ARSTRAT IO Newsletter

Document Sample
ARSTRAT IO Newsletter Powered By Docstoc
					           Information Operations

                                                Compiled by: Mr. Jeff Harley

                             US Army Strategic Command
                          G39, Information Operations Branch

The articles and information appearing herein are intended for educational and non-commercial purposes to promote discussion of research in
the public interest. The views, opinions, and/or findings and recommendations contained in this summary are those of the original authors and
should not be construed as an official position, policy, or decision of the United States Government, U.S. Department of the Army, or U.S.
Army Strategic Command.

                                                          Table of Contents

                                             ARSTRAT IO Page on Intelink-U
                                           ARSTRAT IO Newsletter on

                                                                 Page 1
                        Table of Contents
                            Vol. 8, no. 18 (11 - 31 July 2008)

1.   China's Cyber-Warfare Militia
2.   Internet's Effects on Military Discussed
3.   Penn State Altoona Announces New Information and Cyber Security Major
4.   Radar-Jam Program Restored For B-52s
5.   George Washington and Operations Security
6.   The Art of Asymmetric Warfare
7.   How to Contain Radical Islam
8.   Iraq: The Army Knew Better
9.   Taliban Propaganda: Winning the War of Words?
10. Troops Turning Tables On Taleban in Afghanistan's Propaganda War
11. SCADA Security Incidents Will Become More Prevalent, According to Lumeta
12. Cyber Security for the 44th Presidency Group to Come Out of the Shadows at Black Hat
13. Top UK Court Allows Extradition of Hacker to US
14. War of Ideas
15. Taliban Arms Self With Songs, Text Messages
16. Al-Qaeda Recruiting Scores of New Jihadis
17. Army Activates Network Warfare Unit

                           ARSTRAT IO Page on Intelink-U
                         ARSTRAT IO Newsletter on

                                          Page 2
China's Cyber-Warfare Militia
By Shane Harris, The Strategy Newspaper, 11 July 2008
Chinese hackers pose a clear and present danger to U.S. government and private-sector computer
networks and may be responsible for two major U.S. power blackouts.
Computer hackers in China, including those working on behalf of the Chinese government and
military, have penetrated deeply into the information systems of U.S. companies and government
agencies, stolen proprietary information from American executives in advance of their business
meetings in China, and, in a few cases, gained access to electric power plants in the United States,
possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to
U.S. government officials and computer-security experts.
One prominent expert told National Journal he believes that China's People's Liberation Army
played a role in the power outages. Tim Bennett, the former president of the Cyber Security
Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the
PLA in 2003 gained access to a network that controlled electric power systems serving the
northeastern United States. The intelligence officials said that forensic analysis had confirmed the
source, Bennett said. "They said that, with confidence, it had been traced back to the PLA." These
officials believe that the intrusion may have precipitated the largest blackout in North American
history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio,
New York, and parts of Canada, lost power; an estimated 50 million people were affected.
Officially, the blackout was attributed to a variety of factors, none of which involved foreign
intervention. Investigators blamed "overgrown trees" that came into contact with strained high-
voltage lines near facilities in Ohio owned by FirstEnergy Corp. More than 100 power plants were
shut down during the cascading failure. A computer virus, then in wide circulation, disrupted the
communications lines that utility companies use to manage the power grid, and this exacerbated
the problem. The blackout prompted President Bush to address the nation the day it happened.
Power was mostly restored within 24 hours.
There has never been an official U.S. government assertion of Chinese involvement in the outage,
but intelligence and other government officials contacted for this story did not explicitly rule out a
Chinese role. One security analyst in the private sector with close ties to the intelligence
community said that some senior intelligence officials believe that China played a role in the 2003
blackout that is still not fully understood.
Bennett, whose former trade association includes some of the nation's largest computer-security
companies and who has testified before Congress on the vulnerability of information networks, also
said that a blackout in February, which affected 3 million customers in South Florida, was
precipitated by a cyber-hacker. That outage cut off electricity along Florida's east coast, from
Daytona Beach to Monroe County, and affected eight power-generating stations. Bennett said that
the chief executive officer of a security firm that belonged to Bennett's trade group told him that
federal officials had hired the CEO's company to investigate the blackout for evidence of a network
intrusion, and to "reverse engineer" the incident to see if China had played a role.
Bennett, who now works as a private consultant, said he decided to speak publicly about these
incidents to point out that security for the nation's critical electronic infrastructures remains
intolerably weak and to emphasize that government and company officials haven't sufficiently
acknowledged these vulnerabilities.
The Florida Blackout
A second information-security expert independently corroborated Bennett's account of the Florida
blackout. According to this individual, who cited sources with direct knowledge of the investigation,
a Chinese PLA hacker attempting to map Florida Power & Light's computer infrastructure apparently
made a mistake. "The hacker was probably supposed to be mapping the system for his bosses and
just got carried away and had a ‗what happens if I pull on this' moment." The hacker triggered a

                                                        Page 3
cascade effect, shutting down large portions of the Florida power grid, the security expert said. "I
suspect, as the system went down, the PLA hacker said something like, ‗Oops, my bad,' in
The power company has blamed "human error" for the incident, specifically an engineer who
improperly disabled safety backups while working on a faulty switch. But federal officials are still
investigating the matter and have not issued a final report, a spokeswoman for the Federal Energy
Regulatory Commission said. The industry source, who conducts security research for government
and corporate clients, said that hackers in China have devoted considerable time and resources to
mapping the technology infrastructure of other U.S. companies. That assertion has been backed up
by the current vice chairman of the Joint Chiefs of Staff, who said last year that Chinese sources
are probing U.S. government and commercial networks.
Asked whether Washington knew of hacker involvement in the two blackouts, Joel Brenner, the
government's senior counterintelligence official, told National Journal, "I can't comment on that."
But he added, "It's certainly possible that sort of thing could happen. The kinds of network
exploitation one does to explore a network and map it and learn one's way around it has to be
done whether you are going to ... steal information, bring [the network] down, or corrupt it.... The
possible consequences of this behavior are profound."
Brenner, who works for Director of National Intelligence Mike McConnell, looks for vulnerabilities in
the government's information networks. He pointed to China as a source of attacks against U.S.
interests. "Some [attacks], we have high confidence, are coming from government-sponsored
sites," Brenner said. "The Chinese operate both through government agencies, as we do, but they
also operate through sponsoring other organizations that are engaging in this kind of international
hacking, whether or not under specific direction. It's a kind of cyber-militia.... It's coming in
volumes that are just staggering."
The Central Intelligence Agency's chief cyber-security officer, Tom Donahue, said that hackers had
breached the computer systems of utility companies outside the United States and that they had
even demanded ransom. Donahue spoke at a January gathering in New Orleans of security
executives from government agencies and some of the nation's largest utility and energy
companies. He said he suspected that some of the hackers had inside knowledge of the utility
systems and that in at least one case, an intrusion caused a power outage that affected multiple
cities. The CIA didn't know who launched the attacks or why, Donahue said, "but all involved
intrusions through the Internet."
Donahue's public remarks, which were unprecedented at the time, prompted questions about
whether power plants in the United States had been hacked. Many computer-security experts,
including Bennett, believe that his admission about foreign incidents was intended to warn
American companies that if intrusions hadn't already happened stateside, they certainly could. A
CIA spokesman at the time said that Donahue's comments were "designed to highlight to the
audience the challenges posed by potential cyber intrusions." The CIA declined National Journal's
request to interview Donahue.
In addition to disruptive attacks on networks, officials are worried about the Chinese using long-
established computer-hacking techniques to steal sensitive information from government agencies
and U.S. corporations.
Brenner, the U.S. counterintelligence chief, said he knows of "a large American company" whose
strategic information was obtained by its Chinese counterparts in advance of a business
negotiation. As Brenner recounted the story, "The delegation gets to China and realizes, ‗These
guys on the other side of the table know every bottom line on every significant negotiating point.'
They had to have got this by hacking into [the company's] systems."
Bennett told a similar story about a large, well-known American company. (Both he and Brenner
declined to provide the names of the companies.) According to Bennett, the Chinese based their
starting points for negotiation on the Americans' end points.

                                                Page 4
Two sources also alleged that the hacking extends to high-level administration officials.
During a trip to Beijing in December 2007, spyware programs designed to clandestinely remove
information from personal computers and other electronic equipment were discovered on devices
used by Commerce Secretary Carlos Gutierrez and possibly other members of a U.S. trade
delegation, according to a computer-security expert with firsthand knowledge of the spyware used.
Gutierrez was in China with the Joint Commission on Commerce and Trade, a high-level delegation
that includes the U.S. trade representative and that meets with Chinese officials to discuss such
matters as intellectual-property rights, market access, and consumer product safety. According to
the computer-security expert, the spyware programs were designed to open communications
channels to an outside system, and to download the contents of the infected devices at regular
intervals. The source said that the computer codes were identical to those found in the laptop
computers and other devices of several senior executives of U.S. corporations who also had their
electronics "slurped" while on business in China. The source said he believes, based on
conversations with U.S. officials, that the Gutierrez compromise was a source of considerable
concern in the Bush administration. Another source with knowledge of the incident corroborated
the computer-security expert's account.
National Journal had a series of conversations with Rich Mills, a Commerce Department spokesman.
Asked whether spyware or other malicious software code was found on any electronic devices used
by Gutierrez or people traveling with him in China in December 2007, Mills said he "could not
confirm or deny" the computer-security expert's allegations. "I cannot comment on specific
[information-technology] issues, but the Department of Commerce is actively working to safeguard
sensitive information." Mills added that the source had provided some inaccurate information, but
he did not address the veracity of the source's claim that the delegation was electronically
"China is indeed a counterintelligence threat, and specifically a cyber-counterintelligence threat,"
said Brenner, who served for four years as inspector general of the National Security Agency, the
intelligence organization that electronically steals other countries' secrets. Brenner said that the
American company's experience "is an example of how hard the Chinese will work at this, and how
much more seriously the American corporate sector has to take the information-security issue." He
called economic espionage a national security risk and said that it makes little difference to a
foreign power whether it steals sensitive information from a government-operated computer or
from one owned by a contractor. "If you travel abroad and are the director of research or the chief
executive of a large company, you're a target," he said.
"Cyber-networks are the new frontier of counterintelligence," Brenner emphasized. "If you can
steal information or disrupt an organization by attacking its networks remotely, why go to the
trouble of running a spy?"
Stephen Spoonamore, CEO of Cybrinth, a cyber-security firm that works for government and
corporate clients, said that Chinese hackers attempt to map the IT networks of his clients on a
daily basis. He said that executives from three Fortune 500 companies, all clients, had document-
stealing code planted in their computers while traveling in China, the same fate that befell
Spoonamore challenged U.S. officials to be more forthcoming about the breaches that have
occurred on their systems. "By not talking openly about this, they are making a truly dangerous
national security problem worse," Spoonamore said. "Secrecy in this matter benefits no one. Our
nation's intellectual capital, industrial secrets, and economic security are under daily and withering
attack. The oceans that surround us are no protection from sophisticated hackers, working at the
speed of light on behalf of nation-states and mafias. We must cease denying the scope, scale, and
risks of the issue. I, and a growing number of my peers believe our nation is in grave and growing

