Information OperationsNewsletter

Compiled by: Mr. Jeff Harley

US Army Strategic CommandG3 Plans, Information Operations Branch

Table of Contents

The articles and information appearing herein are intended for educational and non-commercial purposes to promote discussion of research in the public interest. The views, opinions, and/or findings and recommendations contained in this summary are those of the original authors and should not be construed as an official position, policy, or decision of the United States Government, U.S. Department of the Army, or U.S. Army Strategic Command.

Table of ContentsVol. 7, no. 11 (29 January – 12 February 2007)

1. Confronting Enemies (editorial)

2. NATO, U.S. Neglect 'Psychological Warfare' - Report

3. N. Korea Steps Up Efforts to Prevent Spread of S. Korean Pop Culture

4. Pentagon Document Reveals U.S. "Internet War" Plan

5. Irhabi Murderdom

6. Network Integrator: Harnessing Information for Military Operations, Intelligence and Business

7. DOD Issues Electronic-Warfare Doctrine

8. Cartwright: Cyber Warfare Strategy ‘Dysfunctional’

9. Blue Force Tracker for Cyberspace?

10. 4 Ways Tech Changed The Fight

11. DISA to Pay $1.2B for Network Protection

12. Attack by Korean Hacker Prompts Defense Department Cyber Debate

13. Can Branding Define Public Diplomacy 2.0?

14. RSA - US Cyber Counterattack: Bomb One Way or the Other

15. China's Defence White Paper (opinion)

16. The Long War (complete essay) (blog)

17. International Exercise 'To Test Cyber Security'

18. Researchers Invent System to Control and Quarantine Worms Attacking Computer Networks

19. Secrets of the DoS Root Server Attack Revealed

20. New Generation Of Terrorists Cyber-Inspired, -Trained

21. PROTEUS “Futures” Academic Workshop, 14-16 August 2007, and “Call for Papers”

Page ii

Confronting Enemies (editorial)By Joshua Sinai, Washington Times, January 30, 2007In "Losing Hearts and Minds?: Public Diplomacy and Strategic Influence in the Age of Terror," Carnes Lord criticizes the U.S. government for failing "to craft an effective strategy for projecting global influence in the terror war, or to develop the mechanisms necessary for carrying one out." Mr. Lord, a professor at the Naval War College, had previously served as director of international information and communications policy on the National Security Council (1981-83) and assistant to the vice president for national security affairs (1989-91). Drawing on his high-level public policy experience, he outlines what he considers to be an appropriate strategy to develop the organizational mechanisms within the U.S. government needed to carry out an effective public-diplomacy campaign to defeat the "center of gravity" of Islamic terrorism, which "lies not in its organizational structure but in its ideological inspiration -- the real source of the fresh recruits who continue to flock to the terrorist banner." Effectively countering the type of warfare being conducted by our terrorist adversaries to win the "hearts and minds" of the larger publics that support such violence, Mr. Lord points out, requires an understanding of "public diplomacy," "psychological operations," "psychological warfare," "political warfare," "political action" and "strategic communications" -- some of which are political and others military and intelligence measures. To synthesize these discreet components into a unified response, Mr. Lord uses the more comprehensive umbrella terms of "public diplomacy and strategic influence." Such "soft power" measures are distinguished from a government's use of its military's "hard power." In order to deter terrorism he suggests that, first, the U.S. government has to "name the enemy": Islamic radicalism. Moreover, the United States must better articulate the true nature of radical Islamism in terms of its "dubious religious basis and authority," while being "careful not to give the impression of lecturing Muslims on how to practice their religion." Also, the government needs to explain to the radical Islamists that their cause is futile and that the longer they fight, the fewer gains they will achieve. Borrowing from Israel's approach, a potential terrorist needs to be told that his "family will suffer for [their] actions," and defectors from terrorist organizations need to be used to demoralize their former compatriots. Also, psychological warfare ought to be directed against a group to sow "confusion, suspicion, and enmity in its ranks, turning its leaders against one another." Finally, and most importantly, "the strategic environment that creates and nurtures terrorists" needs to be shaped away from terrorism and extremist ideologies. For the United States, to play a role in shaping the environments that spawn terrorism it is necessary to work with allies that are equally committed to achieving such ends. According to Mr. Lord, this requires that the United States organize "coalitions of the willing" in the Middle East to solve local problems, such as opening up autocratic political systems, providing for socio-economic opportunities, and other measures in order to prevent radical Islamists from exploiting these problems to justify the use of violence against those regimes. European governments are crucial allies in countering terrorism so their "views and concerns" about U.S. unilateralism have to be taken into account. Effective public diplomacy to counter terrorism also requires appropriate organizational institutions, particularly greater centralized coordination. A major part of the book is devoted to a critique of the current U.S. structures and, in what is bound to provoke much public debate, recommendations for new organizational entities. Mr. Lord believes that the former U.S. Information Agency (USIA), which was merged into the State Department in 1998, needs to be revived "in a way that suits contemporary requirements." Although a revised USIA should not have a "substantial role" in producing "policy information," it should form "the institutional base of public diplomacy in the U.S. government," such as in "managing public diplomacy operations in the field, including jurisdiction over the Public Affairs Officers in the embassies."

Page 1

For the Defense Department, Mr. Lord recommends establishing a new institutional infrastructure for strategic communications in the form of a new "Joint Strategic Communications Command." The new command would manage all the military's strategic communications elements deployed overseas. And in the White House, Mr. Lord recommends creating a "U.S. Trade Representative"-type office for public diplomacy, which would coordinate such programs and resources across agencies. Mr. Lord's discussion of the role of public diplomacy and strategic influence as vital instruments of American national power is especially pertinent today as the administration and Congress goes about the business of confronting religious extremism and terrorism.Table of Contents

NATO, U.S. Neglect 'Psychological Warfare' - ReportBy Mark Trevelyan, Reuters, 31 Jan 2007LONDON, Jan 31 (Reuters) - The United States and its allies must pay more attention to 'psychological warfare' as they battle insurgents in Iraq and Afghanistan, an influential think-tank said on Wednesday."Insurgents and jihadists have proved adept at conducting successful information campaigns that reach a global audience and foment violence elsewhere," the International Institute for Strategic Studies (IISS) said."But Western militaries have shown insufficient capability in their own attempts to carry out information and psychological operations, its annual report, "The Military Balance", said.The IISS said it was not enough for Western armies to distribute leaflets telling the local population "we are here to help" or to put out the message that "life is getting better"."In reality, life may not be getting better and in the eyes of the target audience the military presence could be contributing to the problem," it said.In Afghanistan, frequent announcements by NATO forces of how many local fighters they had killed could be counter-productive because, for the Taliban, "death is a form of victory"."Using 'body count' as a measure of effect has a very different impact within the area of operations than it does with a home audience," the report said."The psychological effect at home is one of military success and may generate political support. In the theatre of operations the opposite may be true, with every publicly announced kill delivering more willing recruits to the cause."LACK OF COHERENCEThe IISS said more attention needed to be paid to finding out what really mattered to the local population, and using cultural and psychological understanding to undermine support for insurgent movements."Units being deployed to Iraq and Afghanistan are not being provided with the training to enable them to have a real, positive psychological impact on the population in their area of operations," it said.The IISS particularly criticised a "lack of coherence" among the NATO countries operating in Afghanistan on how to wage information and psychological (PSYOPS) operations.It said NATO was facing its sternest challenge there, as the unexpected intensity of the Taliban insurgency exposed an overall shortage of troops and inadequacy of some countries' equipment."The success or failure of its operation in Afghanistan is likely to shape the future of NATO," the report said.The hope for the alliance was for a winter lull in insurgent activity that would bring some improved security and economic progress in the south, where British, Canadian, U.S. and Dutch troops are based.

Page 2

"However, it is likely that the Taliban, too, see this as a possible turning point and with the majority of NATO member states unwilling to provide more troops to reinforce those already deployed, this winter is a crucial period for the alliance," the IISS said.Table of Contents

N. Korea Steps Up Efforts to Prevent Spread of S. Korean Pop Culture

From Yonhap News, 1 February 2007SEOUL, Feb. 1 (Yonhap) -- North Korea has intensified efforts to stem the spread of South Korean pop culture in the communist state, even as South Korean movies and TV dramas gain popularity there, informed sources said Thursday."This year, North Korean authorities waged what they call 'psychological warfare' against 'exotic lifestyles' by cracking down on South Korean pop culture," a senior government official said, asking to remain anonymous because of the sensitive nature of the issue.According to a survey conducted on recent North Korean defectors to the South, South Korean video tapes and CDs enter North Korea via China. North Koreans having TVs, video players or personal computers at home watch them, and then swap the programs among peers or friends, another source said.The popularity of South Korean media has been so great that a lead actress's line in the hit South Korean movie "Sympathy for Lady Vengeance" became a household word in the North, while some North Korean youth are glued to such mega-hit TV dramas as "Fall Fairy Tale" and "Immortal Admiral Yi Sun-shin," the sources said.They further explained that the wave of South Korean pop culture does not stop at movies and videos. North Korean youth also enjoy sporting South Korean hairstyles and fashion, preferring tight pants and long front hair.Since the 1950-53 Korean War, about 9,300 North Koreans have defected to South Korea, including about 1,578 in 2006 alone. The sealed border between the two Koreas has nearly 2 million troops deployed on both sides.Table of Contents

Pentagon Document Reveals U.S. "Internet War" Plan From Xinhua via People’s Daily Online, China, 1 February 2007A newly declassified Pentagon document reveals the elements of U.S. "Internet war" plan, U.S. media reported on Wednesday. The document, written in 2003, is called "Information Operations Roadmap" and was obtained by the National Security Archive at George Washington University using the Freedom of Information Act, according to the report. The "roadmap" calls for a far-reaching overhaul of the military's ability to conduct information operations and electronic warfare. And, in some detail, it makes recommendations for how the U.S. armed forces should think about this new, virtual warfare. The document says that information is "critical to military success". Computer and telecommunications networks are of vital operational importance. The operations described in the document include a surprising range of military activities: public affairs officers who brief journalists, psychological operations troops who try to manipulate the thoughts and beliefs of an enemy, computer network attack specialists who seek to destroy enemy networks. Perhaps the most startling aspect of the "roadmap" is its acknowledgement that information put out as part of the military's psychological operations, or Psyops, is finding its way onto the computer and television screens of ordinary Americans.

Page 3

The document also recommends that the United States should seek the ability to "provide maximum control of the entire electromagnetic spectrum". Table of Contents

Irhabi MurderdomBy Jim Guirard, TrueSpeak Institute, 29 Jan 07Author's Note: This essay uses about a dozen of the Islamic religious words which should be learned and used proactively by all of us as semantic weapons against Saddam-style, al Qaeda-style and Hizballah-style Terrorism. The purpose of these terms is to classify all of these deviants as the deadly enemies of authentic Qur'anic Islam they really are, rather than as the so-called "Jihadists and mujahideen and martyrs destined for Paradise" they falsely claim to be -- all too often with our unintended help when we parrot their patently false words of self-sanctification. Of course, this is a tall order in a body politic which, after more than five years into a War on Terrorism, has not yet learned the five-letter Arabic word for terrorism -- Irhab. But, of course, we must start somewhere, n'est-ce pas? .... JIM GUIRARD*************************************************************************In certain absolutist schools of Islamic thought, many Muslims consider most "other" Muslims to be khawarij (outside the religion), kuffar (unbelievers), munafiquun (hypocrites) or murtadduun (apostates) – the latter transgression being subject to the death penalty in this life and to Jahannam (eternal Hellfire) in the next. Ironically, these are some of the same condemnatory Islamic religious words which should be applied to the accusatory radicals themselves, rather than to the "moderate" and the truly peaceful and pluralist Muslims at whom they are now so wrongly directed.Despite the fact that there is supposed to be no fitna – no internal discord and no familial strife – within Islam, both the false condemnations cited above and the ongoing epidemic of Muslims-killing-Muslims in Iraq seem to operate 'round the clock, 365 days a year. The genocidal competition between Sunni and Shi'a death squads is running neck-and-neck in their decapitation (and/or head drilling) of fellow Iraqi Muslims.Although occasional fatwas (religious edicts) correctly condemn such satanic activities, the hyena-like Sunni and Shi'a killers -- calling themselves "Lions of Islam" -- routinely ignore them. Ruthlessly, they continue to claim "martyrdom" as a glorious reward for slaughtering each other, destroying each others' mosques and condemning each other as "infidels" -- all in the name of Allah, to be sure. In similar fashion, the Salafi and Wahhabi cults in Saudi Arabia (and their Caliphate-hungry al Qaeda progeny worldwide) engage in the "takfiri" scam of excommunicating from Islam any Muslim brethren who disagree with their hard-line interpretations – on the warped belief that all such deviants and apostates should be expelled, or even be put to death.In such close-minded and hate-everyone-else frames of reference, it becomes extremely difficult to know who among the warring Muslim parties, if anyone at all, have legitimate claim to martyrdom -- and who, instead, are nothing but sinful pretenders to that holy and Paradise-bound status in what is supposed to be a religion of universal peace, justice, truth and compassion.Are the "real" martyrs the Shi'a-hating Sunnis? The Sunni-hating Shi'ites? The medieval Afghan Taliban? The Iranian Hizballah? The Egyptian Muslim Brotherhood? The so-called "Mahdi Army" of al-Sadr? The Fedayeen Saddam? The al Qaeda-style suicide mass murderers? All of the above? None of the above?Since correct answers to such questions might take an eternity to discover, let us focus instead on the particular case of the late Saddam Hussein – for whom "martyrdom" is now being claimed by some of the most murderous of Muslims and sharply denied by all too few of the so-called "moderate" ones."Martyrdom" for Whom?In either event, the basic question to be settled is "Martyrdom for the glory of WHOM? For the eternal glory of Allah Himself? Or, most perversely, for the sordid and deceitful sake of Satan, instead? Clearly, Saddam's case is one of "Shahid al-Shaitan" – a "Martyr for Satan," rather than for the "compassionate, merciful, beneficent, peaceful and just" Allah of the Qur'an. The same would be

