Information Warfare and Deterrence
Chapter 4. Workshop Insights and Conclusions
Scope of the Problem
The most significant insight about IW and deterrence is that
the two concepts are only relevant to one another in highly selective
contexts. IW is just too big and encompasses so much (particularly
in the context of information dominance), while deterrence is
limited and almost always case specific. But once that insight
occurs, the problem can be analyzed in deliberate and methodical
First, the term "information warfare" is used to mean
many things, but often focuses on the military or the cyber-war
domains dominated by computers. Actually the field is so broad
that virtually no meaningful generalizations can be made about
it. But by focusing on defensive cyber-war and media war, and
a range of offensive IW actions, it is possible to bound the problems
into workable segments. That is, analysis must be focused on selected
elements which must be clearly defined in each application.
The U.S. national information infrastructure is interlinked and
interwoven. It is not possible, except in rare instances, to separate
the military, national, and private information systems. Public
and private sectors are heavily interdependent and this linkage
will continue to grow. Further, U.S. information systems and the
U.S. information infrastructure appear extremely vulnerable, and
a whole raft of information systems could be potential targets.
The U.S. civilian sector is no longer a sanctuary that can be
protected by interposing military forces between threat or adversaries
and their targets. Traditional military forces can be flanked
at the speed of light by information attacks on the general population
or key economic systems. Accordingly, our concept of national
security needs to be expanded to consider the full range of interactions
and to determine the proper boundary between DoD and the rest
of the national information infrastructure.
Deterring Attacks on the United States
While the workshop recognized that potential IW attacks can occur
in ways and means too complex for simple solutions, it reached
the core conclusion that the U.S. already has basic policies in
place that serve as effective deterrents in many circumstances.
In essence, information warfare attacks on the United States
are deterred by the same policy that deters other types of attack.
Acting under its rights as a sovereign state, the U.S. stands
ready to respond to any attack on its interests with all appropriate
means, including law enforcement as well as military capacity.
Beyond this, some workshop participants strongly believed
that the United States should have an explicit, publicly stated,
declaratory policy about its response to IW attacks.
Workshop participants consistently found themselves assuming
that a visible set of defenses was the beginning point for deterring
attacks on important computer systems. However, there was little
consensus about the scope of the problem and how serious a threat
cyber-war (digital) attacks might be. But with less than one-quarter
of one percent of unauthorized DoD system penetrations detected
and reported, current defense effectiveness must be very low and
cannot be measured precisely. Workshop participants felt that
DoD should establish department-wide requirements to report system
penetrations, viruses, attacks, and suspected attacks as well
as similar systems for collecting information about attacks on
other types of systems in the United States. While new organizations
and procedures have emerged in recent years to improve DoD's defenses
and responses, the necessary level of awareness and cooperation
has not yet been developed. Further, DoD needs to develop appropriate
I&W metrics integral (i.e., included in the design) with other
The workshop's consensus was that the United States is vulnerable
to media attacks. At the least, because of its democratic traditions
and freedom of speech, the U.S. is almost certainly going to be
placed in a reactive mode to media campaigns. While foreign powers
will find it difficult to directly intimidate U.S. leaders or
to put forward obviously false information toward the U.S. public
without effective U.S. media responses, they may be able to communicate
quite inaccurate images to selected foreign publics. This can
put enormous time pressure on U.S. and allied decision making,
particularly when the adversary is an authoritarian state with
little or no necessity for consultation.
DoD appears to lack the infrastructure, hardware, and human capital
necessary to deliver television images into distant regions, especially
in a non-warfare situation where the sovereignty of foreign states
must be respected. Review of the requirements for flexible responses
that give the National Command Authority a rich set of options
appears to be wise.
Finally, wargames and seminars involving not only DoD, but also
the range of civilian agencies and industry representatives necessary
for effective television imagery in media wars are needed.
Using Information Warfare to Deter Foreign Governments
The workshop noted some significant limits on U.S. offensive
IW activities. First, media manipulation that involves government
personnel providing false information is neither politically wise
nor consistent with U.S. policy and law. Second, information attacks
are attacks and, therefore, are subject to international law.
The workshop also recognized that considerable legal work needs
to be completed in the IW and deterrence arena. This includes
not only state and federal laws defining criminal information
acts but also international treaties to protect the United States
from attacks launched from foreign territory.
It appears that IW techniques and technologies have great potential
for supplementing and enhancing other methods of deterrence. But
seldom will an IW action in and of itself be a creditable deterrent.
That is, while IW can provide high leverage options, these options
seldom can "stand alone." Analysis of the optimum linkages
between IW deterrence and other deterrent measures is needed.
The workshop concluded that when skillfully combined as part of
an overall information dominance concept, some combination of
IW and other actions can produce the desired deterrent results.
Research and development of IW tools and techniques should go
The workshop discussions also made it clear that we need to continue
the IW and deterrence exploration and analysis process. Additional
studies through a series of roundtable discussions are planned
- IW and deterrence policy issues such as definitions of IW
deterrence options and solution spaces.
- The role of the Joint Staff and military services in supporting
national information infrastructure security.
- The political and military utilization of IW.
- The role of technology versus policy.
- How IW techniques can influence decisions.
- Technical and training methods to improve IW defenses.
- Media war.
These additional roundtables and other forums will also examine
classified and compartmented capabilities. Readers of these proceedings
are invited to comment and join the forums at their appropriate
security level and field of interest.
Table of Contents | Appendix