                                                Page 5
A Growing Threat
Brenner said that Chinese hackers are "very good and getting better all the time.... What makes
the Chinese stand out is the pervasive and relentless nature of the attacks that are coming from
The issue has caught Congress's attention. Rep. Jim Langevin, D-R.I., who chairs the Homeland
Security panel's Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology,
said that his staff has examined a range of hacker networks, from criminal syndicates to nationally
supported groups. "China has been a primary concern," he said. The deepest penetrations into U.S.
systems have been traced back to sources within China, Langevin noted.
(At a hearing last week, Langevin said that the private sector, which owns the vast majority of U.S.
information networks, including those that operate power plants, dams, and other critical
infrastructure, had taken a "halfhearted approach" to improving security. He cited a new report by
the Government Accountability Office, which found that the Tennessee Valley Authority, the nation's
largest power generator, "has not fully implemented appropriate security practices to secure the
control systems and networks used to operate its critical infrastructures." Langevin said that the
TVA "risks a disruption of its operations as the result of a cyber-incident, which could impact its
customers," and he expressed "little confidence that industry is taking the appropriate actions.")
The Chinese make little distinction between hackers who work for the government and those who
undertake cyber-adventures on its behalf. "There's a huge pool of Chinese individuals, students,
academics, unemployed, whatever it may be, who are, at minimum, not discouraged from trying
this out," said Rodger Baker, a senior China analyst for Stratfor, a private intelligence firm. So-
called patriotic-hacker groups have launched attacks from inside China, usually aimed at people
they think have offended the country or pose a threat to its strategic interests. At a minimum the
Chinese government has done little to shut down these groups, which are typically composed of
technologically skilled and highly nationalistic young men. Officially, Chinese military and diplomatic
officials say they have no policy of attacking other governments' systems.
"This has been a growing wave in recent years," Brenner said, attributing China's cyber-tactics to
its global economic and political ambitions. "The Chinese are out to develop a modern economy
and society in one generation.... There is much about their determination that is admirable. But
they're also willing to steal a lot of proprietary information to do it, and that's not admirable. And
we've got to stop it as best we can."
High-profile penetrations of government systems have been occurring for several years. In 2007,
an unidentified hacker broke into the e-mail system for Defense Secretary Robert Gates's office,
and the Pentagon shut down about 1,500 computers in response. But officials said that the
intrusion caused no harm. In 2006, a State Department employee opened an e-mail containing a
Trojan horse, a program designed to install itself on a host machine to give a hacker covert access.
As a result, officials cut off Internet access to the department's East Asia and Pacific region, but the
department suffered no long-term problems.
The Homeland Security Department, which is responsible for protecting civilian computer systems,
suffered nearly 850 attacks over a two-year period beginning in 2005, officials have said. In one
instance, they found that a program designed to steal passwords had been installed on two of the
department's network servers. In these and other incidents, there is considerable debate about
whether the intruders stole truly valuable information that could compromise U.S. strategy or
ongoing operations.
"The penetrations we've seen are on unclassified systems, which are obviously less protected than
classified systems," Brenner said.
Private Sector Foot-Dragging
There is little indication that cyber-intrusions, however menacing, have severely impaired
government operations for very long. So why are so many officials increasingly sounding the alarm
about network attacks, Chinese hacking and espionage, and the advent of cyberwar?

                                                 Page 6
Part of the answer lies in officials' most recent appraisals of the cyber-threat. They cite evidence
that attacks are increasing in volume and appear engineered more to cause real harm than
sporadic inconvenience. Without naming China, Robert Jamison, the top cyber-security official at
DHS, told reporters at a March briefing, "We're concerned that the intrusions are more frequent,
and they're more targeted, and they're more sophisticated."
"In terms of breaches within government systems, it's something that has happened quite a bit
over the last six, seven years," says Shannon Kellogg, the director of information-security policy for
EMC Corp., which owns RSA, a top cyber-security research firm. "But the scale of these types of
breaches and attacks seems to have increased substantially."
Government officials are more concerned now than in recent years about the private sector's
inability, or unwillingness, to stop these pervasive attacks. When Donahue, the CIA cyber-security
officer, warned the gathering in New Orleans about foreign hackings of power plants, some saw it
as a direct challenge to American companies.
"Donahue wouldn't have said it publicly if he didn't think the threat was very large and that
companies needed to fix things right now," Alan Paller, the highly regarded director of research at
the SANS Institute, told The Washington Post at the time. (SANS, a cyber-security research and
education group, sponsored the January meeting in New Orleans.) Another security expert noted
that in the previous 18 months, there had been "a huge increase in focused attacks on our national
infrastructure networks ... and they have been coming from outside the United States."
In comments posted on Wired magazine's Danger Room blog, which is trafficked by many techno-
elites who are skeptical of the administration's more boisterous public warnings, Donahue's
remarks about power plants drew support. Michael Tanji, a former intelligence officer with the
Defense Intelligence Agency, said that the comments weren't part of a government plot to hype the
threat. "Having worked with [Donahue] on these and related issues in the past, I regret to inform
conspiracy theorists that he is virulently allergic to hyperbole," Tanji said. "I've long been a skeptic
of claims about being able to shut down the world from the Net.... But after today, I'm starting to
come around to the idea that the ignorance or intransigence of utility system owners just might
merit a more robust response than has been undertaken to date."
Tanji's remarks pointed to one of the most nettlesome realities of cyber-security policy. Because
most of the infrastructure in the United States is privately owned, the government finds it
exceptionally difficult to compel utility operators to better monitor their systems. The FBI and DHS
have established formal groups where business operators can disclose their known vulnerabilities
privately. (Companies fear that public exposure will decrease shareholder confidence or incite more
hackings.) But membership in these organizations isn't compulsory. Furthermore, many of the
systems that utility operators use were designed by others. Intelligence officials now worry that
software developed overseas poses another layer of risk because malicious codes or backdoors can
be embedded in the software at its creation. U.S. officials have singled out software manufacturers
in emerging markets such as, not surprisingly, China.
Military Response
The intelligence community's and private sector's vocal warnings and dire suspicions of Chinese
hackers join a chorus of concern emanating from the Defense Department in recent months. In the
most recent annual report on China's military power, the Defense Department declared publicly for
the first time that attacks against government and commercial computer networks in 2007 appear
to have emanated from China. "Numerous computer networks around the world, including those
owned by the U.S. government, were subject to intrusions that appear to have originated within"
the People's Republic of China. Although not claiming that the attacks were conducted by the
Chinese government, or officially endorsed, the declaration built upon the previous year's warning
that the People's Liberation Army is "building capabilities for information warfare" for possible use
in "pre-emptive attacks."
The military is not waiting for China, or any other nation or hacker group, to strike a lethal cyber-
blow. In March, Air Force Gen. Kevin Chilton, the chief of U.S. Strategic Command, said that the

                                                Page 7
Pentagon has its own cyberwar plans. "Our challenge is to define, shape, develop, deliver, and
sustain a cyber-force second to none," Chilton told the Senate Armed Services Committee. He
asked appropriators for an "increased emphasis" on the Defense Department's cyber-capabilities to
help train personnel to "conduct network warfare."
The Air Force is in the process of setting up a Cyberspace Command, headed by a two-star general
and comprising about 160 individuals assigned to a handful of bases. As Wired noted in a recent
profile, Cyberspace Command "is dedicated to the proposition that the next war will be fought in
the electromagnetic spectrum and that computers are military weapons." The Air Force has
launched a TV ad campaign to drum up support for the new command, and to call attention to
cyberwar. "You used to need an army to wage a war," a narrator in the TV spot declares. "Now all
you need is an Internet connection."
"It's a kind of cyber-militia.... It's coming in volumes that are just staggering." --Joel Brenner
Defense and intelligence officials have been surprised by China's cyber-advances, according to the
U.S-China Economic and Security Review Commission. In November, the commission reported that
"Chinese military strategists have embraced ... cyberattacks" as a weapon in their military arsenal.
Gen. James Cartwright, the former head of U.S. Strategic Command and now the vice chairman of
the Joint Chiefs, told the commission that China was engaged in cyber-reconnaissance, probing
computer networks of U.S. agencies and corporations. He was particularly concerned about China's
ability to conduct "denial-of-service" attacks, which overwhelm a computer system with massive
amounts of automatically generated message traffic. Cartwright provocatively asserted that the
consequences of a cyberattack "could, in fact, be in the magnitude of a weapon of mass
A former CIA official cast the cyber-threat in a similarly dire terms. "We are currently in a cyberwar,
and war is going on today," Andrew Palowitch, who's now a consultant to U.S. Strategic Command,
told an audience at Georgetown University in November. STRATCOM, headquartered at Offutt Air
Force Base in Nebraska, oversees the Defense Department's Joint Task Force-Global Network
Operations, which defends military systems against cyber-attack. Palowitch cited statistics,
provided by Cartwright, that 37,000 reported breaches of government and private systems occured
in fiscal 2007. The Defense Department experienced almost 80,000 computer attacks, he said.
Some of these assaults "reduced" the military's "operational capabilities," Palowitch noted.
Presidential Attention
President Bush has personally devoted more high-level attention to the cyberattack issue in the last
year or so than he did in the first six years of his tenure combined. Many security experts are
surprised that the administration is only now moving to take dramatic measures to improve the
security of government networks, because some Cabinet-level and White House officials have been
warning about the threat for years to just about anyone who will listen.
Until McConnell, the national intelligence director, personally drove the point home to Bush in an
Oval Office meeting in 2006, there was little top-level support for a comprehensive government
cyber-security plan. "They ignored it," one former senior administration official said flatly.
"McConnell has the president's ear."
McConnell, a former director of the National Security Agency, whose main job is to intercept foreign
communications intelligence but which is also responsible for protecting U.S. classified information
and systems, takes the computer-security issue as seriously as his counter-terrorism mission. After
McConnell left the NSA, in 1996, he took over the intelligence practice at Booz Allen Hamilton,
where he again turned to security problems, particularly within the nation's financial infrastructure.
Working with officials from the New York Stock Exchange, McConnell developed a report for the
government on network vulnerabilities; he has said that it was so revealing, the administration
decided to classify it.
Lawrence Wright of The New Yorker reported earlier this year that McConnell told Bush during the
2006 Oval Office meeting, "If the 9/11 perpetrators had focused on a single U.S. bank through
cyberattack and it had been successful, it would have had an order-of-magnitude greater impact on

