IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Summary and Conclusions

Module 10

The Lesson

Go back to intro. Go back to module 9. Go to references.

The module learning objective:

  • To summarize and draw conclusions from the previous lessons.

Module 1 Summary - How Did We Get Here?

  1. The Internet was born from a DoD requirement for a survivable communications system. As a result the Global Information Infrastructure (GII) which utilizes the Internet protocol is evolving into a robust information sphere where individuals are discovering a political and social freedom never before available. There is an evolving new indestructible cyberspace where individuals are free from race, color, age, or sexual bias; only one's ideas matter. Our planet is undergoing an information revolution. Module 1 illustrates what many call the nuclear model. This reference suggest that just as the threat of nuclear war forced America to develop new national policy focused on defending America from a new threat, so does the emergence of an Information Warfare threat establish a need for an Information Civil Defense. Such an IW Civil Defense would consolidate national policy to protect America's critical infrastructures (communications, power, financial, transportation) from attacks launched via the net.
  2. A comparison between now and then: The Internet concept (ARPANET) was born from a Cold War requirement when the United States government leveraged over 90% of all telecommunications research. As a result, the Internet protocol (TCP/IP) was accepted by industry and academia. Today, the Internet offers a viable market place rich for corporate and public investment. With the end of the Cold War, the United States government now contributes less than 10% of telecommunications research funds.
  3. Once capable of supporting an independent communications network, the Department of Defense enjoyed the security of a dedicated and redundant network. However, faced with diminishing defense budgets and a rapidly expanding commercial telecommunications infrastructure, DoD is now economically forced to rely on the Public Switched Network, a network that has been demonstrated to be vulnerable to information attack. For the first time in history, DoD is critically dependent upon an infrastructure that it does not control or influence. This begs the question, "Who will be responsible for securing America's critical infrastructures?" And for the first time, DoD and the intelligence community must grapple with the concept of leading from behind, where contributions to the national debate are to provide accurate, sound advice on what constitutes the Threat, and which entities are positioning themselves to take advantage of America's critical infrastructures.

Module 2 Summary - The Threat

  1. Why is Information Warfare a threat? IW levels the international playing field (political, economic, and military), i.e., most nations cannot challenge American policy using traditional force-on-force. Information Warfare is very cost effective, and offers a non-attribution capability that can be completely hidden during development and deployment. Finally, the United States, whose policy is often the target of attack by emerging or rogue states, is the most vulnerable to IW.
  2. DoD analysis suggests that when 95% of government networks were subjected to informational attacks, less then 5% were detected. Further, of the 5% detected, very few are successful in closing the hole to future attacks.
  3. The groups posing the threat to America's critical infrastructure are:
  4. Threat Threat Level
    Individual Hackers Low lever threat (nuisance)
    Coordinated hacking (Instructor/tutor) Low/Med level of threat
    Funded, coordinated (focused, employed) High level
    State sponsored, focused (Intel provided, spec tasking) Extremely High

    A new management philosophy is needed.

  5. Old Business - New Focus (Spies of the 21st century). As security products become available to the public and commercial sector the focus of international espionage will be redirected from the individual with access to desired information toward the network system administrator. Just as any industry seeks the most bang for the buck, so will foreign case officers seek to target the system administrators of key computer systems. This threat transcends the traditional focus and will expose virtually every aspect of American society. In the past corporations needed only to enforce strict security upon those facilities handling classified government material. The spies of tomorrow will target institutions such as banking (ATM, investment), transportation (Federal Express, UPS, rail, trucking) and industry (chemical, power, computer, etc.).
  6. The new business of spying. As the world enters the information age, international economic competition will become more fierce. Nations will set as a national priority the goal of acquiring America's customer base. Industrial espionage will escalate into industrial sabotage. For example, a foreign power may recruit a critical software or hardware engineer in an effort to implant destructive code that can be remotely triggered. The focus of such an attack may be as simple as to force a general product recall, and the timing of the execution could coincide with a critically weak period for the company. Thus a simple failure that forces a product recall may precipitate a disastrous fall of stock prices and takeover of the company. (Industry will need to re-think its current security practices and be more aware of the threat posed by grieving and/or disgruntled employees)