Page 4

true for Osama bin Laden (a Sunni) and for Moqtada al-Sadr (a Shi'a) and for many other hyena-like deviants of their bloodthirsty kind.In this context, such "abd' al-Shaitan" (Servants or Slaves of Satan) should be seen as destined not for the virgin-filled Paradise of so-called "Jihadi Martyrdom" but for a demon-filled Hellfire of "Irhabi (terrorist) MURDERdom." This is the dark domain which is now populated by such other mufsiduun (evildoers, mortal sinners, corrupters) as Lenin, Stalin, Beria, Dzerghinski, Hitler, Himler, Mao, Pol Pot, Idi Amin, Mingistu, Yassir Arafat, "Che" Guevara, Abu Musab al-Zarqawi and thousands more like them. And in due course these genocidal fascists will be joined by such "dead men walking" as Fidel Castro, Osama bin Laden, Ayman al-Zawahiri, Mullah Omar, al-Sadr and others guilty of istihlal -- which in Islam is the enormously arrogant sin of "playing God" with the lives and the personal dignity of millions of their fellow human beings. (Has not Castro been "playing God" in Cuba for almost 50 horrendous years? And is not his egomaniacal acolyte, Hugo Chavez, headed down that same bloody "Socialism or Death" path in nearby Cubazuela? And is not Comrade Chavez now snugly in bed with every "Death to America'" evildoer in the Muslim World? )Copying Lenin's Pseudo-religious ScamIn an historic context, it seems that most of these messianic deceivers are following the pseudo-religious tactic revealed by Vladimir Lenin when he explained: "We will find our greatest success to the extent that we inculcate Marxism as a kind of religion. Religious men and women are easy to convert and win, and will easily accept our thinking if we wrap it up in a kind of religious terminology."Eventually, Comrade Lenin's scam came to be known as "Liberation Theology" -- which has no more to do with either liberation or theology than al Qaeda's so-called "Jihadi Martyrdom" has to do with either holiness or Paradise.In was in this cynical fashion that a previously irreligious Saddam Hussein operated during his last several years in power and that he brought to bear (by falsely claiming to have been a lifelong "Jihadist") even as he was about to be executed for crimes against humanity – Islam's ancient word for which is Hirabah, "unholy war" and forbidden "war against society." The tortured society in question was, of course, the Iraqi people -- against whose dignity he and his two depraved sons, Uday and Coussay, waged daily irhab or hirabah (choose your synonym) of the worst kind for almost thirty years.He was the hands-on mass murderer, the torturer, the executioner, the invader of neighbors, the WMD poisoner of the Kurds, the financier of suicide killers, the acolyte of Stalin and, finally, the Grand Pretender of an Islamic faith whose true believers should now condemn as inherently Satanic this evil man's lifetime of sins, cruelties and de facto desecrations of the peace, the compassion, the mercy and the justice of which the Qur'an speaks.And if the faithful followers of authentic Islam either cannot or will not draw such a sharp distinction between themselves and the sordid likes of Hussein, bin Laden, al-Sadr and al-Zarqawi, then this may be an awful indication that their religion has been subsumed by the Sunni-based al Qaeda Apostasy -- and by its Shi'a-sponsored Hizballah (Party of God) and so-called "Mahdi Army" counterparts, as well.Surely, this cannot be so. Surely, the God of Abraham would not allow it to be so. But to prove this for once and for all, it is high time for the Umma, the Muslim World (a) to rediscover and to reclaim its one and only "True Islam" of Peace and Justice, which is now being perverted and corrupted by a variety of satanic cults; (b) to re-educate itself about what these two names and the 97 other blessed "99 Names of Allah" define this religion to be; and (c) to remove from itself -- by means of a Truly Spiritual Jihad, a Jihad al-Khabir -- all those cancerous elements of hate, envy, violence and "Irhabi Murderdom" which are currently corrupting and desecrating the soul of Islam from within.

Page 5

Table of Contents

Network Integrator: Harnessing Information for Military Operations, Intelligence and Business

By Harrison Donnelly, Military Information Technology, 1 Feb 07John G. Grimes has served as assistant secretary of defense for networks and information integration (ASD NII) and chief information officer of the Department of Defense since 2005. Grimes has extensive technical and policy experience in telecommunications, information systems, and the command and control fields. His public service includes five years on the White House’s National Security Council staff as director for national security telecommunications policy, director of defense command, control and communications programs, and senior director White House situation support staff from 1984 to 1990. Grimes served as deputy assistant secretary of defense for defense wide command, control and communications and was the deputy assistant secretary of defense for counterintelligence and security countermeasures from 1990 to 1994. As a member of the DoD Senior Executive Service, he held senior technical and staff positions with the National Communications System, Defense Communications Agency and the Army Communications Command following his military service in the Air Force. Joining Raytheon in 1994, he served as vice president of intelligence and information systems, Washington operations, prior to retiring in November 2005. He has served on Defense Science Board task forces, and was a member of the Industry Executive Subcommittee of the President’s National Security Telecommunications Advisory Committee. Grimes is a graduate of the University of Arizona, holds a Master of Science degree from Shippensburg University, and is a graduate of the U.S. Army War College at Carlisle Barracks. Grimes was interviewed by MIT Editor Harrison Donnelly.

Q: What is your role as the Assistant Secretary of Defense for Networks and Information Integration and the DoD Chief Information Officer (ASD (NII)/DoD CIO)? A: I’m the principal staff assistant for advising the Secretary of Defense on command and control [C2] and communications matters to include network operations, positioning, navigation, and timing [PNT] policy, spectrum management, non-intelligence space systems, and a wide variety of special initiatives. In my CIO role I’m responsible for developing the enterprise-level defense strategy, policy and architecture, for information technology, information resources management [IRM] and information assurance, and the oversight of the IT investment portfolio for the department. It’s a unique dual-hatted position with a wide area of influence, touching virtually every mission area in the DoD.By having these two roles together in one organization, it allows for better planning, investing and utilization in information technology for net-centric operations for the warfighter mission, intelligence community and business systems. What I mean by net-centric is the ability to share information across the department and with our mission partners—both anticipated and unanticipated. One of the significant challenges we face is transforming the department into a global information enterprise. To do this we are building a knowledge-based workforce, institutionalizing a data strategy for communities of interest, and emphasizing the protection of information on our networks. Of course, building and strengthening partnerships with federal and state government agencies, as well as with coalition, non-government organizations, and international partners such as NATO is a top priority.Q: What are your most important goals for the future? A: The number one goal of the DoD National Defense Strategy as highlighted in the 2006 Quadrennial Defense Review is harnessing the power of information. Our ability to leverage information will shape how we execute military operations, do intelligence functions, and handle business processes. We are working to provide interoperability at the data level so we can transition away from platforms and systems that don’t or can’t share information—what we commonly call “stovepiped” solutions. We’re focusing on interoperability and information sharing with other federal and state agencies, and our coalition partners to include NATO, for access to timely, relevant and accurate information for better situational awareness and decision superiority.We must understand how information is used in everyday operations. Information is incredibly valuable, and we’ve spent a lot of time and money to protect it. The way we’ve approached securing valuable information has created a culture where access is based on a “need to know.” Moving the department from a culture based on a “need to know” and toward one based on a “need to share” or even a “right to know” is an enormous challenge.

Page 6

Successfully accomplishing that shift in culture hinges on trust. In fact, I’d say trust is the essential element in successful information sharing. Taking trust a step further, we also need to focus on building confidence in our data and our networks, and controlled access to our information and information systems to ensure that the integrity of the data is not compromised. In this regard, we have a close working relationship with Major General Dale Meyerrose [Ret.], the CIO of the Office of Director National Intelligence, to ensure we are putting in place the most efficient solutions for protecting and sharing of information to the warfighter and the intelligence community as well as with other government agencies.Q: You mentioned the 2006 Quadrennial Defense Review. What aspects of the QDR are most important in guiding the work of your office? A: Well, one major outcome of the 2006 QDR was the recognition of information as a key force multiplier. Accessing and sharing information is essential to gaining and holding an information advantage in the current and emerging threat environment. Our drive to achieve net-centricity will ensure timely and trusted information is available where it’s needed, when it’s needed, to those who need it most. In fact, the QDR evaluated “achieving net-centricity” as one of 10 key capability areas. It recognized that achieving the full potential of transformation depends on viewing our information as an enterprise asset to be shared, and to be protected.In response, as we move to service-oriented architecture, the DoD’s data strategy is essential to multiple domain data sharing, and we’re working to make data visible, accessible and understandable. The department is accelerating our information-sharing capabilities by emphasizing common approaches to data tagging, as well as improving the organization and categorization of data. The department has developed a broad information-sharing strategy to link with our federal, state, local and coalition partners. Information assurance [IA] capabilities were also given higher priority, and network capabilities received additional funding. The QDR also highlighted some challenges in information transport, specifically how we’re handling the space-based systems. We’ve adjusted the phasing and pacing for our satellites and ground stations, and we’re developing improved bandwidth capacity models to focus the investments to better support our operational forces.The QDR also recognized that transforming to a net-centric force requires more than IT implementation alone—it requires fundamental changes in processes, policy and culture. The department must shift from military service-focused efforts toward an enterprise approach, and the changes need to be institutionalized in our core processes, as well as during operational planning and execution. The ASD [NII]/DoD CIO office is promoting joint and interoperable solutions through institutional reform efforts like capability portfolio management and enterprisewide systems engineering. Q: How is the DoD delivering net-centric capabilities to the war fighters? A: Our ability to deliver net-centric capabilities has evolved. Before Web-based applications and services were possible, the DoD’s early emphasis was on transporting information. Our efforts to build out the GIG paralleled commercial efforts to improve capacity in the commercial Internet. A simple way of thinking about GIG implementation is to envision transport, services and applications as stacked layers, with data, IA and network operations [NetOps] spanning the layers.Our transport capabilities include the GIG-Bandwidth Expansion [GIG-BE], the Joint Tactical Radio System [JTRS], and the Transformational Satellite [TSAT] programs. The enterprise services layer is being addressed by the Defense Information Systems Agency [DISA], through the Net-Centric Enterprise Services [NCES] program. Recognizing the importance of IA to the GIG, the National Security Agency [NSA] is aggressively moving forward with solutions like the High-Assurance Internet Protocol Equipment [HAIPE], and the Key Management Infrastructure [KMI] programs.The 2006 Quadrennial Defense Review also established joint capability portfolios to manage selected warfighting capability areas. ASD [NII]/DoD CIO, the U.S. Strategic Command [USSTRATCOM], and the Joint Staff are providing transport and services capabilities through our Joint Net-Centric Operations [JNO] portfolio. JNO includes 326 programs with a focus on 23 critical efforts like TSAT, JTRS and NCES. The resources allocated across these programs are essential for delivering capabilities to the warfighter. Understanding how capability requirements map to each

Page 7

program and how they interact collectively is critical, and ASD [NII]/DoD CIO, USSTRATCOM and the J6 JNO team are continuously evaluating the needs and program solutions for the warfighter. As needs change, or program execution issues surface, resources can be rebalanced across the portfolio, ensuring the right capabilities are delivered.Q: What can DoD do to improve spectrum management? A: Well, as you know, many of our key sensors, shooters, command & control, and intelligence capabilities supporting the warfighter require Radio Frequency [RF] spectrum. Our Global Electromagnetic Spectrum Information System [GEMSIS] will make a tremendous difference in our ability to manage the spectrum in military operations. GEMSIS is the cornerstone of our spectrum management transformation, and represents the department’s long range vision for dynamic, real-time, networked RF management operations. GEMSIS will assist in validation the requirements for all DoD electromagnetic spectrum-dependent equipment and applications.The Defense Spectrum Management Architecture [DSMA] initiative will ensure requirements and spectrum management initiatives are addressed and integrated into a cohesive plan.The department is actively engaged in the President’s Spectrum Policy Initiative and the World Radio Communication Conference [WRC-07] which is coming up in October 2007. Our goal is continued military coexistence with promising commercial wireless technologies—such as WiMAX—to ensure mission-critical DoD systems are protected from unacceptable interference.The Defense Spectrum Office [DSO] has been established under the Defense Information Systems Agency to improve the department’s spectrum management. The DSO also gives the DoD customer a “one-stop shop” for spectrum support.Q: How is the DoD improving information sharing, and how are the changes increasing capabilities, particularly in the intelligence community? A: Access to and protection of intelligence information is essential for national security and the need to do this well can’t be understated. The DoD National Defense Strategy emphasizes the importance of sharing intelligence information, and the DoD—in close cooperation with the Director of National Intelligence [DNI]—is adjusting policies and practices to improve capabilities. Guided by lessons learned from September 11, 2001, the Intelligence Reform and Terrorism Prevention Act of 2004 established the role of the DNI, which was a major step in strengthening seamless cooperation and intelligence sharing across all federal departments and agencies. Within the department, we recognized the need for a strong data strategy that will improve information sharing across multiple domains.One key to a successful data sharing strategy is improving our understanding of data. Knowing what information is available, and how it can be used, will enable people to access and share data across system and organizational boundaries. Several goals, including making data visible, accessible, understandable, trusted and interoperable, have been highlighted in DoD directives, and our net-centric data strategy. Reaching these goals is a complex undertaking, and it takes effort across a broad collection of government and non-government agencies working together.Understanding the criticality of data is a big step forward in improving military, intelligence and business operations. As I mentioned before, one of the efforts underway to enable more effective decision-making is the establishment of communities of interest [COI]. The COI concept centers on coordinating data vocabularies to improve information sharing. Our COIs span mission areas and programs, and they’re charged with developing a common data model to exchange information among DoD, intelligence, government agencies, coalition partners and non-governmental organizations.Another key component of the Intelligence Reform and Terrorism Prevention Act was the establishment a cross-federal program, Information Sharing Environment [ISE], to focus specifically on sharing of terrorism, law enforcement and homeland security information. This legislation was followed up by two Presidential Executive Orders that provided further requirements in sharing of this information between and among federal entities, with state, local and tribal governments, coalition and other foreign partners, non-governmental organizations and private concerns. Working closely with the DNI CIO, we are developing compatible strategies for assured information sharing,