                                                 Page 8
the U.S. economy." According to Wright, the president was disturbed, and then asked Treasury
Secretary Henry Paulson Jr., who was at the meeting, if McConnell was correct; Paulson assured the
president that he was.
Brenner confirmed Wright's account as "a true story." And separately, a former senior
administration official told National Journal of another dimension. In that meeting, McConnell also
told the president that White House communications systems could be targeted for attack just as
other U.S. government systems had been targeted. The intelligence chief was telling the president,
"If the capability to exploit a communications device exists, we have to assume that our enemies
either have it, or are trying to develop it," the former official said.
This meeting compelled the White House to craft an executive order laying out a broad and
ambitious plan to shore up government-network defenses. Known internally as "the cyber-
initiative," it was formally issued in January. The details remain classified, but it has been reported
that the order authorizes the National Security Agency to monitor federal computer networks. It
also requires that the government dramatically scale back the number of points at which federal
networks connect to the public Internet. The Office of Management and Budget has directed
agencies to limit the total number of Internet "points of presence" to 50 by June.
Limiting connection points is analogous to pulling up drawbridges in order to defend the
government's cyber-infrastructure. Security experts interviewed for this story said that it shows
how little the government can do, at least for now, to ward off intrusions if the first line of defense
is to "unplug."
Mixed Reactions
Under the president's cyber-initiative, the Homeland Security Department will be responsible for
monitoring government agencies apart from the Defense Department. In March, Homeland
Security Secretary Michael Chertoff told National Journal that the first step is "to survey all the
points" of presence. "We have no final number yet."
"The agencies' networks have grown very haphazardly. No one really knows where [the
connections to the Internet] are," said Bruce McConnell, who was the chief of information
technology and policy in the Office of Management and Budget. He left government in 2000.
"Trying to catalogue where things are so you could turn them off is a daunting task in and of itself,"
said McConnell, who is not related to the intelligence chief.
Bush's cyber-initiative has received mixed reviews. Generally, cyber-experts favor a comprehensive
approach, and they are relieved that the issue finally has the president's full attention. But some
question how the program is being implemented—under a cloak of secrecy and with a heavy
reliance on the intelligence community.
"Our nation's intellectual capital, industrial secrets, and economic security are under daily and
withering attack." --Stephen Spoonamore
The sharpest criticisms are directed at the NSA, an intelligence agency whose traditional mandate
is to collect information coming from outside the United States; it has no customary role
monitoring networks inside the country, although this has changed in the years following the 9/11
attacks. It's not clear just how far the government's monitoring of computer networks will extend
into the private sector and precisely what role the NSA will play tracking networks inside the United
States, but lawmakers have already raised concerns that the cyber-initiative will creep into
domestic intelligence-gathering. The same kinds of technologies that are used to monitor networks
for viruses and other malicious threats could be used to track domestic communications. On May 2,
DHS's top overseers sent a letter to Chertoff questioning "the secrecy of the project." Sens. Joe
Lieberman, ID-Conn., and Susan Collins, R-Maine, the chairman and ranking member of the
Homeland Security and Governmental Affairs Committee, respectively, noted that the department
had requested an additional $83 million for its National Cyber Security Division; DHS had already
been allocated $115 million for the cyber-initiative in the 2008 omnibus appropriations bill. "This
would be a nearly $200 million increase, tripling the amount of money spent on cyber-security in
DHS since 2007," the senators wrote. The full cost of implementing the president's cyber-initiative

                                                 Page 9
is estimated to be $30 billion. The entire 2009 budget request for the Homeland Security
Department is about $50 billion.
Marc Sachs, who was the director for communication infrastructure protection in the White House
Office of Cyberspace Security in 2002, praised the administration for taking a bold initial step. But
he said that the level of attention is 10 years overdue. Sachs noted that in 1998, President Clinton
issued a directive that set ambitious infrastructure-protection goals. "I intend that the United
States will take all necessary measures to swiftly eliminate any significant vulnerability to both
physical and cyber attacks on our critical infrastructures, including especially our cyber-systems,"
Clinton wrote.
Without pointing to particular policies, Brenner, the counterintelligence chief, said, "We need to take
these policy declarations that we've had for 10 years and turn them into practical reality." He said
the job of securing cyberspace is hardly as simple as "put two padlocks on the door.... This is an
incredibly open and porous and, in many cases, wireless system. Controlling cyber-security is like
controlling the air flow in a large, segmented building complex in a noxious neighborhood. You
cannot be sure you are keeping all the noxious stuff out. What you've got to say is, gee, in the
infirmary, we've really got to deal differently than we do in the lobby."
False Accusations?
Given the political fallout that could stem from a proven Chinese attack on power plants or theft of
government secrets—not to mention the pressure to launch some sort of military response—
skeptics have asked whether the Chinese really are behind so many high-profile incidents.
Brenner affirmed the widely held view that it's technologically difficult to attribute the exact source
of any cyberattack and that the government needs better technologies to do so. But despite his
assurances that the government has indeed sourced cyber-intrusions to China, others urge caution.
"We want to find a natural enemy, so we're looking everywhere," Sachs said. He noted that some
hackers launch their attacks through computers based in other countries, and that China is an easy
mask. "I think all of us should remember that not everything you see online is truthful."
Another former administration official echoed those sentiments. "I think it's a little bit naive to
suggest that everything that says it comes from China comes from China," said Amit Yoran, the
first director of DHS's National Cyber Security Division, who left the post in 2004.
But there is little to no doubt, including among skeptics, that China is vigorously pursuing offensive
cyber-capabilities. Military analysts say that the Chinese know their armed forces cannot match
America's in a head-on confrontation, and they realize their nuclear arsenal pales in comparison.
These imbalances have forced Chinese military planners to adopt what the Pentagon calls
"asymmetric" techniques—tactics that aim at a foe's vulnerabilities—in order to counter, or at least
deter, U.S. military power.
"There has been much writing on information warfare among China's military thinkers, who indicate
a strong conceptual understanding of its methods and uses," according to the Pentagon's annual
report on China's military power. The report stated that "there is no evidence of a formal Chinese
... doctrine" but noted that the People's Liberation Army has "established information-warfare units
to develop viruses to attack enemy computer systems and networks."
U.S. military officials see cyber-warfare as one arrow in a quiver of asymmetric techniques to
disrupt an enemy's command-and-control systems. The Chinese strategy, according to this line of
thinking, is not to defeat U.S. military forces but to make it harder for them to operate.
China's military history has been defined by asymmetric warfare, said Harry Harding, an expert on
Chinese domestic politics and U.S.-China relations, who teaches at George Washington University's
Elliott School of International Affairs. Cyber-warfare is just one of the more recent tactics. If the
U.S. government tries to protect its systems, the Chinese will simply attack the private sector; he
cited the financial services industry as an obvious target. "I have no doubt that China is doing this,"
Harding said.

                                               Page 10
Bennett, the former head of the Cyber Security Industry Alliance, said that if China has penetrated
power plants and the power grid, it serves as a show of force to the United States and is likely
meant to deter any U.S. military intervention on behalf of Taiwan. He noted that the Florida
blackout occurred only a few days after the Navy shot down a failing U.S. satellite with a missile
designed to intercept inbound ballistic missiles. A year earlier, the Chinese had downed one of their
own satellites in orbit. The Bush administration has pursued ballistic missile defense systems, and
Taiwan has sought that technology from the United States.
The Chinese are not alone, of course, in their pursuit of cyber-warfare. The Air Force is setting up
the Cyberspace Command, the 10th command in the service's history.
"The next kind of warfare will be asymmetric warfare," Gen. William Lord, the provisional
commander, said during a roundtable discussion at the Council of Foreign Relations in March. "Who
is going to take on the United States Army, Marine Corps, U.S. Air Force, and U.S. Navy as
probably the most powerful force on the face of the planet?"
Lord didn't limit his remarks to China. He said that cyber-criminals and other "bad guys" were as
much a concern for the military. He also pointed to a massive cyberattack launched last year
against computers in Estonia, in which Russian hackers—perhaps operating at Moscow's behest—
tried to take down the country's systems in retaliation for Estonia's decision to move a statue
commemorating fallen Soviet troops, a statue that Russians living in Estonia love but that native-
born Estonians don't. The attack has been billed as the first "cyberwar" because of the
overwhelming electronic force brought to bear on the tiny country of 1.3 million people.
"I had an opportunity to speak with the minister of defense from Estonia," Lord said. "He was
attacked by 1 million computers."
The Estonia attack probably shook nerves more than it caused long-term damage. But it served as
a potent example of how determined, coordinated hackers could gang up on a foreign government.
It has also created profound policy questions about what qualifies as war in cyberspace.
"The problem with this kind of warfare," Lord said, "is determining who is the enemy, what is their
intent, and where are they, and then what can you do about it?"
Brenner, the senior U.S. counterintelligence official, said, "Another country knows that if it starts
taking out our satellites, that would be an act of war." But "if they were to take out certain parts of
our infrastructure, electronically, that could be regarded as an act of war," he said. "It's not my job
to say that."
NATO officials are reluctantly struggling with that question, too. At a ministerial meeting last June,
Defense Secretary Gates asked the allied members to consider defining cyberattacks in the context
of traditional warfare. Cyberwar is still abstract, and there are no international conventions that
govern military conduct on a digital battlefield.
"The U.S. government doesn't really have a policy on the use of these techniques," said Michael
Vatis, a former director of the FBI's National Infrastructure Protection Center. "The closest analogy
is to covert actions," he said, meaning spy operations undertaken by intelligence agencies against
foreign governments. "They take place, and people have strong suspicions about [who's
responsible]. But as long as they're not able to prove it, there's very little that they can do about it.
And so there's often not as much outrage expressed."
Table of Contents

Internet's Effects on Military Discussed
By Jenn Rowell, Montgomery Advertiser, 16 July 2008
Future battles for U.S. military forces could be waged not just on land or sea or in the air, but in

                                                      Page 11
About 250 people, including civilians, contractors and military educators, are at Maxwell Air Force
Base this week to explore how modern society's dependency on the Internet could impact future
military operations.
"It's another domain for war fighting," said Lt. Gen. Allen Peck, commander of Air University.
Nearly all aspects of modern life, from banking to social networking, depend on cyberspace, said
Peck, who hopes the symposium will help participants understand how integral the Internet is to
modern military operations.
Lt. Gen. Robert Elder said cyber operations involve more than plans of attack.
The Air Force's cyber infrastructure is controlled by military and commercial entities and it's
vulnerable to attack, Elder said, citing the 2007 Air Force Cyber Study. Or a military installation's
computer communications network could crash from increased demand -- such as what happened
in the hours following the Sept. 11, 2001, terrorist attacks.
Elder is commander of the Eighth Air Force and Joint Functional Component Commander for Global
Strike and Integration, U.S. Strategic Command.
That means the Air Force and other military branches must be able to defend against data
manipulation as well as data theft, Elder said.
The Air Force thinks cyberspace operations are so important, it is in the process of establishing its
newest command in decades -- Cyber Command.
Montgomery is in a position to benefit from the command addition, officials said.
Currently, Maxwell-Gunter is one of 18 locations nationwide being considered as the permanent
home of the new command. That decision isn't expected until 2009, but Alabama has submitted a
Regardless of where Cyber Command's headquarters ends up, Peck said Maxwell-Gunter is "already
somewhat of an IT hub for the Air Force."
The Cyber Command will open up new career fields -- like cultural linguists and computer scientists
-- for airmen, and requiring new education and training programs, many of which would be run at
Air University.
Starting in October, all airmen will get a 90-minute lesson on cyber warfare. And shifts in training
are happening at the basic level, the technical level and the senior levels, Maj. Gen. William Lord
told the Montgomery Advertiser in a May interview.
Table of Contents