Module 3 Summary - DoD Roles and Missions

  1. America's military is in the process of aligning itself as the Cold War threat diminishes. Tomorrow's military will continue to stand ready to defend America if faced with the traditional two major regional conflicts scenario; however, it will be forced to do so with fewer resources. Economizing will be sought through advanced Command and Control Warfare. Further, America's military will be more likely to operate with a global reach utilizing new strategic offensive information warfare. Tomorrow's military will prepare the theater of conflict by seizing control of all critical infrastructures utilized by the enemy. Tomorrow's enemy will only be able to communicate, finance, or logistically relocate that which our leadership allows. Our adversary will be blinded by a complete cyberfog of war.
  2. Just as these new weapons for peace are being developed, so are the controlling mechanisms. Currently the Joint Chiefs of Staff has both an offensive and defensive group addressing these very issues. Mechanisms are currently in place and being honed to ensure that each new strategic weapon is controlled within the required authority for release.
  3. From the defensive perspective, DoD is currently inhibited as its mandated authority prohibits involvement in securing the public and corporate sector of America's critical infrastructure. This offers the greatest challenge to future military leaders, as they have little influence in securing a vulnerable America which is open to an Information Pearl Harbor. Just as America pulled together a nation threatened by a cold war, our nation's leaders must define America's Information (infrastructure) Civil Defense.

Module 4 Summary - Information Assurance

To expand the DoD perspective of securing America from groups that wish to influence U.S. policy throughout infrastructure attacks, our nation's leadership, both political and industrial, must define a process by which America can be secured. The National Information Infrastructure will be used by tomorrow's enemies to gain access and attempt to control or influence our nation's critical infrastructures. Policy makers will be faced with the challenge of respecting and balancing the basic rights of Americans. For example, a balance between the right to privacy vs. law enforcement represents one of many issues which will be hotly debated. However, there is one positive aspect; the threat posed to America's infrastructure via IW attacks is by its nature non-partisan. The threat is real and is focused against all of America. As a result, our political leaders will come to closure on this issue much more quickly. This contrasts sharply with the health care debates of the early 90's which ended with few positive results.

The key to Information Infrastructure security is clearly defined by our forefathers:

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty, and the pursuit of Happiness. That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed. That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.

Our fore fathers believed that individual rights were granted by God and secured by government. Our nation's leaders will be challenged to find the right balance - this represents the heart of the debate in securing America.

Module 5 Summary - The Political Quagmire

The focus for change must come from Congress. The issues associated with defending America in the age of information can only be equitably debated through this branch of government. This is not to suggest that the President and the Judicial branch will not play a major role; they will... Congress will have to take the lead in forging new policy as our nation enters the 21st century.

Role of the President: Lead from behind by directing the Executive branch departments and agencies to provide critical information (data) for use by Congress, Industry, and the public in forming the national debate. The Executive branch must provide a clear representation of the Threat that IW poses to our nation's infrastructure. Further, the President must ensure that any technical skills and associated knowledge resident in the U.S. Government is available to industry and Congress for their use in formulating national information policy.

Role of the Supreme Court: The Supreme Court will, as it has in the past, ensure that legislated policy does not encroach on the rights of Americans. Just as the Supreme Court played a major role in interpreting legislation as America entered the Industrial Revolution, it will do so for the Information Revolution. However, history has shown that such interpretations are molded over time as society's needs and perspectives change. For example, the balance between economic rights and the needs of business.

Role of industry: Corporate America will be called upon to provide a realistic view of industry's security needs. This view is currently not possible as most of corporate America is either fearful of disclosing the extent of the threat, or is unaware of the intentions of its adversaries. To remedy this, the President must commit America's intelligence community to directly providing relevant indications and warnings to industry. Congress must engineer a policy where industry is required to report the number and nature of IW attacks against its infrastructures. Such disclosures by industry must be protected to guard against erosion of the public confidence. Today many nations desire U.S. military products, tomorrow they will want American security products that protect critical infrastructure. If our nation's policy makers pass legislation that encourages the will of American industry, the "Made in America" label will appear on security systems world wide.

