The Dean's List-Information Warfare

David and Goliath is a tale for all times but perhaps never more so than today. Instead of a sling, information technology is digital David's weapon of choice. The principle of substituting brains for brawn has taken out a new lease on life in the Information Age and triggered a torrent of speculation on the nature and significance of what is fashionably termed "asymmetrical conflict."

Neologisms, such as cyberwar, network-centric warfare, and neocortical warfare, trip effortlessly off the tongues of military leaders, defense experts, and policy gurus alike. Military historians invoke the initialism RMA (Revolution in Military Affairs) to capture the impact of ICTs (information and communications technologies) on military strategy and the conduct of war. Clearly, something is afoot.

There are many definitions of the generic term information warfare, but the one by John Alger that follows has the virtue of being both widely applicable and mercifully succinct: "Information warfare consists of those actions intended to protect, exploit, corrupt, deny, or destroy information or information resources in order to achieve a significant advantage, objective or victory over an adversary." (For more on this and related background, see my article "Information Warfare: Peering Inside Pandora's Postmodern Box," Library Review, 50[5], 2001).

Today, almost anyone can aspire to be an information warrior: the ability to launch a cyberattack is much less closely linked to a would-be aggressor's strength or military sophistication than is the case with most forms of conventional warfare. Thus, the theory goes, the United States, being heavily dependent, both militarily and economically, on ICTs, is itself highly vulnerable to information attack. Paradoxically, Goliath's greatest strength is also his greatest weakness. But what, you may be asking yourself, has any of this got to do with you?

The principles of information warfare, as Alger's definition makes clear, can be applied widely and will very likely have an impact on both our personal and professional lives. Already the tools and techniques of information warfare are being adapted for nonmilitary purposes, such as political activism and civil disobedience. They are also finding their way into our everyday lives—cyberstalking is a particularly insidious and fast-growing crime.

I have some firsthand experience as the target of a cybersmear campaign. I've had my e-mail identity spoofed, received anonymous hate mail, and watched, impotently, as professional colleagues worldwide receive occasionally libelous commentary via the Internet.

My experience is minor compared with the very public naming of doctors who practice abortion on the infamous Nuremberg Files web site (www.christiangallery.com/atrocity), but it has helped me better appreciate the underlying attractions (e.g., anonymity, first-strike advantage) of information warfare and cyberterrorism for the attacker.

The net is a massive leveler, eroding established status and power differentials, with results that are both benign and malign. An embittered student or professional colleague can make one's life a misery, if he or she wishes, by cleverly exploiting the communicative capabilities of the net. On the other hand, the voice of the "little man" can now be heard in ways that make corporate behemoths sit up and take notice. Just think of the "suck sites" that act as magnets for criticisms and complaints against "big business."

The corporate sector has a growing interest in information warfare. The annual cost of cracking and hacking to U.S. businesses is enormous, according to surveys conducted jointly by the Computer Security Institute and the San Francisco branch of the Federal Bureau of Investigation (www.gocsi.com/prelea_000321. htm). The threats range from simple defacing of web sites through denial of service to systematic data corruption and theft of proprietary information.

Consequently, information security and assurance are major challenges facing businesses and, indeed, organizations of all kinds. Corporate information specialists, systems librarians, and competitive intelligence specialists need to be alert to the threat of cyberattack and knowledgeable about the technical and other means of protecting the information assets under their control from damage by outsiders or "corrupted insiders."

The threat extends well beyond the world of business. At my own institution (Indiana University), social security numbers of thousands of graduate students were stolen by a hacker and posted on a public computer site in Sweden. It is not far-fetched to imagine an individual hacker or a group of disgruntled (former) employees corrupting online library catalogs or launching a distributed denial-of-service attack to bring down a library's operations.

The social benefits of the Internet are real and enormous. We're learning that the downsides and dangers are no less significant. Hackers, crackers, and "phreaks" are here to stay, as loners or tightly orchestrated groups operate with strategic intent against an individual or a nation state. We all need to learn more about information warfare and cyberterrorism and the technical, social, procedural, and ethical issues associated with computer security. These days, David is only a keystroke or two away.