Page 8

such as enterprise directory services and cross domain access, as well as revitalizing and strengthening the certification and accreditation [C&A] process.Earlier this year, my office led an effort to develop a DoD Information Sharing Strategy in response to a Quadrennial Defense Review requirement. We worked closely with the Joint Staff, the undersecretary of defense for intelligence and the undersecretary of defense for policy in developing an approach highlighting the goals and objectives of an effective information sharing campaign. Our goals are promote an information sharing culture, creating a seamless enterprise with external partners, preparing for unanticipated partners, and building trust into the environment. We’re developing an implementation plan detailing the steps needed to fulfill these goals.Another great example of collaboration between the DoD and DNI CIOs is the establishment of a common IA approach. Ensuring mission success between the defense and intelligence communities demands the incorporation of IA initiatives into new mission capabilities from the very beginning. In September 2005, the NSA under Lieutenant General Keith Alexander developed an IA strategy called the Global Information Grid Information Assurance Portfolio, or the GIAP. NSA has delivered near-term IA plans and programs for enterprise security services. This effort will provide the DoD and intelligence agencies a common set of information assurance capabilities and a foundation for the federal sector at large.Q: What is being done across the DoD to protect networks and information? A: IA—protecting the data and defending the network—is critical to the department’s transformation. As we become more net-centric, our exposure to “shared risk” increases, where the actions of one DoD component can affect us all. As a result, securing the DoD information environment involves more than technology. It includes ensuring our business processes are bulletproof, and our people are adequately trained to operate networks and safeguard information in a “need to share” versus “need to know” environment.The importance of IA is paramount as our networks become central to how we do business. The critical nature of IA is underscored by its selection as one of four Critical Joint Enablers considered in the 2006 Quadrennial Defense Review. In order to depend on the Global Information Grid as the transformational weapon system it has become, we must be confident the network will be there and trust the integrity of the data. As the pace of technological change increases, the security challenge becomes more complex.Moving ahead with our Information Assurance Strategic Plan and the IA Component of the GIG Architecture as overarching mechanisms will establish the level of security needed to operate confidently. We’re also pursuing an Enterprise Architecture and prioritizing enterprise-level IA capabilities using the GIAP portfolio I talked about earlier. The department depends more and more on commercial software, so we have to ensure the software and hardware we use is trustworthy and free from vulnerabilities. We’re working with industry to put a software assurance approach in place that will deliver highly assured software and software-enabled technologies.Along that same line, we’re working with our partners in government and industry to deliver a robust set of network security capabilities across the department. Some of the IA solutions we’re rolling out include enterprise network defense tools that will automatically identify and detect anomalies, as well as tools to remediate software vulnerabilities, eliminate spy-ware and reduce insider threats. DoD’s networks are complex, growing and constantly under attack by potential enemies interested in accessing DoD systems to obtain sensitive information. I’m confident our approach to information assurance will secure a globally connected, trusted environment to facilitate information sharing.Q: How is the DoD handling increasing budgetary pressure on IT investments? A: Increasing budget pressures are affecting everything we do. For example, the department is currently preparing three budgets: the President’s annual budget submission for the coming fiscal year [FY 2008]; the budget to support current operations in Iraq, Afghanistan and the global war on terror; and finally, the additional funding needed since the FY 2007 defense budget was passed last fall. All of this is carefully scrutinized by the Pentagon, White House, Office of Management and Budget and ultimately Congress. It’s a complex process.

Page 9

As the DoD CIO, I set the IT investment strategy and submit the department’s information technology budget justifications to OMB and then to Congress. From an historic perspective, DoD IT funding has remained relatively stable at approximately $31 billion per year. I expect the trend to continue for FY 2008. For the CIO and IT community, we are under pressure to defend every dollar and ensure our investments support and improve our military, intelligence and/or business operations around the globe. Successfully defending our IT investments requires addressing a number of issues.First, we need to continue to raise awareness about the importance of IT in every aspect of our military, intelligence and support operations. The National Defense Strategy talks to the need to bring decisive capabilities to bear and to harness and protect advantages in the realm of information. People at every level need to understand that achieving net-centric operations is critical to establishing more efficient and effective military operations.We also need to deliver the IT capabilities needed by our warfighters and the rest of the department. Let me give you a few examples. The GIG-BE program has provided high-speed terrestrial bandwidth to DoD sites around the world, supporting logistics, intelligence and operational activities. Another success story for the department is the Business Transformation Agency [BTA], established in October 2005. BTA has made huge strides over the past year to transform DoD business operations. The key here is building on our successes and delivering for the warfighter. We need to continue proving the value of our IT investments to our supporters and to those who look at the dollars we’re spending as a target for cuts. I talked about the department’s transition to capability based portfolios, and our portfolio approach goes a long way in giving leadership at every level the information needed to make resource decisions. We are also implementing the DoD IT portfolio management policy, which was approved by the deputy secretary in 2005. Assessing IT investments against performance-based metrics and mission outcomes will continue to be a cornerstone for defending IT investments. That’s what will win the necessary support from OMB, Congress and the American public.As we look ahead, the pressure on IT investments is certainly not going away. The DoD will make decisions to move ahead with IT programs based on performance, mission area goals, risk tolerance levels, potential returns and compliance with interoperable architectures. Architectures will identify the required capabilities for our technical infrastructure, and capability delivery plans will highlight improvement opportunities, duplication, interoperability requirements, and standards, and help us target future investments.Q: Is there anything you’d like to add? A: Transformation, and in particular, net-centric transformation, is alive and well in the DoD. It’s not a fast process, it’s going to take time, but we’re making significant progress. The policies and procedures we’re putting in place—from our data strategy to improving our acquisition processes—have the department on a path to success, but there’s still more to do. One of the more important things we have to look at is the development and training of the IT workforce. What I see in the young men and women joining the military services today is that they are already computer literate—they have been playing video games since they were in K1. We have to evolve our culture to take advantage of their skills and abilities. As more men and women who grow up in the digital technology world, computers, cell phones, instant messaging, chat and video games are second nature, and they can operate major weapons systems with little effort. Improving our information sharing capabilities and leveraging standards based, commercial-off-the-shelf solutions to put new capabilities into their hands faster is critical to our continued success. I believe the department’s IT policies, plans and programs are on the right path for providing one of the world’s largest global enterprise the information services the warfighter customers need and deserve.Table of Contents

Page 10

DOD Issues Electronic-Warfare Doctrine By Patience Wait, Government Computer News, 1 Feb 07The Federation of American Scientists has posted a new publication issued by the Joint Chiefs of Staff covering joint-forces doctrine for electronic warfare. The report, “Joint Publication 3-13.1, Electronic Warfare,” released Jan. 25, establishes the rules for electronic-warfare planning, preparation, execution and assessment in support of joint operations across U.S. military services, and the basis for involvement in multinational operations. As the electromagnetic spectrum gets more crowded with broadcasts from devices of every kind, from sensors to video feeds on unmanned aerial vehicles, computers to radios to wireless devices, all in support of network-centric operations, the risks to military forces from EM disruption grow significantly. This publication lays out the scope of electronic warfare and addresses the organizational responsibilities for protecting spectrum use and disrupting enemy forces’ spectrum use. There are three main elements of electronic warfare: electronic attack, electronic protection and electronic-warfare support. Electronic attack “involves the use of electromagnetic energy, directed energy, or antiradiation weapons to attack personnel, facilities or equipment with the intent of degrading, neutralizing or destroying enemy combat capability and is considered a form of fires,” the document states. Electronic protection “involves actions taken to protect personnel, facilities and equipment from any effects of friendly or enemy use of the electromagnetic spectrum that degrade, neutralize or destroy friendly combat capability.” Electronic-warfare support involves “actions tasked by, or under direct control of, an operational commander to search for, intercept, identify and locate or localize sources of intentional and unintentional radiated [electromagnetic] energy for the purpose of immediate threat recognition, targeting, planning and conduct of future operations.” Because the Global Information Grid — the Pentagon’s primary electronic conduit for secure and unclassified network traffic — relies on the electromagnetic spectrum, “[o]ne primary consideration of [electronic warfare] activities should be their effect on the [GIG] … (including tactical communications systems) and the possibility of spectrum fratricide on friendly communications,” the publication warns. Coordination of any EW activities has to be carried out by several organizations, including the specific theater network operations control center, joint management office and the Joint Task Force-Global Network Operations, in order to “deconflict” effects of electronic warfare on the GIG. Electronic-warfare tactics also must be deconflicted with the specific spectrum requirements of systems used by network-enabled operations, the publication states.Table of Contents

Cartwright: Cyber Warfare Strategy ‘Dysfunctional’By Josh Rogin, Federal Computer Week, 9 February 2007The U.S. cyber warfare strategy is divided among three fiefdoms, resulting in a passive, disjointed approach that undermines the military's cyberspace operations, according to U.S. Strategic Commander General James Cartwright.Cartwright detailed his issues with DOD’s current cyberspace approach Feb. 8 at the Air Warfare Symposium in Orlando, Fla., hosted by the Air Force Association.Under this approach, Net Warfare is responsible for attack and reconnaissance, the Joint Task Force for Global Network Operations manages network defense and operations, and the Joint Information Operations Warfare Center oversees electronic warfare, Cartwright explained. These groups operate independently and don‘t effectively share information on their activities, he said.“It’s a complete secret to everybody in the loop, and it’s dysfunctional,” said Cartwright.The current DOD cyberspace approach was developed ad-hoc and is based on terminal defense, Cartwright said. Under that system, action is taken only after an attack, and then a response takes

Page 11

weeks, he said. “For a warfighter, two or three weeks is just unacceptable to defend a key node from an attack.”DOD must move away from a network defense-oriented cyber architecture; cyber reconnaissance, offensive, and defensive capabilities must be integrated and leveraged for maximum effect, he said.The current cyber threat is divided into three tiers: hackers, criminals, and nation-states, Cartwright said, with increasing levels of resources and investment in cyber capabilities. The U.S. isn’t developing the intellectual capital at the needed rate to keep pace, he added.Also, the military services must develop training to give a new generation of warfighters the right skills for the cyber fight, said Cartwright. Integrity of the cyber world is crucial for American business and commerce, he said. “We cannot let that space go uncontested.”Air Force leaders, speaking at the conference, underscored the need to fight effectively inside the networks.“There is no longer a sanctuary in cyberspace,” said Secretary of the Air Force Michael Wynne. The Air Force needs to develop strong fighting options for cyberspace, he said, “Cyberspace is a fighting domain where the principles of war do apply and we need true warfighters in this domain.”The Air Force is in the process of standing up a Cyber Command, based on the infrastructure of the 8th Air Force at Barksdale AFB, La. Lt. General Robert Elder, commander of the 8th Air Force, will head up the new command. Cyber Command will be evolved into a major 4-star command, Air Force officials have said.Table of Contents

Blue Force Tracker for Cyberspace?By Josh Rogin, Federal Computer Week, 25 January 2007The U.S. military increasingly relies on the network for fighting battles on the ground and in cyberspace. But cyber commanders in southwest Asia don’t yet have the tools they need to harness the power of the network to wage war.Air Force network operators need better situational awareness when doling out technology resources, according to a junior officer who recently returned from the Central Command area of operations. They must be able to determine which ground forces receive valuable bandwidth and network access as they perform real-world missions.The military will also need the ability to see and track allied forces in the network to fight future wars in cyberspace -- a virtual version of the blue force tracking capability commanders use in the physical world to mark and identify friendly forces on the battlefield and to transmit that picture over the network.“We need a Blue Force Tracker for cyberspace,” said Air Force Capt. Brian Hobbs, deputy chief of the Directors Action Group at Air Combat Command headquarters’ communications directorate at Langley Air Force Base, Va. Hobbs was speaking Jan. 25 at the Network Centric Warfare Conference hosted by the Network Centric Operations Industry Consortium in Washington, D.C.In 2006, Hobbs was chief watch officer at CENTCOM’s Theater Communications Control Center in Bahrain. In that role, he was tasked to authorize network disruptions caused by limited bandwidth or system maintenance.But Hobbs couldn’t perform the impact analysis to determine the consequences of his actions, he said. He feared warfighters engaged in battle operations might lose their communications through his actions.Impact analysis should be automated, with a focus on speed and ease of use, Hobbs said. “I need a matter-of-fact representation, which conveys the impact of something happening on the network,” he said. “I need to see, visually, my cyber assets.”Warfighters in Iraq and Afghanistan praise BFT for giving them enhanced awareness on the battlefield. The system increases decision-making power, reduces response times, helps coordinate air support, and prevents friendly fire accidents, many soldiers said.