Role of the individual: The Internet is growing exponentially. Within it there are many references to the sanctuary of cyberspace. There have been declarations of cyber-independence and calls for a hands-off by governments. People of the world are experiencing for the first time what Americans have taken for granted: Freedom of Speech. The ability to publicly voice one's opinion is bringing a passion to the Internet that is indescribable. Non-Americans are naturally hesitant to embrace any government association with the Internet. However it must be remembered that it was America, specifically the U.S. Department of Defense, that made the Internet possible. According to the Declaration of Independence, America's government is formed by its people to protect the rights granted by the Creator. This brings us to one of the most fundamental arguments of society (State): when do the rights of the many outweigh the rights of the few? This issue has been argued since the dawn of logical thought. Our policy makers (Congress and the President) must receive a balanced view from their constituents. Often our nation has applied the oil only to the squeaky wheel. The Congress must initiate public community debates to help bring the message to Washington. When called individuals must educate themselves to the issues and voice their opinion.

Lessons from the Past

Look to our nation's transition during times of great change, e.g., the industrial revolution, the Great Depression, and the nuclear threat (Cold War). During each period the concept of free enterprise provided the technical means to a solution. Likewise, each transition, required a new assessment of the balance of rights. Looking more recently to the second half of the 20th century, it can again be illustrated that free enterprise enabled America to become the global leader in technology. The voices of our forefathers offer guidance; if only we would listen.

Specific Lessons from History
  1. Legislative actions have historically supported economic and industrial growth.
  2. The mean trend of U.S. Courts has been to lean toward the rights of the individual. The right to privacy has and will continue to be at the center of such debates.
  3. The technical solutions to all of America's needs have come from the industrial sector. History has shown that with the encouraging government policy the pace of development can be greatly accelerated, e.g., America's race for the moon in the 1960's.
  4. Look to the benefits of AT&T's divestiture. What other aspects of America's critical infrastructure could benefit from similar considerations, i.e., electric power distribution?
  5. Consider the recent cases involving free speech; for example the Philadelphia Court striking down legislation on indecency. What can be learned from this? Was Congress reactive or proactive? Were legislators responding to impulse demands of a minority? Congress must carefully consider the implications of oiling the squeaky wheel, as this may lead to action without thoughtful representation.

Module 6 Summary - IW Weapons

Information Warfare Weapons fall into three categories: Strategic, Theater, and Tactical. Each category has its own unique capabilities and thus requires different safety mechanisms to prevent inadvertent release. Consider nuclear weapons. They too can be employed to support a tactical, theater and/or strategic objective. However, nuclear weapons must ultimately be released for use by the President and usually by recommendation of the National Security Council. IW weaponry is very similar, but there are exceptions.

The Commander In Chief (CINC) will always implement the directions of the President. In such a capacity certain IW weapons can be left to the discretion of the CINC for implementation. Likewise, traditional theater level Electronic Warfare (EW) or PSYOP that is enhanced by IW capabilities fall under CINC authority.

Strategic IW weapons however, will most likely be reserved for release by the highest level. For example, a computer virus that would cripple a nation's monetary system or may seize control of international satellites must be controlled by either the President (SECDEF if authority has been delegated). Justification: a response in-kind would have a direct impact on the American homeland, i.e., the loss of sanctuary.

So who pulls the trigger? In general the command to launch an IW attack will at least be reviewed by the National Security Council, possibly the President (weapon dependent), and ordered by the CINC. One must remember that some strategic weapons will only be released on authority of the President. Note: during the planning process the CINC will be the single person responsible for the overall campaign and will decide his or her weapons of choice, but just as in the case of nuclear weapons, IW weaponry will require a higher lever of coordination and authorization for release.

Module 7 Summary - Loss of Sanctuary

America has the strongest, most capable military in the world. This fact challenges many nation's objectives which conflict with American policy. No nation has the capability to challenge the United States using traditional force-on-force. Further, the acquisition of weapons of mass destruction by such nations is also considered futile, as America's response would be direct and massive. This leaves many developing nations with few options in countering America's military force. That was until the introduction of Information Warfare.

Many nations in competition with the United States, either in the political or economic realm, are actively developing IW capabilities. They hope to use these capabilities to gain an industrial edge by stealing U.S. industrial secrets, and when possible disrupt America's industrial base.