Penn State Altoona Announces New Information and Cyber Security
From Penn State Office of Public Relations Press Release, 22 July 2008
Penn State Altoona will implement a security and risk analysis baccalaureate degree (information
and cyber security option) in the fall semester. This option includes a set of new courses that
provides a sound overview of the theories, skills and technologies associated with network security,
cyber threat defense, information warfare and critical infrastructure protection across multiple
Within four years of beginning the program, it is anticipated that 40 new students will enter the
major as freshmen each year at Penn State Altoona. Roughly half are expected to complete the
degree at Altoona, while the remainder will transfer to the College of Information Sciences and
Technology at University Park for their junior and senior years.
Seven Penn State Altoona faculty members will be involved with the delivery of 14 new courses and
the administration of the new major. The degree also includes an undergraduate capstone course
which requires students to work collaboratively in teams. Each team will be given a significant real-
world problem or issue in which information technology is part of the solution. Teams will be

                                                         Page 12
expected to manage the project effectively and to communicate its results clearly to a variety of
audiences within an organization.
Information technology is one of the fastest-growing fields in the world. It has been identified by
the U.S. government as vital to the nation's ability to compete in a global economy.
Table of Contents

Radar-Jam Program Restored For B-52s
By Michael Hoffman, Air Force News, Jul 21, 2008
The Air Force has restarted a program to arm B-52 bombers with long-range, radar-jamming pods
two years after officials canceled the effort when cost estimates rose to $7 billion.
A new $68 million, five-year study is aimed at developing technology to load core component
jammers onto the tips of B-52 wings.
It‘s unclear when the pods — aimed at defeating air defenses, including early warning radars —
could be deployed, but Jeff Weis, Boeing‘s program manager for airborne electronic attack
technology maturation, said it would be before 2020.
With a recent contract win of $15 million to integrate the pods onto the Buffs, Boeing joins four
other defense contractors developing the jamming capabilities with the Air Force Research
Officials hope to keep the program affordable by cutting down how many radars it must defeat,
leveraging existing technologies and not adding advanced capabilities until the program‘s end, Weis
The service also might not purchase pods for its entire B-52 fleet, as was planned during the first
B-52 standoff jammer system program before it was canceled.
The study also will research the potential of mounting pods on the EC-130H Compass Call, said
Jerry Bullmaster, the research lab‘s airborne electronic attack portfolio manager.
That means the technology could be used on other airframes, but the B-52 remains the targeted
aircraft, despite the bomber‘s age and lack of agility, Bullmaster said.
Weis said the B-52 is ideal because of its ability to fly long, multimissions at high altitudes, and
because it is large enough to carry the pods and the generators that probably will be needed to
power them.
It has been 12 years since the Air Force retired its last electronic warfare aircraft, the EF-111
Raven; the service has depended on the Navy and Marine Corps‘ EA-6B Prowlers since.
The Navy will start flying its next-generation electronic attack aircraft — the EA-18G Growler —
next year before retiring the Prowler fleet in 2010.
The Air Force will receive support on this study from the Navy as the sister service continues to
develop a next-generation jammer that could replace the analog ALQ-99.
Table of Contents

George Washington and Operations Security
By Christopher Cox, American Chronicle, 24 July 24, 2008
Arguably, no President in history has received a legendary status equal to George Washington. His
reputation as a gifted military leader stems partially from his unique perspective as the leader of
counterinsurgency forces (as a young officer in the Seven Year‘s War) and as the leader of an
insurgent army (in the Revolutionary War).
Within OPSEC circles, Washington is often quoted as saying, "Even minutiae should have a place in
our collection, for things of a seemingly trifling nature, when enjoined with others of a more serious
cast, may lead to valuable conclusion." While this is certainly true you must understand that this is
a lesson our first president learned through bitter, near fatal experience.

                                                       Page 13
Washington‘s first experience with OPSEC (a term not used at the time, but the principles remain
the same) came at the age of 21 when he was a young officer in the Seven Year‘s War under
British General Braddock. The effective French intelligence network (no doubt enabled by
ineffective security) was able to ascertain Braddock‘s moves well in advance and successfully
ambushed the combined British and Colonial forces on their first expedition. In this attack, the
combined forces lost 615 of their officers and 914 soldiers; in addition General Braddock was
mortally wounded and barely escaped with the aid of Washington. Before his death four days later,
Braddock gave Washington his ceremonial sash, one of the two reminders of this lesson that would
stay with him forever.
If this hard lesson taught Washington one thing, it was the necessity of effective intelligence, as
well as that of secrecy. He was later quoted as saying, "(U)pon Secrecy, Success depends in Most
Enterprises…and for want of it, they are generally defeated."
With this philosophy, Washington would establish and lead an effective spy network during the
Revolutionary War. These spies would operate, at times, directly with or under British forces and
would provide Washington with critical military information regarding British plans, strategies and
objectives. In order to evade detection, all agents would memorize and refer only to code names
(for instance, George Washington was only referred to as "711" and New York was "727"), which
demonstrates a clear understanding of the importance of obfuscating key names and locations.
Using the same scheme for names and locations also helped to hide their true meaning. In
addition, the use of secret codes, invisible ink and encryption demonstrated Washington‘s
awareness of the necessity of not only attempting to avoid the capture of information, but also to
prevent the use of information should capture occur.
Unfortunately, this valuable lesson seemed to be forgotten when Washington sent a seemingly
harmless letter to his dentist in Philadelphia asking for denture wires and a cleaning tool. In and of
itself, this letter provided no military intelligence of value when it and other messages were
captured by the British. However, some of the other messages indicated a potential attack on New
York. Sir Henry Clinton, then chief of the British Army, was skeptical. The letters almost seemed too
good to be true especially when you understand that Washington‘s skill in military deception was
known by the enemy. Clinton was left to wonder of the validity and value of the "intelligence."
However, Clinton correctly reasoned that this letter would most likely not have been included in a
package was to be intentionally "captured" and surmised that the captured intelligence was
legitimate. Clinton was able to strengthen his forces in New York, prompting Washington to
abandon that campaign.
This setback did not discourage Washington from continuing to use deception and disinformation
however. This lesson learned became a very effective strategy to fabricate documents to be
"captured", or to instruct agents to discuss certain matters in areas that British soldiers or spies
were able to overhear, or even to intercept messages meant for British forces and alter them
before passing them along seemingly unchanged. For example: When Washington had his army
outside of Philadelphia he instructed his procurement officers make sizable purchases of supplies,
and even constructed fake military facilities, which convinced the British that his 3,000-strong army
contained 40,000 men.
Throughout the war, Washington relied heavily on espionage and intelligence. The Culper Spy Ring,
headed by Major Benjamin Talmadge (under the pseudonym "John Bolton") learned that the British
had plans to attack an allied French expedition in Rhode Island (it is not clear how British Forces
learned of the landing). Washington responded by planting false intelligence with British agents
indicating that he intended to move against New York City. In response, the British Commander
held his forces at New York, which had the additional benefit of masking Washington‘s movement
towards Chesapeake Bay and Yorktown. It was imperative that Washington‘s forces practice good
OPSEC in order to avoid detection of this grand deception.
Washington understood the importance of educating those under him about what we‘ve come to
call OPSEC. In a clear early understanding of what we now know as the OPSEC process,

                                               Page 14
Washington wrote to thank James Lovell for a piece of intelligence, saying, "it is by comparing a
variety of information, we are frequently enabled to investigate facts, which were so intricate or
hidden, that no single clue could have led to the knowledge of them. . . intelligence becomes
interesting which but from its connection and collateral circumstances, would not be important." He
also spoke to General Rufus Putnam in August 1777 about calculating an adversary‘s strength,
saying, "Deserters and people of that class always speak of number. . . indeed, scarce any person
can form a judgment unless he sees the troops paraded and can count the divisions. But, if you can
by any means obtain a list of the regiments left upon the island, we can compute the number of
men within a few hundreds, over or under." This "training" prompted Federalist William Duer to
write, "To say more in a Letter, might be imprudent" when discussing a matter of potential value.
Similarly, to the credit of the Continental Congress, the first secrecy agreement was adopted for
government employees. It read, in part, "I do solemnly swear, that I will not directly or indirectly
divulge any manner or thing which shall come to my knowledge as (clerk, secretary) of the board
of War and Ordnance for the United Colonies. . . So help me God."
Perhaps the best example of OPSEC in Washington‘s strategy was in the attack on Stony Point.
Stony Point was an ominous British fort on the Hudson River, with walls 150 feet high, water on
three sides and a swamp on the fourth, and an imposing garrison of 500 men and many cannons.
Colonel Wayne was convinced that it could be taken, and eventually convinced Washington that it
could be done. Washington approved the plan with the advice, "That is should be attempted by the
Light Infantry only, which should march under cover of the night and with the utmost secrecy to
the enemy's lines, securing every person they find to prevent discovery". Note especially the use of
darkness to mask movement and the securing of potential witnesses/agents. Because of this
secrecy, the surprise attack was a success resulting in only 15 American deaths versus 63 British.
Clearly, George Washington effectively led the newly formed army to victory not only because of
excellent military tactics, but also because a solid understanding of OPSEC. If OPSEC can help
General Washington win a war then who are we to deny its use today to protect our sensitive
Table of Contents

The Art of Asymmetric Warfare
By Jason Burke, The Guardian, 27 July 2008
A US military officer quoted in the excellent report by the International Crisis Group into Taliban
propaganda operations released a few days ago says, "unfortunately, we tend to view information
operations as supplementing kinetic [fighting] operations. For the Taliban, however, information
objectives tend to drive kinetic operations … virtually every kinetic operation they undertake is
specifically designed to influence attitudes or perceptions".
This is strategic thought of extreme novelty, and in no small way helps explain the relative success
of the Taliban so far in Afghanistan. In terms of a communication strategy it certainly goes well
beyond the clumsy international coalition efforts which have remained largely focused on the
international audience. Western press officers' ability to talk to the Afghan public is hindered by
their minimal language skills and the cultural gaps that separate them, and remains very limited.
Equally, the idea that military operations should be decided primarily according to their effect on
populations and thus should be determined to a significant degree by the exigencies of modern
media technology and by journalists is anathema to most western soldiers, most of whom see the
press as a necessary evil at best.
The Taliban by contrast are quite happy to shape their military strikes according to the media
demand. They know that spectacular attacks such as that on Kabul's Serena hotel or the repeated
attempts on President Karzai's life are effective.
Their day-to-day media operation targets four audiences – international western, international
Islamic, local and regional – in at least five different languages. They are careful to avoid