Page 12

Perhaps most significantly, BFT drives decision making down the command chain, allowing junior officers to react to events without consulting senior officers who are removed from the action.In cyberspace, junior officers must often make network decisions that affect ongoing battles. But young cyber commanders don’t have the clear picture they need to juggle limited network resources.The net after next will require the true Blue Force Tracker capability to coordinate cyber forces fighting against a cyber enemy, Hobbs said. That is the longer-term challenge.Conference attendees were intrigued by Hobbs’ comments. Many corporations have already contacted him to pitch ideas. Non-corporate members of the community are searching for the solution.The commercial world has several network management software tools that could be adapted to address the cyber problem, said John Hudanich, an information systems engineer at MITRE Corp.But warfighters who are fighting on the front lines are moving to Wi-Fi and mesh networking, which might make it hard to identify them, according to a professor at the Army War College.Current network management tools can show which parts of the network are down, but they can’t do analysis, Hobbs said. “I need a lot more tools than just the plain-Jane network management tools that are available currently,” he said.Lt. Gen. Robert Elder, commander of the 8th Air Force, explained to the conference attendees the ever-expanding role of cyberspace in warfighting.“Cyberspace superiority is the foundation for network-centric warfare,” Elder said, “We’re not just treating cyberspace as an enabler as we did in the past. It is [now] a warfighting domain.”The Air Force’s current cyberspace strategy centers around freedom of action, network system security and survivability of the network.Elder said decision-making power should go to those closest to the fight. Theatre commanders should have the ability to control global effects, he said. This challenge is technical, philosophical, and cultural, he added.The Air Force will establish a Cyber Command based on the infrastructure of the 8th Air Force to consolidate its cyber resources, the service announced in October. Cyber Command will open its doors sometime this year. It will grow into a major command, led by a four-star general, by 2009, officials have said.Table of Contents

4 Ways Tech Changed The FightBy Josh Rogin, Federal Computer Week, Feb. 12, 2007Information is no longer a commodity. It is now a force multiplier and, increasingly, it’s a warfighting domain, said David Ozolek, executive director of the Joint Futures Laboratory at the Joint Forces Command.Ozolek and other military information technology experts have identified four technologies and techniques that have changed how U.S. military forces wage war today compared with 20 years ago. 1. Networking and collaborationThe Defense Department’s ability to harness Internet technology has fundamentally changed the way the military forces operate. In network-centric warfare, every piece of the armed forces is becoming interconnected, said Lt. Gen. Steven Boutelle, the Army’s chief information officer. The Army’s networking strategy is simple, Boutelle said. “The more things you connect together, the more value you get.” People, platforms, gizmos and gadgets all converge on the network, creating exponential growth in military capabilities, he added. In addition, networks have changed the way the Army fights by flattening the traditional hierarchy of command and control. Orders now flow from a variety of sources and are multicast to many people. “It’s accelerating the decision-making process,” Boutelle said.

Page 13

The Internet allows the military services to collaborate worldwide. Operations no longer are linear in any traditional sense, Ozolek said. “Through networking, we’re able to distribute operations through time, space and function,” he said. Meanwhile, another effect of networking and collaboration is a shift from owning information resources to accessing information. “You don’t have to own an asset to be able to employ it,” Ozolek said. 2. Global Positioning System By using smart weaponry to launch precision strikes, the military can achieve greater effect with fewer or smaller strikes. That development, and the addition of precision maneuvering to the military’s arsenal, has profoundly altered warfighting operations. The Global Positioning System, along with Blue Force Tracker, the Joint Surveillance and Target Attack Radar System, and other advanced communications systems enable the military to conduct operations that Ozolek described as noncontiguous maneuvers. That means allied forces don’t have to see one another to coordinate their operations. Controlling white space, a military term for areas that warfighters don’t physically occupy, is another revolutionizing trend, Ozolek said. For example, GPS-directed unmanned vehicles patrol where soldiers cannot. Some experts say GPS has inverted the way officials think about military forces. In the past, air power cleared the way for ground forces, said Philip Coyle, senior fellow at the Center for Defense Information. GPS now empowers ground troops to select targets and call in air attacks from miles away. Troops used that capability in early battles in Iraq.GPS supports other advanced military capabilities. For example, precision- and laser-guided weapons, integrated with GPS, enable forces to attack behind the lines, before the enemy knows the fight has begun, and limit collateral damage in civilian areas, Coyle said.3. Embedded computers At the same time, the use of embedded computers has transformed U.S. military equipment. For example, in the new F-22 fighter aircraft, computers blend data from the fighter’s sensors and radars. In another example, computer technology embedded in small artillery rounds reports on the shells’ success at hitting their targets. The technology transmits data until impact.Technology “is literally in everything, just as it is in our everyday lives,” Coyle said.Miniaturization and solid-state devices are specialized and powerful enough for large-scale military use, said Ted Postal, professor of science, technology and national security policy at the Massachusetts Institute of Technology. The trend in weaponry is toward embedded computers that enable weapons to coordinate their actions autonomously, Postal said.Another benefit of the military’s use of computers is more realistic testing and training. Supercomputers, for example, provide the muscle to model and simulate the diplomatic, social and economic factors of combat. “It’s enabling us to really understand complex situations,” Ozolek said.4. Information operationsFinally, the ability to instantly distribute global information is changing warfare because everyone with access to the Internet or TV can be a party to the battle, military experts say. In Iraq and Afghanistan, insurgents’ sniper attacks, abductions and improvised explosive devices rarely hurt the operational ability of the U.S. military, but they affect people’s will and perceptions, Ozolek said. The aim of military tactics in the information domain is to control people’s perceptions. “This is where the decisive battle is taking place,” Ozolek said. To gain greater influence over Iraqi and Afghan hearts and minds, the military has begun testing concepts such as the Communications Strategy Board, which merges information operations, intelligence and public affairs into one integrated function.The importance of information operations “is the fundamental change in the conduct of warfare and the direct impact of the IT revolution,” Ozolek said. U.S. enemies are more comfortable and more

Page 14

effective at influencing perceptions than the United States is, he said, adding that “we’re in the process of adapting right now.”Table of Contents

DISA to Pay $1.2B for Network ProtectionDefending against insider threats puts squeeze on budgetBy Bob Brewin, Federal Computer Week, 12 February 2007The Defense Information Systems Agency plans to spend $1.2 billion in the next three years to protect Defense Department networks from attacks. That spending is necessary to thwart insider threats and defend classified networks, according to DISA’s fiscal 2008 budget documents.Such spending for network defense might sound staggering. However, Bernie Skoch, a consultant at Suss Consulting, said a billion-dollar network security budget could be a bargain if it protects networks essential to DOD’s global operations. Skoch, a retired Air Force brigadier general, was formerly principal director of customer advocacy at DISA.The bulk of that proposed spending would be for DISA’s Information Systems Security Program. It would receive $959 million for fiscal 2007 through fiscal 2009, an amount that includes $819 million from operations and maintenance accounts and $140 million from procurement accounts. DISA’s three-year network operations and defense budget also includes $147.5 million in operations and maintenance funding for network security in the Pacific and European commands and DISA field offices that support nine combatant commands. Another $41.3 million in three years would go to the Strategic Command to operate and defend the Global Information Grid. And DISA would spend $54 million on operating a Joint Staff Support Center.It is well-known that DOD’s Non-classified IP Router Network (NIPRNET) is under increasing attacks from the outside. But DISA’s budget documents indicate that the agency has additional concerns about insider threats. DISA plans to deploy tools to 1,500 locations worldwide to analyze, detect and respond to insider threats against information and information systems.DISA’s three-year budget would pay for increased security on the Secret IP Router Network, which is less susceptible to outside attacks than the NIPRNET because it does not connect to the Internet. DISA intends to deploy automated network access controls on the SIPRNET to prevent inadvertent or malicious connections of unknown or improperly configured devices, the budget documents state.DISA also plans to deploy a departmentwide risk-management system to verify that connections to the SIPRNET come from valid DOD users. The agency will expand its use of subnets called demilitarized zones (DMZs) to isolate the NIPRNET and SIPRNET from unverified external networks. DISA said the DMZs will improve security and make it easier for authorized users to access DOD information. Skoch said DMZs will help DOD maintain public Web sites that support activities such as e-commerce without compromising internal DOD networks and information. Budget documents show that DISA has already deployed tools from Secure Computing and Blue Coat Systems for DMZ security. Steve Schick, a Blue Coat spokesman, said the company’s tools provide protection from malware, spyware and viruses. A reporting tool analyzes incoming traffic. Because the use of such tools on the edge of a network often slows traffic, the Blue Coat tools include an acceleration engine that helps speed traffic, Schick said.Secure Computing’s Cyberguard Web Washer scans incoming DMZ traffic. Phyllis Schneck, vice president of research integration at Secure Computing, said the company’s tools detect and block malware. They also detect global trends in malicious traffic and automatically forward that information to customers, such as DISA.“Providing safety and security is priceless,” Schneck said.Table of Contents

Page 15

Attack by Korean Hacker Prompts Defense Department Cyber Debate

By Josh Rogin, Federal Computer Week, 9 February 2007Defense Department computer networks are probed and attacked hundreds of time each day. But a recent attack on the civilian Internet is causing DOD officials to re-examine whether the policies under which they fight cyber battles are tying their hands.“This is an area where technology has outstripped our ability to make policy,” said Air Force Gen. Ronald Keys, Commander of Air Combat Command. “We need to have a debate and figure out how to defend ourselves.”Unlike in the war on terror, DOD can’t go after cyber attackers who plan or discuss crimes until they act, Keys said. Web sites in other countries are beyond DOD‘s reach, he added. “If they’re not in the United States, you can’t touch 'em.”Keys said it would probably take a cyber version of the 9/11 attacks to make the U.S. realize that barriers to action in cyberspace should be re-evaluated.The danger is real, officials say. On Feb 5, an organized group of hackers perpetrated the most powerful set of attacks since 2002. The attacks targeted UltraDNS, the company that runs several servers that manage traffic for domains that end with .org and other extensions, according to several reports.Although the hackers made efforts to conceal their identity, large amounts of rogue data was traced back to servers in South Korea, the reports stated. The Associated Press wrote that a traffic server operated by the Defense Department was affected.Affected or not, senior DOD cyber officials have taken notice. They spoke about its defense implications at the Air Warfare Symposium in Orlando, Fla., hosted by the Air Force Association today.The recent UltraDNS attacks raised several questions for DOD policy makers, Keys said. “How do you react to that attack? How do you trace it back? What are the legalities included? What do you do when you do find them? It’s a huge challenge,” he said.DOD must consider more aggressive measures, including penetrating enemy networks, infiltrating wi-fi, phishing for passwords, and e-mail deception, Keys said. Cyber attack forces could replace traditional forces in future attack missions, he said.The current cyber threat is divided into three tiers: hackers, criminals, and nation-states, with increasing levels of resources and investment in cyber capabilities, said U.S. Strategic Commander General James Cartwright, speaking at the conference.The U.S. cyber warfare strategy is divided among three fiefdoms, reconnaissance, offense, and defense, Cartwright said. This results in a passive, disjointed approach that undermines the military's cyberspace operations, he added.“We’re already at war in Cyberspace, have been for many years,” said Keys Terrorists use the Internet extensively, through remotely detonated bombs, GPS, Internet financial transactions, navigation jamming, bogs, bulletin boards, and chat rooms.Hacker tools are readily available on the Internet, and several sites promote products that give people the ability to circumvent DOD’s security measures, Keys said. But policy and law prevent the department from shutting down these sites.Cyberspace is the only warfighting domain in which the U.S. has peer competitors, Keys said. The Chinese Communist government said in a recent military white paper that its goal is to be “capable of winning informationized war” by the middle of the 21st century, he noted.DOD is also vulnerable because it procures technology components, such as computer chips, from China. The companies there could embed threatening technologies in the chips and then use them for malicious purposes, Keys said. “If they’re good enough [at hiding the technology], then how would you know?” he asked.