America possesses many infrastructures: power, transportation, economic. But there are others not normally considered. Our nation possesses a knowledge infrastructure where critical scientific information is freely shared between academia, government, and industry. This infrastructure, like others, is open to attack by IW weapons.

America has typically enjoyed a protected sanctuary provided by the two great oceans. Not until Pearl Harbor and the subsequent nuclear threat did America become aware of it's loss of sanctuary. With the fall of the Iron Curtain and the end of the Cold War, Americans have returned to believing in a new protected sanctuary. This is far from the truth. Daily, America's critical infrastructures are being probed and investigated by foreign powers. Our nation's industries currently lack the capability to adequately detect the implantation of IW weapons into our infrastructure.

Many nations are looking for ways to attack our financial networks to gain economic advantage. Likewise our industrial base is under attack. Cyberspace has no geographic boundaries. Nations are contracting the efforts of cyber-terrorists to maintain non-attribution. It is possible that some nations we traditionally consider allies and friendly are set on a path of economically and industrially conquering America.

America's sanctuary has been lost. Our nation is under a quiet, sometimes organized attack by many forces whose goal is to topple America's global position.

Module 8 Summary - The Military Perspective

The military perspective on the beta version of this tutorial was composed from various unclassified briefings and presentations. Each service has been distributed the beta version with the intent of providing input into the final version due in October 1996. As you explore the military perspective please remember that military offensive aspects of IW cannot be discussed openly. Nonetheless these efforts are ongoing!

Just as America's military transitioned into the industrial age and adopted the concept of mechanized war, so will it adapt to warfare in the information age. That said, the transition will not be easy. Just as military leaders resisted accepting a mechanized calvary and concept of an Air Force there will be great hesitation to adopt IW. By its nature any military must adhere to tradition and order. How else can a person be commanded into combat? But tradition typically stalls advancement of new technologies. America's military will become tomorrow's information warriors, and when future military leaders look to this period they will again wonder why acceptance of such an natural concept was hard to comprehend.

The Army has and will always command the ground aspect of warfare. The information revolution will provide a battlefield (situational) awareness unimaginable today. The fog of war will be greatly reduced if not totally eliminated. Likewise, offensive IW will render our nation's enemies dispersed and informationally isolated. The enemy's fog will be extended to a complete blindness. All aspects of today's Army will be enhanced by the information revolution.

The Navy and Marine Corps will continue to control the seas and provide the heavy strategic reach capability America now enjoys. Global sensory networks will ensure the Navy has the capability to track any form of naval enemy on a global basis. New information technologies will extend the track and reaction time of many naval weaponry for both hard and soft kills.

The Air Force and its command of the skies will continue. Tomorrow's air defense weaponry and electronic warfare will be unrecognizable to today's military leaders. The ability to precisely strike a hostile nation's command and control, air defense, or critical infrastructures will be just a push-button away. If a hard kill is required, the enhancement of IW will ensure the safety of our service personal and reduce the amount of physical force necessary. Precision strike will place munitions on a target in ways now considered impossible.

Module 9 Summary - Recommendations

The nation is ready to debate the issue of Information Warfare and begin to decide that delicate balance between protecting the individual rights and national security. For the past three years we have come a long way. First the term Information Warfare was discussed, i.e., what does it mean. Then groups began to discuss organization structure and identify needed policy. Today, insiders understand IW and its threat to America's infrastructure. It is now time to mode the debate to the people and industry and answer the question, how do we protect America's Critical Infrastructure form Information Warfare.

The following Executive Order was issues by President Clinton on July 15, 1996. It focuses the necessary ingredients for the national debate:

WASHINGTON, July 15, 1996

Executive Order  


Certain national infrastructures are so vital that their incapacity or 

destruction would have a debilitating impact on the defense or economic 

security of the United States.


These critical infrastructures include



 electrical power systems,

 gas and oil storage and transportation, 

 banking and finance,


 water supply systems,

 emergency services (including medical, police, fire, and rescue), and 

 continuity of government.



Threats to these critical infrastructures fall into two categories:


1. physical threats to tangible property ("physical threats"),


2. and threats of electronic, radio-frequency, or computer-based attacks 

on the information or communications components that control critical 

infrastructures ("cyber threats").