                                               Page 15
statements that play on Afghanistan's complex identity politics – though support for the movement
remains overwhelmingly drawn from the Sunni Pashtun tribes and the history of the Taliban is
replete with examples of persecution of Shia or Afghanistan's less numerous ethnic minorities.
As the ICG report comments, particularly given the exaggerated nature of many of the Taliban's
claims, the result is that though "out of power and lacking control over territory" the Taliban "has
proved adept at projecting itself as stronger than it is in terms of numbers and resources". This
conjuring trick has been as effective in the west as it has at home.
The second important point made by the ICG report: that the Taliban are far from homogeneous.
These splits goes way beyond the tripartite division into tiers one to three (hardcore leadership,
ideological fellow-travellers, paid or coerced or ignorant cannon fodder) that the coalition uses.
When on the ground, and out from behind the blast walls around the western compounds, this
becomes very obvious. A day or so in Kandahar last year spent trying to understand the
relationships betweens individuals, warlords, tribes, mullahs, businessmen which as much as
nationalism or ethnic pride determines adherence to "the Taliban" convinced me that international
troops were battling a range of different "insurgencies", not a single armed group.
So the sort of detailed reading that the ICG has given Taliban statements reveal many splits. A
statement from the "Islamic Emirate of Afghanistan" announcing the "dismissal" of Mullah Mansoor
Dadullah, a senior and particularly brutal commander, for disobedience, is followed almost
immediately by another spokesman declaring that his boss "had never been sacked" and that the
earlier statement had been part of "a conspiracy by some elements within the Taliban movement
[who] want to weaken the Taliban movement".
Other examples of dissent within the ranks and factional fighting include relatively public spats over
policies such as the burning of schools, the targeting of western reporters or aid workers as well as
conflicting claims of responsibilities for successful attacks by different groups owing loyalty to
different individuals.
Quite how wide these splits are was revealed by a letter that surfaced earlier this month –
apparently written by anti-Soviet resistance hero turned-Taliban senior commander Jalaluddin
Haqqani – which directly challenged the authority of Mullah Mohammed Omar, the reclusive one-
eyed cleric who has led the Taliban since their creation.
Blaming the influence of foreign intelligence services (ie Pakistan's Inter-Services Intelligence),
Haqqani complained that "the Islamic movement of the Taliban is not the Taliban of 10 years ago
which only fought for the sake of God and to defend the poor and the oppressed." The letter may
have been faked by Afghan security services. But the acknowledgement that the Taliban have
evolved rapidly and effectively, from whichever perspective you look at them, remains accurate.
Table of Contents

How to Contain Radical Islam
By Commander Philip Kapusta and Captain Donovan Campbell, Boston Globe, July 27, 2008
THE EVENTS OF Sept. 11, 2001, brutally announced the presence of an enemy seemingly distinct
from any our country had faced before. Unlike previous adversaries, such as Nazi Germany,
Imperial Japan, or the Spanish monarchy, this new enemy was difficult to define, let alone
understand. It was not motivated by causes that an avowedly secular government could easily
comprehend, and it took an amorphous yet terrifying form with little historical precedent.
Our leaders responded to this new threat with dramatic changes. In the largest government
reorganization of the past 50 years, the Department of Homeland Security lumbered into existence.
A new director of national intelligence was named to oversee America's vast intelligence apparatus,
and the defense of the homeland was made the military's top priority. Most dramatically, the United
States announced - and then implemented - an aggressive new policy of preemptive war.
Yet, with the seventh anniversary of 9/11 approaching, it seems clear that policy makers have not
responded particularly well. Islamic extremists are gaining strength, while America finds itself

                                                     Page 16
increasingly isolated in the world. The coalition of the willing, never overly robust, is now on life
support. In the Middle East, the Islamist parties Hezbollah and Hamas have enough popular
support to prosper in free and fair elections, and Al Qaeda is adding franchise chapters in North
Africa, the Levant, the Arabian Peninsula, and elsewhere. Our most prominent post- 9/11 action
remains the Iraq war, which has arguably failed to improve America's national security even as it
has strengthened the position of our sworn enemies in the government of Iran.
Underlying these global setbacks is a core problem: The United States has yet to formulate a
holistic strategy to guide the prosecution of our new war. We have not articulated a clear set of
mutually reinforcing goals, and we have not undertaken a consistent set of actions designed to
achieve our aims even as they demonstrate our national values. Indeed, we have not even
managed to properly identify our enemies; despite the rhetoric of the past seven years, America is
not at war with terror, because terror is not a foe but a tactic.
Blundering forward, we have squandered the swell of global good will after 9/11, punished our
friends, and rewarded our enemies with shortsighted, even self-destructive, tactics.
Yet what we face today is not wholly novel: It is a war of ideas, mirroring the Cold War. Like the
Communists, violent Islamic extremists are trying to spread a worldview that denigrates personal
liberty and demands submission to a narrow ideology. And, as with the Cold War, it must be our
goal to stop them. The United States should therefore adopt a new version of the policy that served
us so well during that last long war: containment.
A policy of "neocontainment" would avoid self-defeating military confrontations in favor of an
aggressive campaign to isolate our enemies. The modern equivalent of the Soviet Bloc, that
geographic haven for a hostile ideology, is the arc of instability that extends from Central Asia west
through Iran and the Arabian Peninsula and south across North Africa. We should build a virtual
wall of stable, moderate nations on the periphery of that arc, literally containing the spread of the
hostile belief system. More broadly, we must enter into - and prevail in - the war of ideas, winning
the hearts and minds of both domestic and foreign audiences. We must pursue this goal not only in
the mental arena - in what has been variously describe as political warfare, propaganda, or
psychological operations - but also in the practical one, by consistently demonstrating our belief
system in action. Our deeds are more important than anything we say, and in the aggressive
prosecution of our war on terror, we have strayed from our core value of individual freedom.
Of course, neocontainment will have to address the important differences between the conflicts of
today and yesterday. Today's threat emanates not from a hypergoverned nation-state but from a
loosely networked group of radicals based primarily in undergoverned areas of the world - which
makes carefully defining and targeting our true foes all the more important. Just as we strove to
separate the Soviet elites from the people they repressively ruled, now we must separate the
Islamic radicals from the vast majority of Muslims. We cannot, and should not, target an entire
There is also a crucial difference in the danger's scale. For four decades, the USSR and its massive
nuclear arsenal posed a clear existential threat to the United States. In contrast, today's extremists
cannot eliminate our nation. We need to ratchet down the doomsday rhetoric and the military-
driven response. Our primary ideological export should not be fear; it should be hope. We are at
war with people and their belief systems, and ideas cannot be killed by bullets. They can only be
killed by better ideas.
Without a coherent strategy, America's "war on terror" has been tragically inconsistent. We say that
our mandate is to spread freedom and democracy, yet we try to do so at the point of a gun. We say
that our battle must be fought by a coalition of like-minded allies, but we eschew diplomacy and
browbeat our friends when they disagree with us. We say that we stand for the highest human
ideals, but the world harbors deep suspicions of our indefinite detentions at Guantanamo.
Our contradictory words and actions have alienated virtually the entire Arab world. NATO remains
fractured and largely ineffectual against the resurgent Taliban, and the Washington clock has run
out on the Iraq war. We have elevated Al Qaeda's importance to nearly our own, and we are

                                                Page 17
moving into a deadly no-man's-land where America is neither respected nor feared. It is almost
inconceivable, and yet it has come to this: We are losing the global influence war to people who
blow up women and children at kebab stands.
But if we can retool and take the long view, as the architects of Cold War containment did, we will
watch Islamic extremism collapse under the weight of its own contradictions - witness the recent
grass-roots uprising against Al Qaeda in Iraq. Like Marxism, militant Islam is long on promising the
violent overthrow of the materialistic West and short on fashioning actual utopias.
The original doctrine of containment had its roots in a time of uncertainty much like our own. By
the end of World War II, the United States was the dominant global power, and for a brief period
there was hope that the world might fashion a lasting peace under the fledgling United Nations.
By 1949, however, it was clear that the world was bifurcating, and that this constituted a serious
challenge to our security. The Soviet Union became the second nuclear-armed superpower, China
fell to Communism, and the proliferation of ballistic missiles threatened the American homeland.
Coming on the heels of the decisive triumph of the war, the new Communist threat generated the
same feelings of vulnerability and confusion that the 9/11 attacks would foster decades later.
To respond to this changing world, senior national security officials writing for President Harry
Truman articulated a new kind of policy. Drawing heavily from articles written by the American
diplomat George Kennan, the landmark National Security Council Report 68 (NSC-68) outlined a
strategy of containment that served as the core of American foreign policy for every president from
Truman to Reagan.
Presciently, NSC-68 identified the essential clash between the United States and the Soviet Union
as one between diametrically opposed ideologies. On the Soviet side was a dogmatic belief system
that demanded absolute submission of individual freedom and sought to impose its authority over
the rest of the world. On the American side was an ideology premised on the overriding value of
freedom, a system founded upon the dignity and worth of the individual. This ideology relied upon
its inherent appeal, and did not aim to bring other societies into conformity through force of arms.
The policy of containment represented a tectonic shift from the military-centric, unconditional-
surrender mentality of World War II. War was now the option of last resort. Coercion through
violence represented a contradiction for any free people, and, used improperly, it could undermine
the global appeal of the American belief system. Thus, containment did not define success as the
military defeat and unconditional surrender of the Soviet regime. It had more modest ambitions:
geographic isolation of the communist belief system and slow change over time. By fighting a
global struggle for influence, the thinking went, America could avoid a costly full-scale war against
the Soviets.
Of course, force was employed on a number of occasions in proxy wars across the globe, such as
Vietnam and Korea. They had serious costs, but compared with a potential all-out war against the
USSR, these conflicts remained limited efforts to contain the geographic footprint of the Soviet
ideology. And though the American defense budget increased over time, it never became the same
drain on our economy that military spending was for the Soviets.
The path dictated by NSC-68 was not a straight line to the collapse of the USSR, but the strategy
proved remarkably effective. Communism expanded outside of its containment zone in a few
instances, but, for the most part, the United States and its allies successfully implemented the
indirect approach recommended by NSC-68. When the once mighty Soviet empire imploded in
1991, it was almost precisely as NSC-68 had predicted.
Strikingly, if one replaces "communism" with "Islamic extremism" and "the Kremlin" with "Al-
Qaeda," NSC-68 could have been written in 2002, not 1950. Like communism, Islamic extremism
lusts for political power, in this case through the restoration of the caliphate and the imposition of
Sharia law on all peoples. Indeed, language from NSC-68 rings eerily true today - it described the
Soviets as "animated by a new fanatic faith, antithetical to our own." Al Qaeda and its ilk are the
latest in a long line of narrow ideologies that claim to provide the only true answer to life's
existential questions. And as with Soviet communism, the idea has a geographic nucleus.

