce
will increase the opportunities for new and different types of
fraud, as illustrated by the large increase in fraud seen as
the result of increased electronic filing to the Internal
Revenue Service. Even worse, customers traditionally regarded
as the first line of defense against fraud (because they check
their statements and alert the merchants or banks involved to
problems) may become adversaries as they seek to deny a
signature on a check or alter the amount of a transaction.

   It is difficult to know the prevalence of such threats,
because many companies do not discuss for the record specific
incidents of information theft. In some cases, they fear
stockholder ire and losses in customer confidence over
security breaches; in others, they are afraid of inspiring
"copy-cat" attacks or revealing security weaknesses. In still
other cases, they simply do not know that they have been the
victim of such theft. Finally, only a patchwork of state laws
applies to the theft of trade secrets and the like (and not
all states have such laws). There is no federal statute that
protects trade secrets or that address commercial information
theft, and federal authorities probing the theft of commercial
information must rely on proving violations of other statutes,
such as the wire and mail fraud laws, interstate transport of
stolen property, conspiracy, or computer fraud and abuse laws;
as a result, documentation of what would be a federal offense
if such a law were present is necessarily spotty. For all of
these reasons, what is known on the public record about
economic losses from information theft almost certainly
understates the true extent of the problem.

----------

   (1)  Two former directors of the DGSE (the French
intelligence service), have publicly stated that one of the
DGSE's top priorities was to collect economic intelligence.
During a September 1991 NBC news program, Pierre Marion,
former DGSE Director, revealed that he had initiated an
espionage program against US businesses for the purpose of
keeping France internationally competitive. Marion justified
these actions on the grounds that the United States and
France, although political and military allies, are economic
and technological competitors. During an interview in March
1993, then DGSE Director Charles Silberzahn stated that
political espionage was no longer a real priority for France
but that France was interested in economic intelligence, "a
field which is crucial to the world's evolution." Silberzahn
advised that the French had some success in economic
intelligence but stated that much work is still needed because
of the growing global economy. Silberzahn advised during a
subsequent interview that theft of classified information, as
well as information about large corporations, was a long-term
French Government policy. These statements were seemingly
corroborated by a DGSE targeting document prepared in late
1989 and leaked anonymously to the US Government and the press
in May 1993. It alleged that French intelligence had targeted
numerous US Government agencies and corporations to collect
economic and industrial information. Industry leaders such as
Boeing, General Dynamics, Hughes Aircraft, Lockheed, McDonnell
Douglas, and Martin Marietta all were on the list. Heading the
US Government listing was the Office of the US Trade
Representative.

   This unclassified paragraph can be found in the secret
version of the report, National Counterintelligence Center,
*Annual Report to Congress on Foreign Economic Collection and
Industrial Espionage*, Washington, D.C., July 1995.

   (2)  According to a report from the National Communications
System, countries that currently have significant intelligence
operations against the United States for national security
and/or economic purposes include Russia, the People's Republic
of China, Cuba, France, Taiwan, South Korea, India, Pakistan,
Israel, Syria, Iran, Iraq, and Libya. "All of the intelligence
organizations listed [above] have the capability to target
telecommunications and information systems for information or
clandestine attacks. The potential for exploitation of such
systems may be significantly larger." See National
Communications System (NCS), *The Electronic Intrusion Threat
to National Security and Emergency Preparedness
Telecommunications. An Awareness Document*,  2nd ed., NCS,
Alexandria, Va., December 5, 1994, pp. 2-20.

____________________________________________________________


        BOX 1.8 Vulnerability of the Public Switched
                 Telecommunications Network

   The nation's single most critical national-level component
of information infrastructure vulnerable to compromise is the
public switched telecommunications network (PSTN). The PSTN
provides information transport services for geographically
dispersed and national assets such as the banking system and
financial markets,(1) and the air traffic control system.(2)
Even the traditional military (3) is highly dependent on the
PSTN. Parties connected to the PSTN are therefore vulnerable
to failure of the PSTN itself and to attacks transmitted over
the PSTN.