Page 16

Several attacks have disabled government computer systems over the last few months. In November, the Naval War College took its computers offline for weeks after a foreign network attack disabled the system. In July, the Commerce Department’s Bureau of Industry and Security had to replace hundreds of computers following an intrusion that was admitted to have originated from Chinese servers.Keys’ ACC, headquartered at Langley AFB, Va., provides command, control, communications and intelligence systems to the Air Force and conducts global information operations. The command is also oversees the 8th Air Force at Barksdale AFB, La., which will soon become the Air Force’s Cyber Command, it was announced in October.Cyber Command will focus on integrating reconnaissance, offensive, and defense operations in cyberspace, Keys said. DOD is dependent on its networks for almost all its missions, he added. “It’s entwined into everything we do.”Table of Contents

Can Branding Define Public Diplomacy 2.0?By Craig Hayden, USC Center for Public Diplomacy, 9 February 2007The next round of the seemingly endless frustration over U.S. public diplomacy is underway. Rod Dreher's recent rebuke of contemporary public diplomacy programs succinctly recapitulates the "problem" with U.S. public diplomacy -- at least according to how he frames the subject. For Dreher, the U.S. public diplomacy is losing the "information war," because it is being outflanked by jihadist media campaigns. For Dreher, U.S. efforts look absurdly anachronistic. The U.S. relies on message strategies rooted in Cold War models and appears increasingly unresponsive to audiences in the Middle East and Islamic world.Dreher's arguments come as Undersecretary of State Karen Hughes attempts to re-envision the agents and activities of an ideal public diplomacy campaign. Dreher's criticism and the State Department's renewed efforts to revamp public diplomacy signal that there may be a growing battle for framing public diplomacy itself.But what would a "Public Diplomacy 2.0" look like? Given the spate of criticism and policy recommendations since 2001, it is fair to conclude U.S. public diplomacy has struggled to find an orienting metaphor that links effective policy with realistic strategic objectives. During the past five years, we have seen the rise, fall, and then rebirth of the "marketing" policy language. This language has shared the stage with descriptions of "media war," "information battle," and other militaristic frames to conceptualize public diplomacy. These two ways of talking about public diplomacy push policy in different directions and anticipate different objectives.These two discursive frameworks for public diplomacy are set against a larger U.S. strategic discourse. Public diplomacy's supposed dialogue-oriented mission must be carried out amidst a strategic imperative that distills international relations into an epic struggle of good versus evil; where regional and ethnic context is collapsed into a monolithic "war on terror." U.S. public diplomacy is situated within a complex of policy rhetoric that overshadows its persuasive mission. How does a nation communicate when its other actions preclude a receptive audience and drown out overtures towards dialogue? The broad strokes of U.S. foreign policy leave ample room for other media framers to respond in kind, with conspiratorial narratives that reinterpret the sweep of U.S. "value"-promotion rhetoric in a visceral, immediate way. This framing has "connected the dots" far better than the bland appeals to shared universal morals implicit in U.S. public diplomacy.Yet to say that U.S. policies "speak" louder rhetorically than any information campaign obscures public diplomacy's conceptual problem. To disentangle the difficulties facing U.S public diplomacy, let us start with the language we use to describe it. In my previous post, I discussed the recent State Department conference that brought together experts from the public relations industry to strategize new directions for U.S. public diplomacy. The conference envisioned a role for the private sector to represent and communicate U.S. values abroad. The role of the "outsourced" public diplomacy program taps into the well-worn themes of U.S. marketing competence, and repositions public diplomacy as a branding campaign.

Page 17

So is there a problem with this? The idea of politics-as-branding has been popularized in the works of Peter van Ham and Simon Anholt (to name a few). What if Public Diplomacy 2.0 became defined by this policy discourse, and what sorts of polices could be derived from this defining language?Students of rhetoric often refer to Kenneth Burke's notion of "terministic screens" to illustrate how language can selectively narrow interpretations of reality within rhetorical discourse. Burke also observes that, "there is kind of a terministic compulsion to carry out the implication's of one’s terminology." Following this logic, if the U.S. describes the terrain of public diplomacy policy as a kind of branding milieu, then its policies will reflect this -- including all the advantages and disadvantages that such a communication policy would entail.It is obvious that the flexibility of corporate marketing and public relations is desirable in the fast-paced, global communications environment. But this also frames the practice of nation-based communication in a profoundly different way. The problem with branding in the conventional marketing sense is that it hails its audience in a way that does not invite participation in the politics of foreign policy. Public diplomacy is traditionally justified by how foreign publics can shape the foreign policy attitudes of their leadership. Yet if messages are targeted to cultivate brand-loyalty -- does that constitute the kind of dialogue implicit in previous conceptions of public diplomacy?Put another way, is it possible to cultivate the kind of identification implicit in domestic branding campaigns in a way that is so essential to Nye's notion of soft power? If we appeal to audiences as consumers in what Monroe Price called the "markets for loyalty," does this enable our audience to "see the world" in a way that is sympathetic to a our perspective? Or, does branding in fact cheapen the brand itself? Previous criticism of the branding idea argued that it ran against the norms international dialogue, while failing to do justice to the values implicit in the national "brand." I would add a more immediate concern. Branding strategies that rely on proxies begin to conflate the cultural "message" of the Untied States with the contrived brand-image of the corporate proxy. If we invite audiences to view us as brand, we can be just as easily discarded as a consumer product. Of course, embracing a "branding" paradigm doesn't necessarily mean letting corporations do the talking -- but that's the direction implied by the recent State Department conference.The idea is not without merit. John Q. Tourist of the Public Diplomacy Watch blog stated that:

Let the private sector help underwrite the broadcasts, in exchange for commercial mentions the way that public broadcasting in America often mentions the names of sponsoring corporations and foundations.Think about it: America is home to many corporations with global reach, global brands and global ambitions. Would Coca Cola or Pepsi or Google or eBay or Disney or American Airlines or McDonald's or Microsoft or Motorola or Starbucks perhaps want to underwrite increased American public-diplomacy broadcasts into various parts of the world? I'd bet so.

This suggestion solves the perpetual problem of minimal resources for U.S. international broadcasting, but also incurs the symbolic baggage of the corporations. These corporations thus "speak" for America; it leaves the brand of America open to symbolic marriage with its corporate brands. Not only that, such a proposal reveals that the U.S. must rely on corporate sponsors to communicate, and re-affirms a reluctance to aggressively fund public diplomacy. More generally, what is conveyed when a nation out-sources its public diplomacy?Of course, this wouldn’t be an issue if Brand America wasn't so already tarnished. I merely point out that merging the ideographs of "America" with the motives embedded in corporate brands poses some risks to U.S. "impression management." More broadly, an attempt to corporatize the practice of public diplomacy -- while possibly more "effective" as a campaign of persuasion -- signals a more cynical stance towards message promotion and the perceived motives of U.S. public diplomacy. This may heighten existing skepticism of U.S. public diplomacy and reinforce perception that it is simply propaganda.To embrace the discourse of branding is thus a conflicted strategy. The benefits of corporate competencies are a positive corrective to the current array of U.S. public diplomacy. Yet such acumen should not define the ethics of U.S. international communication. This concern surfaced in the wake of the Cold War when public diplomacy, lacking an antagonist, was justified as a tool for

Page 18

free market-promotion. We need branding practices. I am not entirely sold on the retooling of politics as branding.Yet real security concerns develop apace with the debate over branding-inspired "best practices" for public diplomacy. Can a redefined public diplomacy address these threats?I guess the real issue here is how our policy language draws boundaries around what U.S. public diplomacy should attempt to accomplish. Dreher's lucid criticism depicts the "battlefield" of U.S. public diplomacy to be opinions of populations sensitive to jihadist messages. His words clearly orient the reader to public diplomacy as a kind of warfare over the rhetorical framing of reality itself in these populations. While I do not object to the need for action that counters the efforts of jihadist propaganda, I wonder if his criticism is off the mark. Is public diplomacy the policy instrument that cuts across the information vulnerabilities of the United States? Or should there be clearer distinctions between strategic communication and public diplomacy? In my next post, I explore how public diplomacy figures in arguments over international security, and how information warfare has come to dominate debates over public diplomacy.Table of Contents

RSA - US Cyber Counterattack: Bomb One Way or the OtherBy Ellen Messmer, Techworld (Netherlands), 9 February 2007 If the United States found itself under a major cyberattack aimed at undermining the nation’s critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source.The primary group responsible for analyzing the need for any cyber counterstrike is the National Cyber Response Coordination Group (NCRCG). The three key members of the NCRCG, who hail from the US-CERT computer-readiness team, the Department of Justice and the Defense Department, this week described how they would seek to coordinate a national response in the event of a major cyber-event from a known attacker.This week’s massive but unsuccessful denial-of-service (DoS) attack on the Internet’s root DNS, which targeted military and other networks, did not rise to the level of requiring response, but made the possibility of a massive Internet collapse more real than theoretical. Had the attack been successful there may have been a cyber counterstrike from the United States, said Mark Hall, director of the international information assurance program for the Defense Department and the Defense Department co-chair to the NCRCG, who spoke on the topic of cyber-response during the RSA Conference in San Francisco.“We have to be able to respond,” Hall said. “We need to be in a coordinated response.”He noted that the Defense Department networks, subject to millions of probes each day, has “the biggest target on its back.”But a smooth cyber-response remains a work in progress. The NCRCG’s three co-chairs acknowledge it’s not simple coordinating communications and information-gathering across government and industry even in the best of circumstances, much less if a significant portion of the Internet or traditional voice communications were suddenly struck down. But they asserted the NCRCG is “ready to stand up” to confront a catastrophic cyber-event to defend the country.“We’re working with key vendors to bring the right talent together for a mitigation strategy,” said Jerry Dixon, deputy director for operations for the National Cyber Security Division at US-CERT. “We recognize much infrastructure is operated by the private sector.” The U.S. government has conducted cyber war games in its CyberStorm exercise last year and is planning a second one.The third NCRCG co-chair, Christopher Painter, principal deputy chief at the Justice Department, said the cyber-response group also seeks to communicate with 50 countries around the world where monitoring for massive cybersecurity events go on as well. “Some of them have some of the same communications issues we have here,” he noted.The Department of Homeland Security’s National Response Plan calls for coordination with a number of agencies, including the Department of Treasury, when the decision for a national

Page 19

response is made. So far, there has been no major cybersecurity event against the United States that has prompted the need for a national response.The massive DoS attack attempt against the Internet’s root-servers this week, which specifically targeted military networks, raises the question whether the United States would ever respond with a counterattack.“It’s the President’s call,” said Hall said, pointing out the recommendation for a counterattack would be passed to the chief executive via the U.S. Strategic Command in Omaha.In the event of a massive cyberattack against the country that was perceived as originating from a foreign source, the United States would consider launching a counterattack or bombing the source of the cyberattack, Hall said. But he noted the preferred route would be warning the source to shut down the attack before a military response.All the military services are preparing for military cyber-response, Hall pointed out.Jim Collins, R&D engineer at the Air Force Information Operations Center, who also spoke on the need for network defense at a session at the RSA Conference, said the Air Force is also gearing up for an offensive cyber capability.“The Air Force hasn’t just been standing by,” he said, noting that in November, the Air Force added the mission to fight in cyberspace by creating a new Cyber Command.“We’re standing up cyber-fighters to do network warfare,” Collins said. “Where we had pilots before, we’ll have fighters in cyberspace.”Table of Contents

China's Defence White Paper (opinion)By Rahul K Bhonsle, News Blaze, 5 February 2007White papers are major instruments of transparency which comprehensively lay down the policies of governments on various issues. When published on defence these become foremost confidence building documents. However in the case of China such reports are always viewed with suspicion. Thus when China produced a White Paper at the end of 2006 a number of caustic comments were heard from analysts across the board and particularly in the United States which increasingly views China as a future antagonist power. The fifth in the series since 1998, this is a biennial review which covers amongst other issues the state of the People's Liberation Army which at 2.3 million troops continues to be numerically potent. A holistic review of China's Defence White Paper is essential. A snippet analysis of select issues covered in the White Paper is as per succeeding paragraphs. Snippet analysis format is used to focus on the key determining facets of the White Paper as they affect the projected Chinese security inclinations and force development paradigm. (Based on White Paper downloaded from Downloaded from People Daily on 29 January 2007).The White paper reiterates China's commitment to, "peace, development and cooperation, China pursues a road of peaceful development, and endeavors to build, together with other countries, a harmonious world of enduring peace and common prosperity". "The world is at a critical stage, moving toward multi-polarity. But, they also maintain coordination and practical cooperation in their mutual relationships, and draw on each other's strengths. Some major developing countries and regional groupings have grown in power, and the developing world as a whole is becoming stronger". This explains China's current over drive of engagement of a wide range of countries including past and potential rivals India and Japan, ASEAN, nations beyond the immediate geographical periphery in Africa and traditional friends Pakistan and Russia.The trend is further amplified by an increased focus in China on creating and preferably heading regional alliances thus, "The international community is increasingly facing comprehensive, diverse and complex security threats. The world is not yet peaceful. Political, economic and security problems and geographical, ethnic and religious contradictions are interconnected and complex. - The Shanghai Cooperation Organization (SCO) has entered a new stage of substantive growth, contributing to the establishment of a new mode of state-to-state relations. ASEAN has made steady progress in community-building and in talks on establishing free trade areas with other countries. East Asian cooperation, which is conducted mainly through the ASEAN plus China, Japan