                                                Page 18
Our task now is to envelop this nucleus with prosperous, stable countries whose inhabitants are
free to choose their own beliefs. Working from the outside in, the United States must partner with
nations on the periphery to help them build a stronger middle class, enhance their education
systems, improve basic health, and lower government corruption. We must help elected and
unelected governments to allow greater empowerment of their citizens, whether through a slow
march toward representative government or expanded economic opportunity for all classes.
Lebanon in the Middle East and Pakistan in Central Asia are some of the best countries in which to
begin and expand this work. In Lebanon's complex political landscape, Iran and Syria support the
Islamist Hezbollah party-cum-militia, while the United States backs the secular Lebanese
government. Another Islamist movement, Fatah al Islam, enjoys a nebulous connection to Al
Qaeda. We should be using our country's massive financial resources to allow the Lebanese
government to outspend its competitors by a factor of 10, showering much-needed aid on the
Lebanese people, and thus de-legitimizing their opponents and debunking their ideology. Instead,
the government cannot meet its basic responsibilities, and extremist movements are increasingly
seen as the only institutions capable of bettering lives.
In Pakistan, the extremist cancer in the northwestern provinces continues to grow despite $5.5
billion in direct US military aid. Pakistan's dangerously unstable new civilian government lacks the
capability and will to challenge Al Qaeda and the Taliban in the region. Instead of focusing
exclusively on military operations along the Afghanistan/Pakistan border, America must broaden its
scope to encompass other priorities: tension with India over Kashmir and education reform. Only
after a comprehensive Indo/Pakistani border settlement will Pakistan shift its military energy from
south to north. In the interim, it will placate us with occasional forays into the frontier provinces,
but such adventures will never be decisive. We must also help Pakistan provide a counterweight to
the hundreds of Wahabi madrassas spreading virulent extremism. As long as these fundamentalist
institutions remain the only option for much of the country's poor, Islamic extremists in the tribal
areas will enjoy a virtually inexhaustible manpower pool. In the long run, 5,000 secular teachers
for Pakistan's middle schools will do more for America's national security than will 50,000 AK-47s
for the country's army.
A clear new containment strategy will help us recognize the importance of engaging with such
nations at pivotal points before they slide into repressive autocracy (Pakistan in 2001) or all-out
chaos (Afghanistan in 1989).
It is popular to blame these failings on the attention and resource deficits created by the Iraq war.
But they are just as much the result of the black-and-white mentality that governs our approach to
foreign affairs - liberal democracy or nothing. In working with periphery states, we must be willing
to accept outcomes that are less than perfect. Indeed, we must be willing to accept ruling regimes
that may not like us at all. We are not trying to create mini-Americas scattered across the globe;
we are looking to foster stable, free countries whose people will have little interest in the repressive
ideology of our enemies.
On occasion, extremist governments hostile to the existence of the United States (Hamas in the
Gaza Strip) will enjoy broad popular support, but preemptive wars must become a thing of the
past. We cannot say that we value freedom and then seek political change through force when the
choice of the people produces regimes not to our liking. However, the military can, and must, be
used to target individuals bent on terror aimed at American interests. Furthermore, if a nation
enables attacks on our homeland, as Afghanistan did under the Taliban, then we must use all
necessary means to defend ourselves. On rare occasions, this will require full-out war and post-
invasion reconstruction.
Retrospectively, the neocontainment framework would have supported operations in Afghanistan. It
is a country near the edge of the arc, and its then-rulers harbored extremists who had
demonstrated the motive and means to substantially damage our nation. Compared with our
original plan, though, neocontainment would have stressed the importance of dominating the

                                                Page 19
postcombat phase by committing all implements of national power to the years of sustained effort
required to rebuild Afghanistan.
In contrast, neocontainment would have argued against the invasion of Iraq. Allocating the same
amount of effort and resources to bolstering nations ringing the region would have produced far
more beneficial results than invading a country at its heart. By doing so, our actions strengthened
the extremist narrative that there is a Western crusade against Islam, and Iran's Shia theocracy
has been the biggest beneficiary of the power vacuum left by Saddam's demise.
Going forward, adopting a strategy of neocontainment will entail checking Iran's expansion efforts
through proxies rather than direct strikes against the country itself. Just as we limited Soviet
expansion without using overt force against the Warsaw Pact, so too can we contain the Iranian
regime without flying B-2s over Tehran.
Furthermore, we must institutionalize the lessons learned so painfully over seven years of war. The
military must dramatically improve its nation-building doctrine, capacity, and will, acknowledging
that postwar stability is much more important in the long run than is dominating the active combat
phase. We remain unchallenged in our ability to win conventional military conflicts, but we must
develop the language skills, cultural awareness, and civil-affairs specialists necessary to prevail in
unconventional campaigns and in fighting's messy aftermath.
Our next president will inherit a nation weary of war, a world skeptical of American motives and
actions, and undecided conflicts in Iraq and Afghanistan. However, the energy and excitement of a
government transition offer both the outgoing and incoming administrations the opportunity to take
bold steps.
On the battlefield, it is at least as important to articulate what you are for as it is to define what
you are against. In a war of ideas, this is even more critical. To do this across the world, nation by
nation, will take time, and that does not come naturally to our fast paced, results-oriented society.
But we need to muster the requisite patience. Untold numbers of lives hinge on it.
Table of Contents

Iraq: The Army Knew Better
By Christopher McKnight Nichols and R. Joseph Parrott, History News Network, 28 July 28, 2008
Violence in Iraq has fallen to its lowest level since 2004. That's the good news. The bad news, and
the subject of great debate, is how the situation got so bleak. So, why do the American military
presence and rebuilding operation still seem to teeter on the brink of failure? Poor planning and
flawed execution under difficult circumstances certainly bear some blame. However, the most
egregious sin of America‘s Army war planners may have been to ignore their own lessons of past
The just-released U.S. Army history On Point II: Transition to the New Campaign reveals how
senior Army leaders lost precious time in creating a postwar strategy. They also took too long to
adjust to new conditions in Iraq from 2003 to 2005. While critics have overplayed parallels with
Vietnam, other historical examples, particularly from the turn of the century and World War II,
amply demonstrate that mistakes made by U.S. political and military leaders in Iraq could have
been prevented.
For more than a century, the U.S. Army has embraced history through an ―applied lessons-learned‖
philosophy. This perspective has led to striking achievements based on the imperative to learn from
success as well as failure. Until recently, the process has been hidden from the public, known only
to various Army and Congressional staff members and scholars willing to wade through vast
unclassified reports.
The On Point II report, prepared by the Army‘s Combat Studies Institute, provides fresh insights
based on more than 200 interviews with members of the Army. The report is remarkably self-
critical and details how political turf battles in the Bush administration and at the highest levels of

                                                       Page 20
the Army and Department of Defense trumped sound military decision-making. Voices calling for
planning and training based on historical experience were drowned out.
An effective and intelligent military relies on tactical experience, avoiding past mistakes and
building on successes. Take an old example. In 1900, Gen. Arthur MacArthur, then the military
governor of the Philippine Islands, changed strategies on the fly by adapting past experience to
new circumstances. He reauthorized the 1863 General Order No. 100. The order allowed guerilla
soldiers to be treated as spies (including suspending their civil rights, trying them by provost court,
deporting them, destroying property held by insurgents, and summary execution). His order also
imposed a strict set of standards of conduct on occupying forces to try to win the hearts and minds
of the Filipino people. Most scholars agree that these stringent measures, though exacting a brutal
toll, helped wear down the insurgency.
In the Philippines, the Army‘s harsh tactics mirrored atrocities committed by insurgents and
provided incendiary fodder for domestic critics. But MacArthur recognized that a severe strategy
could work when combined with a policy of ―attraction.‖ His little-known civic reconstruction efforts
amounted to what one contemporary officer called the Army‘s local governance plan for the
―establishment of educational, sanitary, fiscal and welfare systems.‖
As in the past, the first challenge the Army confronted in Iraq was political coordination of military
operations. In 2003 the Bush administration tasked the Department of Defense with taking care of
the postwar policies for what it termed ―Phase IV operations.‖ However, most planning divisions
within the Army were devoted to the first three ―active‖ military phases of traditional combat
operations. According to the report, the few officers who did tackle Phase IV rarely communicated
with each other. Nor did they consult State Department experts on Iraqi society, some of whom had
discussed the likelihood of an insurgency. In fact, only one Army planning group attempted to bring
in outside experts when creating its plans. Meanwhile, an abrupt change in command on the
ground shortly after the end of active combat operations further complicated the situation. Initiated
by Gen. Tommy Franks, leadership shifted from an experienced Army headquarters in Baghdad,
with a staff focused on Iraq since the 1990s, to a ―caretaker staff‖ led by the strategically minded
Army Fifth Corps whose new commander had just arrived in country.
As On Point II unequivocally shows, almost limitless optimism about Iraq‘s future was prevalent
throughout the Bush administration. That optimism infected Donald Rumsfeld‘s Pentagon as well as
Army planners, leading to a neglect of detailed postwar preparations. The widespread assumption
that civilian agencies would rapidly take up the lion‘s share of reconstruction and occupation led to
the failure of Army planners to explore possible outcomes once initial military objectives were
An interview in On Point II underscores this failure. Col. Thomas G. Torrrance, the commander of
the Army‘s Third Infantry Division‘s artillery, sadly commented that before the war in Iraq began, ―I
can remember asking the question during our war gaming and the development of our plan, ‗O.K.,
we are in Baghdad, what next?‘ No real good answers came forth.‖
Why did good answers fail to come forth? After all, the plans of the military in previous conflicts
have been well researched. During World War II military officers and the politically powerful
secretaries of the Department of War, including Henry Stimson and the future U.S. High
Commissioner of Germany John McCloy, looked to experts and precedent for guidance. Unlike in
Iraq, these officials studied the successes and failures of past occupations (including the Philippines
and WWI) and recognized the importance of this immediate post-war period. Overcoming a number
of other cabinet-level departments for effective control, military leaders tried to centralize planning
and occupation authority into one office. Eventually housed in the Army General Staff, this
innovative Civil Affairs Division drew up wide-ranging policies for the occupation and deployed
specially trained soldiers with language skills, cultural awareness, and other talents. Members of
this division followed directly behind advancing forces and occupied the foremost policy offices
under military commanders in every major city and region in Axis territories.

                                                Page 21
Early in the war the military established schools to train soldiers for the postwar period, laying a
firm groundwork in what to rebuild, where, and how. Field manuals, politico-military orders, and
strategic examples from Cuba, the Philippines, World War I, and even the Civil War were reprinted
and studied. This included the ways in which different populations had responded to specific
military actions. Officers within the Civil Affairs Division — and many enlisted men as well — took
extensive training courses in the United States and in theater. Experts taught them the nuances of
local infrastructures, the history of Axis lands, various cultural norms, and even offered multiple
levels of language training. These military men, while by no means culturally fluent, were
encouraged to develop sensitivity to the values of local populations and to reach out to them.
In WWII, careful study and the use of experts were essential. For example, renowned
anthropologist Ruth Benedict helped lead a comprehensive study of Japanese society, which
influenced Gen. Douglas MacArthur‘s decision to protect the emperor as a pacification and
reconstruction strategy. (The study was later published as The Chrysanthemum and the Sword.)
Still, American rebuilding efforts in Europe and Japan, including the Marshall Plan, were far from
perfect. There were notable missteps in attempts to reform German education on an American
model, for example. Temporary lines of occupation gradually hardened over time with the coming
of the Cold War. Nevertheless, most of the detailed occupation directives were developed early in
the conflict. Military officers were then able to work from and adjust these plans to fit conditions on
the ground. In contrast to the first stages of Army ―full spectrum‖ operations in Iraq, during WWII
continuity and cultural fluency were emphasized. Military Civil Affairs staff remained in leadership
positions in occupied areas as the Allied Armies shifted from war to peace, creating a continuous
presence and mission even as political leaders debated the future of the Axis nations.
How is it possible that U.S. military planners for Iraq didn‘t learn from the past? By documenting
the miscalculations, political blunders, and poor planning that made a complicated situation in Iraq
incalculably worse, the Army historians writing in On Point II rightly validate the lessons of the
past. Will tomorrow‘s Army learn them?
Table of Contents