   The fundamental characteristic of the PSTN from the
standpoint of information vulnerability is that it is a highly
interconnected network of heterogeneously controlled and
operated computer-based switching stations. Network
connectivity implies that an attacker -- which might range
from a foreign government to a teen-aged hacker -- can in
principle connect to any network site (including sites of
critical importance for the entire network) from any other
network site (which may be geographically remote and even
outside the United States).(4) The sites of critical
importance for the PSTN are the switching nodes that channel
the vast majority of telecommunications traffic in the United
States. Access to these critical nodes, and to other switching
facilities, is supposed to be limited to authorized personnel,
but in practice these nodes are often vulnerable to
penetration. Once in place on a critical node, hostile and
unauthorized users are in a position to disrupt the entire
network.

   The systemic vulnerabilities of the PSTN are the result of
many factors. One is the increasing accessibility of network
software to third parties other than the common carriers,
resulting from the Federal Communications Commission
requirement that the PSTN support open, equal access for
third-party providers of enhanced services as well as for the
common carriers; such accessibility offers intruders many
opportunities to capture user information, monitor traffic,
and remotely manipulate the network. A second reason is that
service providers are allowing customers more direct access to
network elements, in order to offer customer-definable
services such as call forwarding. A third reason is that
advanced services made possible by Signaling System 7 are
dependent on a common, out-of-band signaling system for
control of calls through a separate packet-switched data
network that adds to network vulnerability.(5) Finally,
space-based PSTN components (i.e., satellites) have few
control centers, are susceptible to electronic attack, and
generally do not encrypt their command channels, making the
systems vulnerable to hackers copying their commands and
disrupting service.(6) These conditions imply that the PSTN is
a system that would benefit from better protection of system
integrity and availability.

   Threats to the PSTN affect all national institutions whose
ability to function fully and properly depends on being able
to communicate, be it through telephony, data transmission,
video, or all of these. Indeed, many data networks operated
"privately" by large national corporations or national
institutions such as those described above are private only in
the sense that access is supposed to be limited to corporate
purposes; in fact, national institutions or corporations
generally use all forms of communications, including those
physically carried by the PSTN.(7) However, the physical and
computational infrastructure of these networks is in general
owned by the telecommunications service provider, and this
infrastructure is part of the larger PSTN infrastructure.
Thus, like the Internet, the "private" data network of a
national corporation, is in general not physically independent
of the PSTN. Similarly, it is dependence on the PSTN that has
led to failures in the air traffic control system and
important financial markets:

   +    In January 1991, the accidental severing of an AT&T
fiber-optic cable in Newark, New Jersey, led to the disruption
of FAA air traffic control communications in the
Boston-Washington corridor and the shutdown of the New York
Mercantile Exchange and several commodities exchanges. In May
1991, the severing of a fiber-optic cable led to the shutdown
of four of the Federal Aviation Administration's 20 major air
traffic control centers with "massive operational impact."(8)

   +    The 1991 failure of a PSTN component in New York
caused the loss of connectivity between a major securities
house and the Securities Industry Automation Corporation,
resulting in an inability to settle the day's trades over the
network.(9)

   Examples of small-scale activities by the computer
"underground" against the PSTN demonstrate capabilities that,
if coupled to an intent to wage serious information warfare
against the United States, pose a serious threat to the U.S.
information infrastructure:

   +    In 1990, several members of the Legion of Doom's
   Atlanta branch were charged with penetrating and disrupting
   telecommunications network elements. They were accused of
   planting "time bomb" programs in network elements in
   Denver, Atlanta, and New Jersey; these were designed to
   shut down major switching hubs, but were defused by
   telephone carriers before causing damage.(10)

   +    Members of a group known as MOD (various spell-outs)
   were indicted July 8, 1992, on 11 accounts. It is
   significant that they appear to have worked in a team.
   Among their alleged activities were developing and
   unleashing "programmed attacks" (see below) on telephone
   company computers and accessing telephone company computers
   to create new circuits and add services with no billing
   records."(11)

   +    Reported (but not well documented) is a growing
   incidence of "programmed attacks."(12) These have been
   detected in several networks and rely on customized
   software targeting specific types of computers or network
   elements. They are rarely destructive, but rather seek to
   add or modify services. "The capability illustrated by this
   category of attacks has not fully matured. However, if a
   coordinated attack using these types of tools were directed
   at the PSTN with a goal of disrupting national
   security/emergency preparedness (NS/EP) telecommunications,
   the result could be significant."(13) (The same point
   probably applies to the goal of disrupting other kinds of
   telecommunications beyond those used for NS/EP.)