Because many of these critical infrastructures are owned and operated by 

the private sector, it is essential that the government and private 

sector work together to develop a strategy for protecting them and 

assuring their continued operation.


     NOW, THEREFORE, by the authority vested in me as President by the 

Constitution and the laws of the United States of America, it is hereby 

ordered as follows:


Section 1.  Establishment.  There is hereby established the President's 

Commission on Critical Infrastructure Protection ("Commission").


        (a) Chair. A qualified individual from outside the Federal

Government shall be appointed by the President to serve as Chair of the 

Commission. The Commission Chair shall be employed on a full-time basis.


        (b) Members.  The head of each of the following executive branch

departments and agencies shall nominate not more than two full-time 

members of the Commission:


        (i)     Department of the Treasury;

        (ii)    Department of Justice;

        (iii)   Department of Defense;

        (iv)    Department of Commerce;

        (v)     Department of Transportation; 

        (vi)    Department of Energy;

        (vii)   Central Intelligence Agency;

        (viii)  Federal Emergency Management Agency;

        (ix)    Federal Bureau of Investigation;

        (x)     National Security Agency.


One of the nominees of each agency may be an individual from outside the 

Federal Government who shall be employed by the agency on a full-time 

basis.  Each nominee must be approved by the Steering Committee.


Sec. 2.  The Principals Committee.  The Commission shall report to the 

President through a Principals Committee ("Principals Committee"), which 

shall review any reports or recommendations before submission to the 

President.  The Principals Committee shall comprise the:


        (i)     Secretary of the Treasury;

        (ii)    Secretary of Defense;

        (iii)   Attorney General;

        (iv)    Secretary of Commerce;

        (v)     Secretary of Transportation;

        (vi)   Secretary of Energy;

        (vii)   Director of Central Intelligence;

        (viii)  Director of the Office of Management and Budget; 

        (ix)    Director of the Federal Emergency Management


        (x)     Assistant to the President for National

                Security Affairs;

        (xi)    Assistant to the Vice President for National

                Security Affairs.


Sec. 3.  The Steering Committee of the President's Commission on 

Critical Infrastructure Protection.  A Steering Committee ("Steering 

Committee") shall oversee the work of the Commission on behalf of the 

Principals Committee.  The Steering Committee shall comprise four 

members appointed by the President.  One of the members shall be the 

Chair of the Commission and one shall be an employee of the Executive 

Office of the President. The Steering Committee will receive regular 

reports on the progress of the Commission's work and approve the 

submission of reports to the Principals Committee.


Sec. 4. Mission. The Commission shall:


        (a) within 30 days of this order, produce a statement of its

mission objectives, which will elaborate the general objectives set 

forth in this order, and a detailed schedule for addressing each mission 

objective, for approval by the Steering Committee;


        (b) identify and consult with: (i) elements of the public and

private  sectors that conduct, support, or contribute to infrastructure 

assurance; (ii) owners and operators of the critical infrastructures; 

and (iii) other elements of the public and private sectors, including 

the Congress, that have an interest in critical infrastructure assurance 

issues and that may have differing perspectives on these issues;


        (c) assess the scope and nature of the vulnerabilities of, and

threats to, critical infrastructures;


        (d) determine what legal and policy issues are raised by efforts

to protect critical infrastructures and assess how these issues should 

be addressed;


        (e) recommend a comprehensive national policy and implementation

strategy for protecting critical infrastructures from physical and cyber 

threats and assuring their continued operation;


        (f) propose any statutory or regulatory changes necessary to

effect its recommendations; and


        (g) produce reports and recommendations to the Steering

Committee as they become available; it shall not limit itself to 

producing one final report.


Sec. 5. Advisory Committee to the President's Commission on Critical 

Infrastructure  Protection.


        (a) The Commission shall receive advice from an advisory

committee ("Advisory Committee") composed of no more than ten 

individuals appointed by the President from the private sector who are 

knowledgeable about critical infrastructures. The Advisory Committee 

shall advise the Commission on the subjects of the Commission's mission 

in whatever manner the Advisory Committee, the Commission Chair, and the 

Steering Committee deem appropriate.


        (b) A Chair shall be designated by the President from among the

members of the Advisory Committee.