Taliban Propaganda: Winning the War of Words?
From International Crisis Group, Asia Report N°158, 24 July 2008
The Taliban has created a sophisticated communications apparatus that projects an increasingly
confident movement. Using the full range of media, it is successfully tapping into strains of Afghan
nationalism and exploiting policy failures by the Kabul government and its international backers.
The result is weakening public support for nation-building, even though few actively support the
Taliban. The Karzai government and its allies must make greater efforts, through word and deed, to
address sources of alienation exploited in Taliban propaganda, particularly by ending arbitrary
detentions and curtailing civilian casualties from aerial bombing.
Analysing the Taliban‘s public statements has limits, since the insurgent group seeks to underscore
successes – or imagined successes – and present itself as having the purest of aims, while
disguising weaknesses and underplaying its brutality. However, the method still offers a window
into what the movement considers effective in terms of recruitment and bolstering its legitimacy
among both supporters and potential sympathisers.
The movement reveals itself in its communications as:
   the product of the anti-Soviet jihad and the civil war that followed but not representative of
    indigenous strands of religious thought or traditional pre-conflict power structures;
   a largely ethno-nationalist phenomenon, without popular grassroots appeal beyond its core of
    support in sections of the Pashtun community;
   still reliant on sanctuaries in Pakistan, even though local support has grown;

                                                        Page 22
  linked with transnational extremist groups for mostly tactical rather than strategic reasons but
   divided over these links internally;
  seeking to exploit local tribal disputes for recruitment and mainly appealing to the disgruntled
   and disenfranchised in specific locations, but lacking a wider tribal agenda; and
  a difficult negotiating partner because it lacks a coherent agenda, includes allies with divergent
   agendas and has a leadership that refuses to talk before the withdrawal of foreign forces and
   without the imposition of Sharia (Islamic law).
Out of power and lacking control over territory, the Taliban has proved adept at projecting itself as
stronger than it is in terms of numbers and resources. Despite the increasing sophistication of
some of its propaganda, however, it still puts out contradictory messages that indicate internal rifts
and the diffuse nature of the insurgency. These reveal a cross-border leadership and support
apparatus striving to present a unified front and assert control even as various groups maintain
their own communications networks. Maintaining relations with transnational jihadist networks,
which have a more global agenda, is a potential problem for the Taliban, which has always been a
largely nationalistic movement.
A website in the name of the former regime – the Islamic Emirate of Afghanistan – is used as an
international distribution centre for leadership statements and inflated tales of battlefield exploits.
While fairly rudimentary, this is not a small effort; updates appear several times a day in five
languages. Magazines put out by the movement or its supporters provide a further source of
information on leadership structures and issues considered to be of importance. But for the largely
rural and illiterate population, great efforts are also put into conveying preaching and battle reports
via DVDs, audio cassettes, shabnamah (night letters – pamphlets or leaflets usually containing
threats) and traditional nationalist songs and poems. The Taliban also increasingly uses mobile
phones to spread its message.
The vast majority of the material is in Pashtu, and a shortage of language skills in the international
community means much of this either passes unnoticed or is misunderstood. English-language
statements are relatively crude, but the Taliban is able to put out its story rapidly. More effort is
devoted to Arabic language output, aimed at soliciting the support of transnational networks and
funders. The overriding strategic narrative is a quest for legitimacy and the projection of strength.
Use of tactics such as suicide bombings – previously unknown in Afghanistan – and roadside
bombs, as well as such audacious actions in 2008 as a prison break in Kandahar city, an attack on
a military parade attended by President Hamid Karzai and an assault on a five-star hotel
demonstrate that grabbing attention lies at the core of operations.
Within Afghanistan the Taliban is adept at exploiting local disenfranchisement and disillusionment.
The Kabul administration needs to ensure it is seen as one worth fighting for, not least by ending
the culture of impunity and demanding accountability of its members. The international community
must provide the necessary support and pressure for improved performance, while also examining
its own actions. Whatever the military benefits of arbitrary detentions, they are far outweighed by
the alienation they cause. The effectiveness of aerial bombardment, even if strictly exercised within
the bounds of international law, must be considered against the damage to popular support.
Greater efforts are needed in Western capitals to explain to their own populations the necessity of
staying for the long haul rather than yielding to the pressure of quick fixes that give only the
appearance of action.
The Taliban is not going to be defeated militarily and is impervious to outside criticism. Rather, the
legitimacy of its ideas and actions must be challenged more forcefully by the Afghan government
and citizens. Its killings of civilians and targeting of community leaders need to be highlighted,
including a public accounting for actions by the militants through open trials – something that has
not yet happened. Strengthening the legitimacy of the Afghan government and ensuring that its
actions – and those of its international backers – are similarly bound by the rule of law should be
an important complement. Ultimately, winning popular support is not about telling local
communities that they are better off today. It is about proving it.

                                                Page 23
To the Government of Afghanistan:
1. Do not block the flow of information, but seek
instead to disclose more, in an open and timely manner, and build morale by:
  (a) responding more quickly on incidents such as civilian casualties and other alleged abuses by
the government or its international supporters that are likely to feed into insurgent propaganda;
  (b) speaking out strongly and consistently about Taliban killings and attacks, while holding the
international community and Afghan national security agencies proportionately accountable for
their actions;
  (c) refraining from threatening the media for reporting and ensuring that legal definitions of
incitement in the media are appropriate and clear; and
  (d) holding open trials of captured insurgents and allowing their victims public redress.
2. Build the morale of the security forces by having senior officials regularly visit Afghan army and
police units around the country, and put a human face on the violence by assisting the wounded
and bereaved families.
3. End the culture of impunity by ensuring the rule of law, including by holding government and
security officials accountable for crimes and abuses.
To the Governments of Countries Contributing International Troops:
4. Improve communications with Afghans on the directions and activities of the international
engagement, while ensuring an Afghan lead in appropriate
areas, through:
  (a) reaching out to local correspondents for international and national media, not just foreign
  (b) building language skills among foreign staff and properly training sufficient numbers of
professional translators;
  (c) streamlining systems and devolving more responsibility to ground-based personnel so they
can respond rapidly to incidents involving international forces; and
  (d) directing enquiries on incidents that do not involve foreign troops to the appropriate Afghan
5. Emphasise that the foreign presence is in support of the Afghan people and subject to the rule
of law by ensuring that international troops are held accountable, in particular by conducting
thorough investigations and improving data collection and information sharing on incidents of
alleged civilian casualties.
6. Communicate clearly to the Afghan public that while the troops will stay as long as necessary,
there are no longer-term strategic objectives, such as permanent bases in the country.
7. Ensure when using aerial force not only that an operation is strictly within the parameters of
international law, but also that its potential immediate military gain has been weighed against
longer-term community perceptions.
8. Press the Pakistan military to end its appeasement of pro-Taliban militants and Afghan
insurgents operating from Pakistani territory, and encourage a dialogue between Kabul and the
democratically elected government in Islamabad.
To Donors:
9. Emphasise the building and reform of judicial and detention systems in which detainees can be
handled safely and legitimately and held to account within a rule-of-law system.
[Note: Click here to view the full report as a PDF file in A4 format. This document is also available in MS-Word
Table of Contents

                                                    Page 24
Troops Turning Tables On Taleban in Afghanistan's Propaganda War
By Jerome Starkey , the New Scotsman, 29 July 2008
BRITISH troops in southern Afghanistan are aping the Taleban's propaganda techniques as part of
an increasingly desperate battle to win support of the local people.
Psychological warfare soldiers are using a series of subtle – and not so subtle – leaflet campaigns
to turn the insurgents' messages against them.
The hardline militants routinely curse British troops in Helmand as infidels and foreigners who do
not respect women and ignore local customs.
British soldiers insist that's not true, but they understand it resonates with ordinary people and
they have responded with a series of leaflet campaigns designed to remind local people that most
of the Taleban commanders are from outside Helmand as well.
"We place an idea in their mind and tell them what they can do about it," said Lieutenant-
Commander Shamus MacLean, at the dedicated "psy-ops" cell in the British headquarters at
Lashkar Gah.
"The Taleban understand the target audience far better than I ever can," he added. "If they do
something that works particularly well, I am going to copy it."
Psy-ops is often known as one of war's dark arts.
Details of the campaign emerged after a major international think tank claimed the insurgents were
winning Afghanistan's propaganda war. The International Crisis Group said people have an inflated
view of the Taleban's strength and it urged the international community to highlight the insurgents'
British commanders are convinced they will never defeat the Taleban without first winning the
support of the local people, most of whom are illiterate farmers. The insurgents, meanwhile,
depend on the locals for the food, shelter, and disguise, which lets them blend in while they attack
British forces.
"It's all about consent of the people," Lt-Cmdr MacLean said. "We need to have more of it than
they do. Do we at the moment? In some places yes, in some places no."
The Taleban's top-level commanders fled to Pakistan after the regime collapsed in 2001. Many of
their mid-level commanders were educated in Pakistani madrassas, or religious schools, and their
ranks have been swelled with Arab and Chechen fighters bent on waging holy war against western
forces. Intelligence officials have even found evidence of renegade British terrorists fighting for the
"We're trying to plant the idea in their heads that the Taleban are under foreign leadership," Lt-
Cmdr MacLean, from the Isle of Seil, said.
The psy-ops cell has produced a series of leaflets linking atrocities with foreign fighters. One leaflet
shows a screaming baby that has lost both legs and a hand, with the message: "This is the foreign
Taleban's gift for you. They don't care about your life."
Lt-Cmdr MacLean said some people had already turned on the insurgents. He said: "There's
anecdotal evidence to suggest that locals haven't been happy with the way these people act around
the local women, for example. We heard reports they caught people laying mines, beat them up
and kicked them out. The best result is the rejection of the insurgents by the communities
Britain's psychological assault is seen as increasingly important because the fighting troops are
suffering the worst attrition rate since 2001.
Major Ben Howell, one of 16 Air Assault Brigade's "influence" officers, said: "It's not divide and
conquer as much as divide and defeat. If you can disrupt an organisation by using words, or using
ideas, you don't have to disrupt it by killing people. We don't kill our soldiers and we don't kill the
young men of Afghanistan who are its future."