   A number of reports and studies (14) have called attention
to the vulnerability of components of the national
telecommunications infrastructure.

----------

   (1)  These private networks for banking include Fedwire
(operated by the Federal Reserve banks), the Clearinghouse for
Interbank Payment Systems (CHIPS; operated by New York
Clearinghouse, an association of money center banks), the
Society for Worldwide Interbank Financial Telecommunication
(SWIFT; an intemational messaging system that carries
instructions for wire transfers between pairs of correspondent
banks), and the Automated Clearing House (ACH) systems for
domestic transfers, typically used for routine smaller
purchases and payments. In the 1980s, several U.S. banks
aggressively developed global networks with packet switches,
routers, and so on, to interconnect their local and wide area
networks; or, they used third-party service providers to
interconnect. In the 1990s, there are signs that U.S.
international banks are moving to greater use of carrier-
provided or hybrid networks because of the availability of
virtual private networks from carriers. Carrier-provided
networks are more efficient than networks built on top of
dedicated leased lines, because they can allocate demand
dynamically among multiple customers.

   (2)  The air traffic control system uses leased lines to
connect regional air traffic control centers.

   (3)  Over 95 percent of U.S. military and intelligence
community voice and data communications are carried over
facilities owned by public carriers. (See Joint Security
Commission, *Redefining Security: A Report to the Secretary of
Defense and the Director of Central Intelligence*, February
28, 1994, Chapter 8.) Of course, the 95% figure includes some
non-critical military communications; however, only 30 percent
of the telecommunications networks that would be used during
wartime operate in the classified environment (and are
presumably more secure), while the other 70 percent are based
on the use of unclassified facilities of public carriers. See
Richard Powers, *Information Warfare: A CSI Special Report*,
Computer Security Institute, Washington, D.C., Fall 1995.

   (4)  Clifford Stoll, *The Cuckoo's Egg*, Pocket Books, New
York, 1989.

   (5)  National Research Council, *Growing Vulnerability of
the Public Switched Networks: Implications for National
Security and Emergency Preparedness*, National Academy Press,
Washington, D.C., 1989), page 36; Reliability and
Vulnerability Working Group, Telecommunications Policy
Committee, Information Infrastructure Task Force, *Reliability
and Vulnerability of the NII: Capability Assessments*, from
the National Communications Svstem home page on WWW,
http://64.117.147.223/nc-ia/html.

   (6)  Reliability and Vulnerability Working Group,
Telecommunications Policy Committee, Information
Infrastructure Task Force, *Reliability and Vulnerability of
the NII: Capability Assessments*, from the National
Communications System home paoe on WWW,
http://164.117.147.223/nc-ia/html.

   (7)  Both shared circuits and private networks are expected
to grow dramatically in the next several years. See for
example, Michael Csenger, "Private lines dead? Don't buy those
flowers just yet," *Network World*, May 1, 1995, p. 1.

   (8)  *Software Engineering Notes*, Volume 17, January 1992,
as cited in Peter J. Neumann, *Computer Related Risks*,
Addison-Wesley, New York, 1995, p. 17.

   (9)  See Office of Technology Assessment, U.S. Congress,
*U.S. Banks and International Telecommunications -- Background
Paper*, OTA-BP-TCT-100, U.S. Government Printing Office,
Washington, D.C., September 1992, pp. 32-,3.