Page 20

and the ROK (10+3) channel, has expanded in scope and its institutional building is improving constantly, continuing to play a major role in promoting peace, stability and prosperity in the Asia-Pacific region. The East Asia Summit has provided a new platform for East Asian cooperation. Moreover, significant progress has been made in South Asian regional cooperation. There is improvement in the relations between India and Pakistan." This also possibly denotes China's area of influence and interest to include the SCO, ASEAN, East Asia and SAARC regions.The emphasis on technology as the keystone for modernization of the armed forces is indicated by the statement, "At the new stage in the new century, we will take the scientific development outlook as an important guiding principle for the building of national defense and military affairs, vigorously advance the revolution in military affairs with Chinese features, and strive to realize an all-round, coordinated and sustainable development".Chinese Armed Forces are likely to modernize rapidly and by 2020 will pose a credible advanced information rich force. This is evident from the plan indicated in the White Paper thus, "China pursues a three-step development strategy in modernizing its national defense and armed forces, in accordance with the state's overall plan to realize modernization. The first step is to lay a solid foundation by 2010, the second is to make major progress around 2020, and the third is to basically reach the strategic goal of building informationized armed forces and being capable of winning informationized wars by the mid-21st century." There is no change to China's nuclear policy as indicated thus, "China remains firmly committed to the policy of no first use of nuclear weapons at any time and under any circumstances. It unconditionally undertakes not to use or threaten to use nuclear weapons against non-nuclear-weapon states or nuclear-weapon-free zones, and stands for the comprehensive prohibition and complete elimination of nuclear weapons."The hold of the Communist Party on the PLA was reiterated thus, "China's armed forces are under the leadership of the Communist Party of China (CPC)."The trend in modernization is denoted by the statement, "The Army is speeding up the upgrading and informationization of its active main battle equipment to build a new type of ground combat force which is lean, combined, agile and multi-functional. Priority is given to building Army aviation, light mechanized and information countermeasures units." China is already known to have information warfare units. The belief is to develop asymmetrical capabilities. This would provide the PLA the ability to defeat technologically superior forces. 2010 and 2020 are years to benchmark PLA's progress.China is extremely sensitive to an intrusive survey of the defence budget. Thus elaborate details have been pictorially portrayed in the White Paper. The sum of it is, "From 1979 to 1989, the average annual increase of defense expenditure was 1.23 percent. However, the defense expenditure actually registered an average annual decrease of 5.83 percent, given the 7.49 percent average annual increase of the consumer price index in the same period. From 1990 to 2005, the average annual increase in defense expenditure was 15.36 percent. As the average annual increase of the consumer price index during the same period was 5.22 percent, the actual average increase in defense expenditure was 9.64 percent." Not many believe that this is the full story of China's defence spending. Perhaps rightly so, for to modernize a defence force which is twice the strength of the Indian Army and yet transform it into an information centric, RMA based power cannot be achieved in a budget which is just one and a half times more than India's defence budget. While strategic systems are not part of this budget, even nominal accretion in capabilities will need a much larger outlay. The above point is amplified by the next quote which states that, "Both the total amount and per-serviceman share of China's defense expenditure is low compared with those of some other countries, particularly major powers. In 2005, China's defense expenditure equaled 6.19 percent of that of the United States, 52.95 percent of that of the United Kingdom, 71.45 percent of that of France and 67.52 percent of that of Japan. China's defense expenses per serviceman averaged RMB107,607, amounting to 3.74 percent of that of the United States and 7.07 percent of that of Japan." So how does China get a modern armed force at such a low budgetary outlay per soldier. Either these figures are not telling the full story or PLA modernization will not be sustained to

Page 21

develop across the board capabilities. A more detailed review will reveal that the latter may be the actual story. Thus what we may see in 2020 is Chinese armed forces which has niche capabilities, strategic space and missiles, information and cyber warfare and at the same time flaunt a PLA soldier who can launch human wave attacksTable of Contents

The Long War (complete essay) (blog)By AntoniusBlock, worldconflict.blogspot.com, 6 February 2007When George Kennan published “The Sources of Soviet Conduct” in 1947 the Cold War was already two years old but Americans still struggled to understand it. Kennan provided an epiphany, both explaining the enemy and suggesting a counter. This conceptual foundation was adjusted several years later in the report known as NSC-68, drafted by a team from the departments of State and Defense led by Paul Nitze. Containment retained its central place but it was as much a military as a political effort reflecting ongoing changes in the global security environment. Thus the pattern was set: throughout the course of the Cold War, debate allowed periodic refinement of American strategy.Today the United States has been locked in another global conflict for more than five years. This time there was little discussion before arriving at a strategy. President Bush literally and figuratively came down from the mountain in the weeks after September 11 with an explanation and a plan of action. As time passed the shortcomings of the initial conceptualization—the “global war on terror”—became clear. While useful for mobilizing public support, the notion of making war on a tactic or phenomenon did not provide the coherence that the U.S. military and other elements of the government needed.Now the conflict has been recast as “the long war,” a phrase attributed to planners from the U.S. military's Central Command. The new phrasing, though, is useful but not sufficient. We know that the conflict is linked to terrorism. We know that it is long. But coherent strategy requires more than that. It is time to reinvigorate debate over the most basic elements of the conflict and of the appropriate American response to it. Put simply, the United States again must refine the conceptual framework of its grand strategy.FoundationThe long war is the death spasm of the old state-centric global political, economic, and security system and the birth pangs of the new one. Pummeled by globalization, interconnectedness, and the profusion of information, states in many parts of the world can no longer provide acceptable levels of security, prosperity and political identity. Sub- and supra-state organizations fill the vacuum. Simultaneously, the bar is rising: information illuminates the human condition and allows people around the world to compare their lives to others around the world. The results are often destabilizing. Discontent, after all, is less a reflection of one's actual situation than how one perceives that situation. Moreover globalization, interconnectedness and the profusion of information give those made angry by the perception of repression or inequity the means to act on these feelings. Small groups, even individuals are empowered to undertake great violence and, more importantly, to amplify the psychological effect of violence.But while nation states fail to provide acceptable levels of personal security, identity, and prosperity, world leaders cling to a state-centric perspective. One has to look no further than American grand strategy to see this. At the very time in history that the nation is proving inadequate to the challenges of modern life, U.S. strategy is based on strengthening or re-strengthening states. "Capacity building" in weak partners is considered the key to long term success. The assumption is that with a bit of help from Washington, the historic trend shift n power away from states can be reversed. The clock can be turned back. The state in fractured, often artificial nations is to be made strong and legitimate.U.S. strategy has propelled the long war in other ways as well, particularly through the unwillingness of Americans to see ourselves the way others do. Americans are convinced that their intentions and hence their power are benign. After the collapse of the Soviet Union Washington became even more active in regional conflicts and, ominously to many around the world, began to

Page 22

"transform" its military. The already-impressive ability of the United States to project power around the world was to be made even greater. Americans were convinced that they only used force for just causes. Only aggressors should feel threatened. And, Americans believed, our power, our mission was to promote stability. The problem is that many people around the world see stability as preservation of an increasingly intolerable status quo. The United States talked of change, but its effect was to create compliant allies.At the very time that the United States ramped up its global activism, its grand strategy became more militarized. From the American perspective, this made sense. Military solutions to difficult problems tend to be faster and more decisive than diplomatic ones—something Americans, with their impatience and frustration at ambiguous outcomes tended to favor. And U.S. activism itself was also based on compelling logic. We are convinced that our strength, stability and prosperity come from our political, economic, and social organization. Hence we promote these things to make the world stable and prosperous. Unfortunately, many other people assume that our strength and prosperity come less from our internal organization than from our willingness to impose our will on others. They believe it would be possible to construct very different political systems which are also strong, stable, and prosperous if not for the opposition of the United States and its surrogates. By destroying the American-engineered system, some of them came to believe, they could give birth to a more equitable and just one. Whether right or wrong in some objective sense, this was a powerful narrative, able to inspire great efforts. And great violence.Thus emerged a deep and pervasive perceptual dissonance. Americans saw the central conflict of our time as one which pitted the forces of freedom against those who hated it, while our enemies saw the conflict as one which pitted a West desperate to sustain a global system which gave it inordinate benefits against those seeking a more just and equitable one. Perched somewhere in between were America's traditional partners, especially the Europeans. Like the United States, they derived benefits from the existing global system and therefore did not want to see it destroyed. But unlike Americans, they were more likely to see conflict as a complex web of nuance and gray rather than a struggle between good and evil. They largely eschew thinking in grand systemic terms, casting the world's struggle as a global "war" or crusade, but instead view it as a disaggregated series of local issues, most amenable to non-military solutions.Ironically, because Muslims see history as a long struggle of enlightenment and piety against evil and injustice they are, like Americans, amenable to understanding the current conflict in global, systemic terms. The idea of a crusade resonates as much in the Islamic world as in the United States. While Muslims are not alone in feeling aggrieved, abused, and repressed by the existing global system, they were at the forefront of the effort to oppose it transnationally rather than locally. The conflict which pits the United States and its partners against radical Islam, whether salafi jihadism or radical Shi'ism engineered by Iran, may not be the sum total of the "long war," but it has become its first major campaign.The American RoleDuring the Cold War the United States assumed leadership of the “free world," funding, arming, cajoling, and pressuring those opposed to communism or Soviet influence. Washington was “first among equals,” the only Western power involved in all corners of the globe. Even after the demise of the Soviet Union the United States remained, in Madeleine Albright’s term, the “indispensable nation.” President Bush has sought a similar role in the long war. The concept was one where the United States would lead a cadre of—quite frankly—junior partners. Washington would define the conflict and its outcome. While Americans have come to see this as the normal state of affairs, it may not be, particularly for a contentious conflict like the long war.American leadership during the Cold War was based on two things, one psychological, one tangible. First, other nations were willing to defer to the United States, accepting America's dominant position. This was possible because U.S. interests and perceptions were at least compatible with those of partners and—more importantly—because the United States was seen by most nations as the less threatening of the superpowers. Second, the United States doled out patronage. Cooperation with Washington brought security assistance, economic aid, trade preferences, and the like. This was particularly important for partners who did not have a traditional relationship or see eye to eye with the United States.

Page 23

Today, these pillars of America’s global leadership are shaky. The Bush administration's disregard of traditional allies during the Iraq intervention and its subsequent failure to validate many of the claims used to justify the invasion eroded the legitimacy of American leadership. And this is not simply passive resistance: many states are actively seeking to constrain or even embarrass the United States. Patronage has its own problems. Globalization limits Washington’s ability to determine the economic fortunes of other states. The United States no longer controls world capital and information flows. Favor from the United States is much less important in bestowing legitimacy on regimes abroad than it once was. Few states rely on U.S. security assistance. There is a global market for military equipment and expertise, making old-fashioned security assistance less of a necessity for all but the most fragile states. The same holds for economic assistance. The amount of aid which Congress and the American people are willing to provide is not enough to assure the fealty of any but the smallest partners.Ultimately a number of factors will determine America's world role in the next few years. To some degree, desires and personalities matter. The next president will play a major part in defining where, when, and how the United States exercises national power (assuming he or she can sell it to a public and Congress jaded by Iraq). The ability of the president to restore America's image and credibility will be crucial. So too will the security of the homeland. New attacks would push the United States toward a more aggressive, militarily-focused world role, lessening resistance to Washington’s dominance, at least for a while. Even in the absence of attacks on the United States, the willingness of partners to assume greater responsibility, particularly for dealing with failed states and ungoverned territory, will shape the extent to which Washington feels compelled to intervene in far-flung parts of the world. And any success that the United States has in weaning itself off of imported petroleum will affect the degree to which the nation remains involved in Southwest Asia. The development of petroleum alternatives or other sources of petroleum would allow the United States to tolerate a greater degree of instability in that region, shift its strategic focus to other areas or even undertake some form of strategic retrenchment.So, in broad terms, there are a range of options: America "enflamed" (made aggressive and even more willing to use armed force by attacks on the homeland); America "chastened" (a diminution of the U.S. world role by resistance from other states); America "steadfast" (reinvigorated leadership along the lines of the 1990s); and America "retrenched" (a partial strategic withdrawals driven by some combination of frustration, weariness, and a lessening reliance on imported petroleum).Alternative ApproachesIs it really a war? There are three ways to answer that. Some say, “yes.” This group is frustrated. Although the United States was attacked, its supporters contend, we have been sidetracked into political, ideological, cultural, and religious issues, allowing our enemies to sidestep military defeat. The United State should mobilize and undertake aggressive campaigns to root out and destroy the enemy. This is very much in accord with American strategic tradition which casts war and peace (or, at least, "not war") as distinct conditions. When war is forced on the United States, the appropriate response is to mobilize, minimize political distractions, and destroy the enemy. Only then can normalcy return.The second approach rejects the idea that the long war is war at all. A war is amenable to resolution by increased firepower. Clearly that does not apply to the long war. As the equally euphemistic "wars" on poverty and drugs showed, such usage of the term confuses more than it clarifies. Rather than focusing public attention and building the will to sacrifice, it leads to derision and confusion. According to this thinking, the long war is simply one more instance of system management by a dominant power during a time of change. Because such an imperial function is antithetical to American tradition, we insist on casting—or miscasting—it as something other than what is really is. War, after all, is easier to sell to the American public than persistent conflict aimed at system management.The third approach holds that the long war is, in fact, war, but of a particular sort. Specifically, it is a global insurgency or, at least, something with the potential to coalesce into a global insurgency. Like national insurgencies, this conflict involves non-state belligerents. The political and psychological battlespaces are more important than the military one. Military operations are irregular and are designed for psychological effects rather than simply imposing one's will on the