        (c) The Advisory Committee shall be established in compliance

with the  Federal Advisory Committee Act, as amended (5 U.S.C. App.). 

The Department of Defense shall perform the functions of the President 

under the Federal Advisory Committee Act for the Advisory Committee, 

except that of reporting to the Congress, in accordance with the 

guidelines and procedures established by the Administrator of General 



Sec. 6. Administration.


        (a) All executive departments and agencies shall cooperate with

the Commission and provide such assistance, information, and advice to 

the Commission as it may request, to the extent permitted by law.


        (b) The Commission and the Advisory Committee may hold open and

closed  hearings, conduct inquiries, and establish subcommittees, as 



        (c) Members of the Advisory Committee shall serve without

compensation for their work on the Advisory Committee.  While engaged in 

the work of the Advisory Committee, members may be allowed travel 

expenses, including per diem in lieu of subsistence, as authorized by law 

for persons serving intermittently in the government service.


        (d) To the extent permitted by law, and subject to the

availability of  appropriations, the Department of Defense shall provide 

the Commission and the Advisory Committee with administrative services, 

staff, other support services, and such funds as may be necessary for 

the performance of its functions and shall reimburse the executive 

branch components that provide representatives to the Commission for the 

compensation of those representatives.


        (e) In order to augment the expertise of the Commission, the

Department of Defense may, at the Commission's request, contract for the 

services of nongovernmental consultants who may prepare analyses, 

reports, background papers, and other materials for consideration by the 

Commission.  In addition, at the Commission's request, executive 

departments and agencies shall request that existing Federal advisory 

committees consider and provide advice on issues of critical 

infrastructure protection, to the extent permitted by law.


        (f) The Commission, the Principals Committee, the Steering

Committee, and the Advisory Committee shall terminate 1 year from the 

date of this order, unless extended by the President prior to that date.


Sec. 7.  Interim Coordinating Mission.


        (a) While the Commission is  conducting its analysis and until

the President has an opportunity to consider and act on its 

recommendations, there is a need to increase    coordination of existing 

infrastructure protection efforts in order to better address, and 

prevent, crises that would have a debilitating regional or national 

impact.  There is hereby established an Infrastructure Protection Task 

Force ("IPTF") within the Department of Justice, chaired by the Federal 

Bureau of Investigation, to undertake this interim coordinating mission.


        (b) The IPTF will not supplant any existing programs or



        (c) The Steering Committee shall oversee the work of the IPTF.


        (d) The IPTF shall include at least one full-time member each

from the Federal Bureau of Investigation, the Department of Defense, and 

the National Security Agency.  It shall also receive part-time 

assistance from other executive branch departments and agencies. Members 

shall be designated by their departments or agencies on the basis of 

their expertise in the protection of critical   infrastructures.  IPTF 

members' compensation shall be paid by their parent agency or 



        (e) The IPTF's function is to identify and coordinate existing

expertise, inside and outside of the Federal Government, to:


                (i) provide, or facilitate and coordinate the provision

of, expert guidance to critical infrastructures to detect, prevent, 

halt, or confine an attack and to recover and restore service;


                (ii) issue threat and warning notices in the event

advance information is obtained about a threat;


                (iii) provide training and education on methods of

reducing vulnerabilities and responding to attacks on critical 



                (iv) conduct after-action analysis to determine possible

future threats, targets, or methods of attack; and


                (v) coordinate with the pertinent law enforcement

authorities during or after an attack to facilitate any resulting 

criminal investigation.


        (f) All executive departments and agencies shall cooperate with

the IPTF and provide such assistance, information, and advice as the 

IPTF may request, to the extent permitted by law.


        (g) All executive departments and agencies shall share with the

IPTF information about  threats and warning of attacks, and about actual 

attacks on critical infrastructures, to the extent permitted by law.


        (h) The IPTF shall terminate no later than 180 days after the

termination of the Commission, unless extended by the President prior to

that date.


   Sec. 8.  General.


        (a) This order is not intended to change any existing statutes

or Executive orders.


        (b) This order is not intended to create any right, benefit,

trust, or  responsibility, substantive or procedural, enforceable at law 

or equity by a party against the United States, its agencies, its 

officers, or any person.



Go back to intro. Go back to module 9. Go to references.