   (10) National Communications System (NCS), *The Electronic
Intrusion Threat to National Security and Emergency
Preparedness Telecommunications: An Awareness Document*, 2nd
ed., NCS, Alexandria, Va., December 5, 1994, p. 2-5.

   (11) NCS, *The Electronic Intrusion Threat to National
Security and Emergency Preparedness Telecommunications*, 1994,
pp. 2-8 to 2-9.

   (12) NCS, *The Electronic Intrusion Threat to National
Security and Emergency Preparedness Telecommunications*, 1994,
p. 2-6.

   (13) NCS, *The Electronic Intrusion Threat to National
Security and Emergency Preparedness Telecommunications*, 1994,
p. 2-6.

   (14) Joint Security Commission, *Redefining Security: A
Report to the Secretary of Defense and the Director of Central
Intelligence*, Washington, D.C., February 28, 1994; National
Research Council, *Growing Vulnerability of the Public
Switched Networks: Implications for National Security and
Emergency Preparedness*, National Academy Press, Washington,
D.C., 1989; NCS, *The Electronic Intrusion Threat to National
Security and Emergency Preparedness Telecommunications*, 1994;
Reliability and Vulnerability Working Group,
Telecommunications Policy Committee, Information
Infrastructure Task Force, *Reliability and Vulnerability of
the NII: Capability Assessments*, from the National
Communications System home page on WWW,
http://164.117.147.223/nc-ia/html.

____________________________________________________________


                 BOX 1.9 Information Warfare

             "Information warfare" is a term used in many different
ways. Of most utility for this report is the definition of
information warfare (IW) as hostile action that targets the
information systems and information infrastructure of an
opponent (i.e., offensive actions that attack an opponent's
communications, weapon systems, command and control systems,
intelligence systems, information components of the civil and
societal infrastructure such as the power grid and banking
system) coupled with simultaneous actions seeking to protect
U.S. and allied systems and infrastructure from such attacks.
Other looser uses of the term information warfare" include the
following:

   +    The use of information and tactical intelligence to
apply weapon systems more effectively. IW may be used in
connection with information-based suppression of enemy air
defenses or "smart" weapons using sensor data to minimize the
volume of ordnance needed to destroy a target.

   +    The targeting of companies' information systems for IW
attacks. As industrial espionage spreads and/or international
competitiveness drives multinational corporations into
military-like escapades, the underlying notion of
information-based probing of and attack on a competitor's
information secrets could take on a flavor of intergovernment
military or intelligence activities.

   +    The fight against terrorism, organized crime, and even
street crime, which might be characterized as IW to the extent
that information about these subjects is used to prosecute the
battle. This usage is not widespread, although it may develop
in the future.

   Usage of the term has shifted somewhat as federal agencies,
notably the Department of Defense, struggle to fully
appreciate this new domain of warfare (or low-intensity
conflict) and to create relevant policy and doctrine for it.
Conversely, there is some discussion of the vulnerabilities of
the U.S. civil information infrastructure to such offense. The
ranoe of activities that can take place in information warfare
is broad:

   +    Physical destruction of information-handling
facilities to destroy or degrade functionality;

   +    Denial of use of an opponent's important information
systems;

   +    Degradation of effectiveness (e.g., accuracy, speed of
response) of an opponent's information systems;

   +    Insertion of spurious, incorrect, or otherwise
misleading data into an opponent's information systems (e.g.,
to destroy or modify data, or to subvert software processes
via improper data inputs);

   +    Withdrawal of significant tactical or strategic data
from an opponent's information systems;

   +    Insertion of malicious software into an opponent's
system to affect its intended behavior in various ways, and
perhaps, to do so at a time controlled by the aggressor; and

   +    Subversion of an opponent's software and/or hardware
installation to make it an in-place selfreporting mole for
intelligence purposes.

   As an operational activity, information warfare is clearly
related closely to, but yet distinct from, intelligence
functions that are largely analytical. IW is also related to
information security, since its techniques are pertinent both
to prosecutisn of offensive IW and to protection for defensive
IW.

____________________________________________________________

[End Chapter 1]
____________________________________________________________