Page 24

enemy. They are “armed theater.” The military supports political and psychological efforts rather than playing the dominant role. Its primary function is stabilizing failed or post-intervention states, and helping partner militaries build their own capabilities. Strategic success comes not simply from destroying armed enemies, but from altering the root political, social, and economic conditions that allowed them to emerge in the first place.There are three ways that the United States could approach the long war. One is a strategy of “transformation.” This would simultaneously seek to defeat existing terrorist networks, deter their supporters, and encourage political and economic reform in the regions of the world which give rise to terrorism. This strategy is most closely linked to the insurgency-counterinsurgency idea. It has been the strategy of the Bush administration. A second possibility is a strategy of “stabilization.” Like the transformation strategy, this would both attack terrorist networks and seek to alter the underlying causes of terrorism but assumes that rapid democratization is infeasible or, at least, destabilizing. All people may, as President Bush has stated, desire freedom but not all are willing to tolerate the freedom of others—something that democracy requires. Rather than democratization, then, American strategy should help build effective regional security mechanisms incorporating both states and the increasingly important non-state security actors. The third approach is “containment.” This assumes that both reform and the building of regional security structures are infeasible or require greater patience and resources than the United States is willing to devote. Instead, America should disengage as much as possible from conflictive regions, ending attempts to build capacity or shape regional security environments. The U.S. military, freed of lengthy involvement in stabilization or what are often called “shaping” activities, would then be prepared to address potential or extant threats. The key is rejection of the post-Cold War attitude that the United States can prevent threats from arising by capacity building and shaping, returning to a more traditional American strategy which only uses force to counter threats.Each approach depends on underlying strategic assumptions. If one assumes that American security is best promoted by preventing the rise of threats, then transformation or stabilization are preferable. If one assumes that capacity building and shaping activities are ineffective, antithetical to the American strategic culture, or cost more than the strategic benefits derived, then containment is the logical strategy.Challenges Along the WayAmerica's global credibility, prestige, and position of leadership form a central battleground of the long war. The big question is whether the current erosion of these things is due solely to missteps by the Bush administration or is structural—an inevitable byproduct of U.S. predominance. During the Cold War, the United States could (and did) disregard partners and run roughshod over their interests but retained its moral authority and position of leadership. This was due, in part, to lingering gratitude for past services such as defending allies and rebuilding defeated enemies. But it also reflected the fact that many nations saw the Soviet Union and communism as real and pressing threats. While Americans convinced themselves that they had so many partners and friends because their intentions were benign, in reality it was often because the United States was considered the lesser evil. The choice between being a junior partner of the United States or a puppet of the Soviet Union was an easy one (at least for those given a choice).With the end of the Cold War, American power was no longer seen as the lesser evil. The decision to undertake a revolutionary improvement of the U.S. armed forces in the 1990s in the absence of a serious military threat raised concerns around the world. Why would the United States do this, the citizens of many states wondered, if it did not intend to impose its will on others by force? To many, the Iraq intervention demonstrated that this was exactly America’s intention. The Bush administration's efforts to cast the world as one where everyone must choose between partnerships with the United States or domination by al Qa’ida resonated immediately after the September 11 attacks, but no longer did after the invasion of Iraq. Americans may see the long war as analogous to the Cold War, but few others do. And the number is declining. In an earlier time, America's narrative of the Cold War was accepted around the world. Its narrative of the long war is not.This means that the United States has little leeway in dealing with partners. It cannot disregard their perceptions and interests with impunity as it did during the Cold War. Now partners can opt out of cooperation with limited costs. But Washington continues to seek partnerships where the

Page 25

United States determines the outcomes and methods while junior partners simply provide resources and applause. And we approach the world as one where the struggle with violent Islamic extremism—like the earlier struggle against Soviet communism—is the central element around which all other threats, problems, and issues orbit. This leaves two options: we can adjust our leadership style and perception of the global security environment in a way more attuned to partners and allies, or we can attempt to craft a strategy for the long war where our only reliable partners are the English-speaking democracies and a handful of beleaguered states in the Islamic world which do, in fact, see us as the lesser of two evils.Many other challenges are internal. The U.S. government, for instance, is not optimally organized to undertake a sustained conflict against an enemy unhindered by law, responsibility, or a bureaucratic structure. As T.X. Hammes often notes, the American system was designed by geniuses to be inefficient. That made sense when the major threat was repression from a government grown too strong, but is a hindrance when dealing with external enemies, particularly when the public is unwilling to surrender some freedoms and rights for the duration of the conflict (as it was during the Civil War, the world wars, and, to an extent, the Cold War). If the long war was a normal war, the public might be willing to do this. At least for a while. But it would expect that this war, like all of America's past ones, would bring demonstrable victories in quick order. This is unlikely.If, on the other hand, the long war is approached like a global counterinsurgency campaign, the organization of the U.S. government becomes a major impediment. We simply are not optimized for counterinsurgency. Even our military is configured for short, high intensity combat. A number of steps have been taken in recent years to make it more successful at counterinsurgency, but it is not enough. And even if it were, the other elements of the government—which are ultimately more important for counterinsurgency—remain woefully weak, undersized, and under funded for the tasks they face.The United States continues to have difficulty grappling with a conflict that interweaves politics, ideology, ethics, and, most especially, religion. Americans are most committed when they see themselves as championing good against evil. The United States hesitated in opposing communism immediately after the Russian Revolution because there was a degree of moral ambiguity. The Soviets claimed to seek the liberation of the lower classes. Who could oppose liberation? Once it became clear that the Soviet system had nothing to do with liberation, the moral contours of the conflict were clear. Americans then marched off to war, figuratively and sometimes literally. The moral and religious dimension of the long war imbues it with ambiguity. Who could oppose righteousness and justice? Americans may see the long war as a struggle between good and evil but many people, both Muslims and non-Muslims, do not. They see it as a competition between two ideologies, one secular, one religious. Even though many Muslims reject al Qa’ida’s methods, they accept its basic conceptualization of the conflict. They buy the idea that it pits immoral secularism against justice and righteousness. All of the information operations or strategic communications in the world will not change this. The long war, then, is not just about winning hearts and minds, but about winning hearts, minds, and souls. Americans may not be up to this task.The final challenge will be modulating an appropriate level of public will and attention. The key is sustainability. If the struggle against violent Islamic extremism is long, then the passions of the American public must not be whipped to a level that will peter out when progress comes slowly and there are few clear victories. As public will and attention subside, it will be difficult to convince Congress to provide resources for the conflict. The vigilance necessary for homeland security will not exist. And, should another major attack on the homeland occur, the shock of the unexpected will amplify its psychological effect. By the same token, deciding how many and what kinds of freedoms and rights Americans are willing to surrender to prosecute the long war also poses a major challenge. What exactly do personal privacy and due process of law mean in an age of information saturation, interconnectedness, and transnational terrorism? Today there is no consensus within the United States on these vital questions. In fact, there is not even comprehensive debate. But how they are answered will play a major role in shaping American strategy for the long war.

Page 26

ConclusionToday, America's conceptualization of the long war is badly flawed. At the most basic level, we have not fully grappled with the nature of the enemy, instead insisting on distorting the new into the familiar—a salafi Hitler, evil, bent on personal domination, and determined to control a state in order to expand his power. Witness the maps in officially sanctioned documents which show a map of the world with the "new caliphate" circled (despite the total absence of evidence that al Qaeda seeks to control such a state). Or the promotion of the bizarrely inaccurate phrase "Islamofascism."American strategy for the long war is based on the notion that it is, essentially, an ideological struggle but after six years, we have yet to offer a persuasive alternative narrative to the ideology of Islamic radicalism. We talk of a choice between freedom and totalitarianism while our enemies describe a battle between justice and injustice. There is little indication that our story is trumping their story. But we seem to believe that there is no need to alter our narrative: if we only repeat it enough and find more effective ways to communicate it, Muslims (and others) will jettison their understanding of the world and adopt ours. The solution, we have convinced ourselves, is not a different conceptualization of the conflict, but more effective "strategic communications." We take the same approach to our partners, believing that if we call it a war between freedom and totalitarianism long enough and loud enough, they will come around.Thus conceptual dissonance is the defining feature of the long war. The United States, our enemies, and our key partners it differently with no convergence in sight. During the Cold War, the United States was able to sell its conceptualization of the conflict to partners and many neutrals, or to impose it on them. But the world has changed. American leadership during the Cold War and the decade after it was like the parenting of adolescents. Now we must develop a style of leadership more like the parenting of adult children. This is a very different thing. We must realize that global leadership today is not like heading a corporation or military unit—a persisting, hierarchical function—but a temporary bridge between the old security environment and the new one. The more successful our strategy, the less the need for American leadership in diverse regions of the world. But we have not yet made this mental adjustment to this, instead pretending that we can define the long war with junior partners implementing the strategy we craft.The future depends on whether we can alter and exercise our leadership. If we can reinvigorate lapsed partnerships and cooperatively craft regional strategies, then we should undertake a strategy of stabilization with democratic transformation as the long-term objective. To do this, the United States would have to downgrade the struggle from a "war," abandon its desire to control all outcomes related to the conflict, and treat violent Islamic extremism as simply one global security issue, not the central one around which all else pivots. The U.S. military would most often be part of a multinational coalition. It would need to be configured and prepared for counterinsurgency and stabilization as well as warfighting, imbued with cultural acuity and language skills.But if we are not willing to defer to partners and synchronize our view of the long war, then containment undertaken with the few steadfast partners who share our vision is the only feasible strategy. The United States would not attempt to reshape the political systems, economies, and social orders of the places that spawn extremism, but only keep extremism weak, mitigating it by a combination of military, economic, and covert actions. We would not need cultural understanding, only warrior skills. We would not undertake protracted stabilization and counterinsurgency, but only warfighting, shattering our enemies when they begin to gather enough strength to challenge us. We would only operate in alliance with the small band of like-minded allies. Strategic success or failure would depend on sustaining American will longer than our enemies can sustain theirs.These are the choices. Call them the "European" and the "Israeli" options. They are stark and clear. America's decision is not. At least not yet.Table of Contents

International Exercise 'To Test Cyber Security'From BCS (UK), 8 February 2007An international cyber-attack exercise is ready to take place in March next year, investigating security measures to tackle online criminal attacks.

Page 27

The exercise will simulate a selection of hacking attacks and online terrorist threats with a view to ascertaining international response capabilities in the time of a crisis, according to reports.It has been confirmed that the UK will take part in the exercise, dubbed Cyber Storm II, alongside over 100 government agencies include the FBI and the UK-based National Infrastructure Security Co-ordination Centre, as well as a number of private companies.Cyber Storm II follows the launch of the original Cyber Storm exercise last year. 'Part of the aim of the exercise was for people to separate out the serious threats from the noise,' Jerry Dixon of the National Cyber Security Division told Computer Weekly. 'The next exercise will test whether governments, security suppliers and businesses have learned key lessons from Cyber Storm.'Table of Contents

Researchers Invent System to Control and Quarantine Worms Attacking Computer Networks

From EurekAlert, 8 February 2007A new anti-worm technology developed by Penn State researchers can not only identify and contain worms milliseconds after a cyber attack, but can also release the information if the quarantine turns out to be unwarranted. Because many current security technologies focus on signature or pattern identification for blocking worms, they cannot respond to attacks fast enough, allowing worms to exploit network vulnerabilities, according to the researchers. As a result, several minutes can elapse between when a signature-based system first recognizes that a packet or datagram is a worm and when it creates a new signature to block further spread. But when signature-based systems shorten the signature-generation time, they often miss those worms capable of mutating automatically. The researchers' new technology -- Proactive Worm Containment (PWC) -- doesn't rely on signature generation. Instead it targets a packet's rate or frequency of connections and the diversity of connections to other networks -- which allows PWC to react far more quickly than other technologies. "A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," said Peng Liu, associate professor of information sciences and technology at Penn State and lead researcher on the PWC system. When a host with a high rate is identified, then PWC contains that host so that no packets with the worm code can be sent out. Liu estimates that only a few dozen infected packets may be sent out to other networks before PWC can quarantine the attack. In contrast, the Slammer worm, which attacked Microsoft SQL Server, on average sent out 4,000 infected packets every second, Liu said. Because high connection rate transmissions do not always indicate worms, PWC includes two novel techniques that can verify that suspect hosts are clean or not infected. These techniques use vulnerability-window and relaxation analyses to overcome the denial-of-service effect that could be caused by false positives, he added."PWC can quickly unblock any mistakenly blocked hosts," Liu said. The PWC software can be integrated seamlessly with existing signature-based worm filtering systems. The researchers are currently beta testing PWC. Because PWC targets connection rates to identify worms, it may miss slow-spreading worms. But current technologies already can pick those up, Liu said. Worms pose a serious threat to networks, compromising network performance and even leading to denial of services. SQL Slammer, for instance, not only slowed Internet traffic but also disrupted thousands of A.T.M. machines. Additionally, worms can open the door for attackers to machines within infected networks.

Page 28

A provisional patent has been filed by Penn State on the software, "Proactive Worm Containment (PWC) for Enterprise Networks," invented by Liu; Yoon-Chan Jhi, a doctoral student in the Department of Computer Science and Engineering; and Lunquan Li, an IST doctoral student.Table of Contents

Secrets of the DoS Root Server Attack Revealed By Sharon Gaudin, InformationWeek, Feb 7, 2007Do you know what your computer was doing the other night? That's the question a lot of security professionals and analysts would like to put to users. On Tuesday, the 13 servers that help manage worldwide Internet traffic were hit by a denial-of-service attack that nearly took down three of them. Analysts say the hackers' used possibly millions of zombie computers to wage the attack -- and they expect that army is populated with the desktops and laptops of unknowing users around the world. "Individuals have contributed to this problem without knowing it," says Graham Cluley, a senior technology consultant with Sophos. "People heard about hackers doing these things, but guess what? It may have been your computer doing part of the hacking. ... People need to take more responsibility over the cleanliness of their PCs." The roots are central machines on the Domain Name System. They're akin to directory assistance for the Internet, explains Zully Ramzan, a senior researcher at Symantec Security Response. The system converts the URLs into numeric addresses, which are then used to route traffic from one computer to another. If the root servers had been taken down for a significant amount of time, it could have crippled Internet traffic. That wasn't close to happening on Tuesday. While they're referred to as the 13 root servers, there are many more computers involved. Each so-called server actually refers to an IP address, which can front many computers. Alan Paller, director of research at the SANS Institute, says they don't generally discuss how many computers are involved as a security precaution. "The strength of those systems has to do with the number of those machines behind them," says Paller. "People don't know about this infrastructure, so it's hard to attack. It's one little window into a house with 50 rooms. You peek into the window and you can't see those 50 rooms. And that's good." Analysts say the three root servers that were so greatly affected in Tuesday's attack most likely were standalone servers. The other 10 had multiple machines and that most likely helped them fare better during the attack. When Zombies Attack Starting at 5:30 a.m. EST on Tuesday, hackers launched a full-scale denial-of-service attack on the root servers. It was the largest one since an October 2002 attack that took down many of the roots. Three of the servers were nearly overloaded by the attack, but they didn't go down. They did, however, go into a brownout state, in which their response time was slowed. It was a distributed attack, with the root servers getting hit with information from all around the world, says Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Internet Storm Center, a cooperative cyberthreat monitoring and alert system. He adds that hackers must have used a huge botnet -- possibly made up of millions of zombie computers. A zombie is created when a hacker infects a computer with malware that opens a virtual door in the machine, allowing the hacker to remotely control it. Hackers infect as many computers as they can and create armies of them -- or botnets -- that they then use to launch denial-of-service attacks or to send out spam. Ullrich says they track about a million infected systems a day at the Internet Storm Center, and he figures that represents only 10% of the infected systems out there. Even though this week's attack was nearly as strong, but even more sophisticated, than the 2002 attack, the 13 servers remained up and running, and users around the world didn't notice a thing. Industry watchers say that's because the technical people who tend these servers, which are

Page 29

located around the globe, have spent the last four years increasing their capacity, as well as their security arsenals. "If you ask any kind of company if they had been subjected to an attack like that, they probably wouldn't be able to stay online," says Ullrich. "They are constantly tinkering on the security on these root servers. They're constantly getting some kind of attack. There have been studies showing that a minority of the traffic they receive is valid traffic." The root servers stood up so well to the attack because the people who manage them have been expecting the likes of it for years, says Sergey Bratus, a senior research associate with the Institute for Technology Studies at Dartmouth College. "The possibility of the attack was seen a while ago and that's why these servers were so distributed," says Bratus, who notes that 12 organizations, including the U.S. Department of Defense and the University of Maryland, run the servers. "The idea was to build a network that would remain up even if several nodes are physically destroyed by, say, a nuclear strike. When the Internet was developed, there was a concern that they needed an underlying architecture that would keep the communications running even if there was something major."Table of Contents

New Generation Of Terrorists Cyber-Inspired, -TrainedBy Matthew Schofield, Ledger-Enquirer, 7 February 2007 COLOGNE, Germany - Sitting on a platform bench in Cologne's cavernous main station watching his alleged co-conspirator step onto a train, the young Lebanese who's accused of plotting the deadliest terrorist attack in Germany's history finished his orange juice, stood up to throw the container in a recycling bin and rolled a heavy case toward Platform 4. His junior partner, Jihad Hamad, 19, had just stowed a suitcase that contained enough explosives to rip a train car to shreds on the regional train, which was headed to the Rhine valley tourist haven of Koblenz. Now it was Youssef Mohammed el Hajdib's turn. The 21-year-old weaved through the crowded station and boarded the double-decker North Rhine-Westfalia Express, bound for the industrial center of Dortmund to the north. Video cameras captured both men boarding with the bags. To cause maximum damage, the bomb-makers had diverted slightly from the instructions they'd obtained from a Web site that police said had al-Qaida connections. They'd crammed both suitcases with explosives and stuffed any empty space with plastic bags of food starch, which they thought would cover survivors of the blast with a burning, oily coat. That, police later said, was a "beginner's mistake." In their attempt to increase the destruction from the bombs, they'd made the charges "too fat." By not leaving any space for air, they'd suffocated their bombs. The two Lebanese disembarked before the timers ignited the fuses, which failed to ignite the charges. Railway employees discovered the suitcases later that evening and turned them in to lost-and-found offices. Each case contained 3 } gallons of propane in metal canisters, a little more than a gallon of gasoline in plastic mineral-water bottles and a small alarm clock, timed to detonate at 2:30 p.m. as the crowded trains neared Koblenz and Dortmund. German police think that 400 passengers would have died if the bombs had detonated, making it the deadliest terrorist attack in German history. Terrorism investigators around Europe see a lesson in this failed attempt at mass murder and in other failed or thwarted terrorist plots in recent years. While U.S. and British intelligence officials think that al-Qaida has regrouped in the mountains of Pakistan and is again capable of and intent on launching mass attacks around the globe, investigators in Britain, Germany and France are convinced that there's a broader terrorist threat against Europe. They're tracking thousands of suspected terrorists whom they say are planning mass murder.

Page 30

Unlike the Sept. 11 plotters, the new wave of terrorists - the so-called third generation terrorists - are dreaming up, planning, funding and attempting attacks on their own, without international support. The first generation of al-Qaida terrorists were Osama bin Laden and other veterans of the jihad in Afghanistan against Soviet occupiers during the 1980s. After the Soviet Union withdrew its troops, they turned their attention to the West, which they believed was corrupting and bullying the Islamic world. The hijackers who flew passenger jets into the World Trade Center in New York and the Pentagon in Washington were typical of the second generation: professional, educated men, chosen and directed by Osama bin Laden, trained in the Afghanistan camps and financed by the al-Qaida network. But the third generation has learned its hatred from television and its tactics from the Web, according to the experts. Its only connections to al-Qaida are Web sites and a shared anti-West philosophy. Its practitioners go online to find inspiration as well as practical advice, such as how to build a bomb. The result has been a number of duds. "The new generation is not professional. They build bombs that don't explode," said Rolf Tophoven, one of Germany's most respected terrorism experts and the co-director of the Institute for Terrorism Research and Security Policy in Essen. Still, he noted, studies of bombings in the Palestinian territories indicate that a "completely professional suicide bomber" - able to construct a bomb and conduct an attack - "can be created in three weeks." He added that he expects the number of attacks to be high in the coming years, and over time he expects this generation to learn from the mistakes now being made. Dame Eliza Manningham-Buller, the director general of Britain's MI6 Security Service, said in November that Britain was tracking 1,600 individuals and more than 200 groups thought to be involved in terrorism. Germany is investigating 200 suspected terrorist plots. The two London commuter attacks in July 2005 are a prime example. The attackers were local; most were second-generation residents, products of British schools and middle-class homes, though with family links to Pakistan. In the first attack, on July 7, four suicide bombs killed 52 morning commuters. In the second, two weeks later, four young men stood on subways and a bus, shouted praise to Allah and attempted to detonate backpack bombs, which fizzled. Last summer, British police arrested two dozen men - mostly British Muslims of Pakistani background - accused of plotting to blow up 10 trans-Atlantic jets en route to the United States. The alleged plotters, most of whom lived in the London area, are suspected of planning to sneak liquid explosives onto the planes and build bombs during the flights. Police said that as many as 4,000 people could have died if the plot had succeeded. In northern Europe, few cases have had more impact than one on Nov. 2, 2004. A previously unknown Muslim Dutch citizen shot filmmaker Theo van Gogh, the great-grand-nephew of artist Vincent van Gogh, from his bicycle during his morning commute. The killer, Muhammad Bouyeri, 27, claimed that van Gogh's film "Submission," about violence against Muslim women, made him an enemy of Islam. After knocking him to the sidewalk on a Dutch street, Bouyeri - raised in Amsterdam, but proud of his Moroccan heritage - slit van Gogh's throat with a knife, then put a page of Quranic verses on the knife and plunged the blade into van Gogh's chest. Police think that Bouyeri radicalized online, then joined Al Tahweed Mosque in Amsterdam, where he helped form the Hofstad Network, a Dutch terrorist group. There have been many others. Magnus Ranstorp, an anti-terrorism expert at the Swedish Defense College, estimates that "about 40 serious plots" have been broken up in Europe since September 2001. Last November, Norwegian police bugged the car of a 29-year-old Pakistani-Norwegian whom they suspected of having fired shots at an Oslo synagogue. They said they heard three other men and him - all of whom had criminal records - discussing plans to bomb the U.S. and Israeli embassies.

Page 31

The men - all younger than 30, two of Pakistani backgrounds, one of Turkish background and one Norwegian - were arrested, though it wasn't known whether they were close to carrying out the plot. Police also have reported breaking up terrorist plots in Denmark, Italy, Spain, France, Turkey and Greece. Tophoven said the plotters were European citizens or residents, usually Muslim and children of immigrants, and generally young. Herbert Landolin Mueller, who's considered the top expert on Islamic terrorist organizations with the German equivalent of the National Security Agency, thinks that governments are overly focused on highly organized, international terrorism. "People want to believe that there are terror cells, awaiting awakening, all within a central terrorist organization," he said. "But the Islamic movement is simply people who want to belong, people from the wealthy, middle class and lower classes. All attempts to define them are futile. Again, look at the attempted train bombing in Germany." In that bombing attempt, investigators said that the two Lebanese men - both in Germany on student visas, one about to start a combined computer-electronics engineering program in Kiel, the other not yet enrolled at a college - told them that their plot was motivated by the Danish cartoon controversy that started in autumn 2005 over a collection of cartoons depicting the Prophet Muhammad, which were reprinted in Germany. The two hadn't attracted any suspicion before the attempt, police said. They're now in jail awaiting trial on terrorism charges. Mueller thinks that many citizens would feel more comfortable if attacks emanated from a centralized terrorist organization, because that implies that the terrorists have been identified and the threat can be managed. Mueller thinks that the terrorism threat is as great as ever, but far more diverse and impossible to track. He considers the successful bombings in London and Madrid, Spain, as examples of the danger of homegrown, cyber-motivated and cyber-trained terrorists. Bob Ayers, a former chief of the U.S. Department of Defense Information Systems Agency who's now an expert on security matters with Chatham House, a London research center, warned against dismissing the idea of central control. "Al-Qaida is the spiritual head, the moral base of the movement," he said. "Do not make the mistake and believe that these are stupid people. They are not. In the West, too often people want to see them as backwards, uneducated, living in caves and filled with nothing but hatred." His view has support among U.S. and British intelligence experts. But many say that the nature of the terrorism threat is not either/or - either under central direction or self-radicalized. It can be both, with a central organization influencing untrained people online and through mosques that are friendly to their views. Ayers thinks that's what's happening. "Remember, the people lighting the fuse on the suicide bomb are always foot soldiers, highly expendable," he said. "The real concerns are those convincing the foot soldiers it's a good idea to kill themselves carrying out an attack." Third wave terrorists will improve their professionalism, experts agree. Jean-Louis Bruguiere, who heads France's anti-terrorism efforts, said that while many were flying under investigative radar, others were becoming bold. His biggest worry is residents who've attached themselves to Islamic jihadism, and have gone to Iraq to learn more about how to run an insurgency. Generally, the numbers of those who are leaving Europe for Iraq aren't thought to be large; experts think that five to 10 from Germany have made the trip, for example. And most of those who go are expected to die in fighting. But if even a few return, the experts worry about their impact. "We have found a few returning, not many," Bruguiere said recently. "More than 10, fewer than 20. We know of as many as 100 who have left for Iraq." They're particularly dangerous because not only will they bring back know-how but they'll also have hero status to young recruits, Bruguiere said. That, Germany's Mueller thinks, is bad news for Europe.

Page 32

"There will be future attacks, in many, many places," he said. "And those who carry out these attacks will not be known to law enforcement before the attack, but will have been leading very innocent lives."Table of Contents

PROTEUS “Futures” Academic Workshop, 14-16 August 2007, and “Call for Papers”

The Proteus Management Group will host the Second Annual Proteus “Futures” Academic Workshop specifically focused on Information Operations and Public Diplomacy from 14-16 August 2007 at the Center for Strategic Leadership (CSL), Carlisle Barracks, Pennsylvania. The event is sponsored by the United States Army War College in collaboration with the National Intelligence University (NIU), and the Office of the Director for National Intelligence (DNI). The theme of this year’s workshop is “Creative Strategic Intelligence Analysis and Decision Making within the Elements of National Power”The workshop’s overall goal is to provide scholars from various organizations across the Department of Defense (DOD), the Interagency, academia and private and corporate sectors the opportunity to present papers on topics and issues that explore complexity in the future global security environment and its discrete threats and opportunities, as well as to examine Proteus related new and innovative concepts, strategies and processes to meet 21st century United States national security challenges.The workshop’s purpose is to capture relevant work that will assist strategic and high-operational level decision makers, planners and analysts within the Joint, Interagency, Intergovernmental, and Multinational (JIIM) community in “outside the box” consideration and critical analysis of national, military and intelligence issues when using the elements of National Power (Diplomatic, Informational, Military and Economic).All communities (Government, Interagency, DOD/Military, Intelligence, academia, and business) are invited to submit papers on future national security issues and challenges directly related to the panel themes listed in the workshop concept paper. Abstracts should be no longer than two pages and should be submitted to the PMG by 16 April 2007. The PMG will review and select the abstracts for workshop presentation by 27 April 2007. Final papers should be between 4,000 and 10,000 words and contain proper footnotes or endnotes and bibliographies.For additional information regarding Proteus or this event, please go to the PMG web: https://www.carlisle.army.mil/proteus or contact either Mr. Bill Wimbish at 717-245-3366 or Mr Pat Cohn at 717-245-3196. Email: william.wimbish@us.army.mil, patrick.cohn@us.army.mil, or proteus@carlisle.army.mil. The concept paper is located at https://www.carlisle.army.mil/proteus/docs/CP01-07.pdf. Table of Contents

Page 33