                                                     Page 25
Table of Contents

SCADA Security Incidents Will Become More Prevalent, According to
From, 30 July 2008
SOMERSET, N.J., July 30, 2008 /PRNewswire via COMTEX/ -- Lumeta, the leading provider of
Network Assurance solutions for enterprises and government agencies, today warned that, as
industries connect their previously isolated Supervisory Control and Data Acquisition (SCADA)
systems to their larger TCP/IP networks to gain better accessibility and to lower costs, they will
also potentially subject these critical industrial controls to higher security risks. As connectivity
becomes ever more ubiquitous throughout organizations, it is certain that more SCADA security
incidents will occur and, given how much of the world's infrastructure they control, they could
potentially have serious repercussions.
"SCADA systems need to be absolutely secure, given that they control some of our most vulnerable
infrastructure, including gas pipelines, chemical plants and nuclear facilities," said Michael
Markulec, chief operating officer at Lumeta. "Network management needs to know whether and
how their SCADA systems connect to the larger corporate network so that these connections can
be locked down. Because, as we've seen with recent incidents, it does not take a cyber attack to
take out a power plant -- simple computer error will do the trick as well, if connections do not
comply with policy."
For example, in March, the Hatch Nuclear Power Plant in Georgia went through an emergency
shutdown as a result of a software update that was made on the plant's business network. The
business network was in two-way communication with the plant's SCADA network and the update
synchronized information on both systems. Reset after a reboot, the SCADA safety systems
detected a lack of data and signaled that the water level in the cooling systems for the nuclear fuel
rods had dropped, which caused an automatic shutdown. Engineers were aware of the two-way
communication link, but they did not know that the update would synchronize data between the
two networks.
There was no danger to the public, but any time an electric generation plant shuts down, the power
company loses millions of dollars in revenue and has to incur the substantial expense of getting the
plant back online - no small task for a nuclear facility. And the Hatch incident was only the latest in
a string of accidents and unnecessary shutdowns whose cause was due to some problem on the
network. The Browns Ferry nuclear plant in Alabama, for example, shut down in 2006 when a
network traffic overload locked up pump controls.
In the case of Hatch Nuclear Power Plant, engineers chose to sever all physical connections
between the SCADA and business networks.
"However, these engineers would be mistaken in thinking that the SCADA network is now safe
without a regular assessment of connectivity to ensure that no connections between the SCADA
network and the corporate network appear," commented Markulec. "TCP/IP networks are designed
to make connectivity easy, and the ubiquity of today's corporate networks open up the possibility of
someone inadvertently connecting SCADA to the larger network, with potentially disastrous
According to Markulec, the industry need not give up on the cost and management advantages of
connecting their SCADA networks to the larger network. As long as they possess strong safety
systems and conduct frequent and regularly scheduled network scans to understand the full scope
of connectivity and to guarantee that all connections conform to security policy, critical
infrastructure should not fall prey to unforeseen security risks such as network leaks.
Table of Contents

                                                Page 26
Cyber Security for the 44th Presidency Group to Come Out of the
  Shadows at Black Hat
By Kelly Jackson Higgins, Dark Reading, 30 July 2008
JULY 30, 2008 | An unprecedented cyber security commission made up of a who‘s who of experts
and policymakers (as well as a few top-secret members) will give attendees of Black Hat USA next
week a peek at its progress thus far. The so-called Commission on Cyber Security for the 44th
Presidency is working on policy, research, and technology recommendations for the next
administration to combat cybercrime and cyber warfare.
Tom Kellermann, one of the commissioners who will sit on a special panel at Black Hat in Las Vegas
next week, says the bottom line is that the U.S. is in a Cold War -- cold cyber war, that is -- with at
least two nations, and that over 100 different countries have dedicated cyber attack groups. ―The
reality is that our command and control and SCADA systems can now be directly impacted,‖ says
Kellermann, who is also vice president of security awareness at Core Security Technologies.
But this isn‘t just a national security threat issue, he says. ―This is an international and economic
issue. There is an institutionalization of the threat in developing countries, much like there was
with the drug cartels in the 1970s and 1980s.‖
―We are losing this war,‖ he says.
The nonpartisan commission, which was established by the Center for Strategic and International
Studies (CSIS), will present a report to Congress within the next two months, providing specific
recommendations for a comprehensive cyber security strategy in federal systems and in private
critical infrastructures. Among the commissioners are Mary Ann Davidson of Oracle, John Stewart
of Cisco, and former DHS assistant secretary for cybersecurity Amit Yoran.
The 44th Presidency Commission‘s goal is to provide a holistic perspective on the policy and
technology issues surrounding the protection of critical infrastructures, Kellermann says. ―We want
to focus on the long-term protection and the fight we are waging in cyberspace... from a national
security lens, and from an economic security lens."
Kellermann says the commission‘s final report with a handful of recommendations -- due to be
completed within six to eight weeks -- will go to both presidential candidates, as well as to the
House and Senate. He couldn‘t disclose where some of the recommendations under consideration
stand as of now, but he did say the commission is considering a doctrine of sorts that would define
the basic rules of engagement for cyber war. ―It would delineate when and how the president
should consider reacting‖ in a cyber war situation, he says. ―There‘s been some discussion of what
this presidential playbook would look like.‖
The problem with battling in cyber war, he says, is how you determine if an attack was from an
individual or if it was state-sponsored. And fighting back would entail incurring some internal
damage: ―Even if we were to hit back, say with a distributed denial of service attack, for example,
it would blow back on us because the enemy is so deeply in our systems‖ already. But that‘s
something for the Pentagon, NSA, and DOD to ultimately determine, he says.
So how do this commission‘s recommendations avoid the pitfalls of previous commissions and
panels that get lost in the political crossfire? Kellermann says the key is for the U.S. to establish a
national policy on cyber security. ―We need to have in the public eye that this is the greatest threat
we face -- and it‘s invisible. It‘s not just your computer going down, but your FICA account stolen,
or your financial future being ripped out underneath you.‖
Table of Contents

Top UK Court Allows Extradition of Hacker to US
By Raphael G. Satter, Associated Press, July 30 2008
LONDON - Some call it the biggest hack of military computers; perhaps it was just a big

                                                       Page 27
Gary McKinnon — accused of breaking into military and NASA computers in what he claims was a
search for UFOs, allegedly causing nearly $1 million in damage — has lost his appeal for extradition
to the United States.
McKinnon, 42, an unemployed computer administrator, allegedly broke into 97 computers
belonging to the U.S. Army, Navy, Air Force, and Department of Defense from a bedroom in a north
London home.
His attacks between 2001 and 2002 allegedly shut down the Army district responsible for
protecting Washington, and cleared logs from computers at the Naval Weapons Station Earle in
New Jersey that tracks the location and battle-readiness of Navy ships.
That last attack, coming immediately after the Sept. 11, knocked out the station's entire network
of 300 computers. NASA and privately owned computers also were damaged, prosecutors said,
putting the total cost of his online activities at $900,000.
At the time of his indictment, prosecutor Paul McNulty said McKinnon pulled off "the biggest hack of
military computers ever — at least ever detected."
In his defense, McKinnon, known online as SOLO, said he was trying to expose security
weaknesses and uncover evidence of UFOs.
"I was a man obsessed," McKinnon wrote on The Guardian newspaper's Web site last year,
describing a year spent trying to break into U.S. military systems: eight hours a day at a computer
in his girlfriend's aunt's house while unkempt, drinking beer and smoking marijuana.
In interviews, he claimed that his hacking uncovered photographic proof of alien spacecraft and the
names and ranks of "non-terrestrial officers."
Prosecutors accuse him of deliberately trying to intimidate the U.S. government by tearing through
their networks. They pointed to a note written by McKinnon — and left on an Army computer —
attacking U.S. foreign policy as "akin to government-sponsored terrorism."
"It was not a mistake that there was a huge security stand down on September 11 last year," he
wrote. "I am SOLO. I will continue to disrupt at the highest levels."
McKinnon was caught in 2002 after some of the software used in the attacks was traced back to his
girlfriend's e-mail account. The U.S. sought his extradition, a move his lawyer Claire Anderson
claimed Wednesday was motivated by the government's desire to "make an example" of a man
who humbled officials in Washington by hacking into their systems using off-the-shelf office
software and a dial-up modem.
Aspects of American cyber-security had been shown up as "really shameful," with some computers
not even password-protected, said Graham Cluley, a security consultant with Sophos PLC.
He said the United States appeared to be pursuing McKinnon in an effort to flexing its legal muscle
to the hacking community, which has watched the case with interest.
"The overriding message is: You shouldn't mess with American government and military
computers, particularly right after Sept. 11," Cluley said.
McKinnon's lawyers had hoped to hold any trial in Britain, saying he could be dragged before a
military tribunal or even end up at Guantanamo Bay.
In their appeals, they said McKinnon was warned by U.S. officials that he would not be allowed to
serve any part of his sentence in Britain unless he agreed to cooperate with his extradition. That,
they argued, amounted to an unlawful threat and abuse of process.
Not so, Britain's House of Lords said Wednesday. Lord Brown, writing for Britain's highest court,
said plea bargaining could only be called an abuse of process "in a wholly extreme case."
"This is far from being such a case," he said.
While the decision exhausts McKinnon's legal options in Britain, Anderson said she would appeal to
the European Court of Human Rights in Strasbourg, France. She said British authorities had agreed
to keep McKinnon in Britain for at least two weeks to allow his lawyers to prepare their application.

                                                 Page 28
"If that fails, then it's off to jail in America for 60 years," McKinnon told the British Broadcasting
Corp. "Rapists and murderers and real terrorists get less."
Should McKinnon be extradited, he would face trial in Virginia and New Jersey on eight charges of
computer fraud.
Each charge potentially carries a sentence of up to 10 years in prison and $250,000 in fines.
However, U.S. sentencing guidelines would likely recommend a much lighter sentence.
Table of Contents

War of Ideas
By Bill Gertz Washington Times July 31, 2008
James K. Glassman, the new undersecretary of state for public diplomacy, has launched a more
aggressive program to counter Islamist extremism through a war of ideas.
"The war of ideas is a very important aspect of the non-kinetic part of the war on terror," Mr.
Glassman said in an interview this week. "In fact, it may be the most important aspect of the war
on terror."
Mr. Glassman's office is the lead federal agency in organizing both policy and programs designed to
"push back against violent extremist ideology." Most of the focus is on al Qaeda and other radical
Islamist groups.
The war of ideas is supposed to be one of three equal components of the U.S.-led war on terrorism,
after military operations and law enforcement and intelligence counterterrorism.
However, it is by far the least developed aspect, according to U.S. officials.
Mr. Glassman said the specific mission of the new programs is to "create an environment that is
hostile to violent extremism."
One key aspect of the new campaign is to encourage credible voices from the Muslim world to
speak out against extremism. One such voice is that of Sayyed Imam al-Sharif. The former al
Qaeda theorist, also known as Dr. Fadl, has recanted his earlier views and now states that Islam
does not allow Muslims to kill civilians under the pretext of jihad.
A second U.S. government effort involves what Mr. Glassman calls educational and other programs
to "divert" Muslims, especially young people, away from extremism.
Mr. Glassman said he was reluctant to provide details of these efforts because it could cause
problems for host governments. However, one program initiated this month with U.S. backing -
Young Tribal Voices - involves the production of Pashtun radio dramas by students in the tribal
areas of Pakistan. The broadcasts include anti-extremist themes and are beamed into the tribal
regions, currently major al Qaeda and Taliban redoubts.
Another U.S.-backed program is a Farsi-language social-networking site called in
which Farsi speakers in Iran and outside the country can discuss issues of importance to Iranians.
A second "dot-gov" Farsi site directly promotes American messages and ideas.
"The model that we're using is trying to bring not just Muslim voices, but mainstream voices in
general together," Mr. Glassman said. "What we try to do is convene, facilitate and amplify
mainstream voices."
Among those involved in the programs are businesspeople, women's groups and activists
representing victims of terrorism, similar to the domestic group Mothers Against Drunk Driving.
Within government, Mr. Glassman set up a new interagency system that is more strongly supported
by officials from the Pentagon, the intelligence agencies and the Treasury Department. "Now we
are beginning to put the programs in place," he said.
Table of Contents

                                                 Page 29
Taliban Arms Self With Songs, Text Messages
By Associated Press, Houston Chronicle, July 25, 2008
The Taliban has created a sophisticated media network to undermine support for the Afghan
government, sending threats by text message and spreading the militia's views through songs
available as ring tones, according to a report released Thursday.
The International Crisis Group report comes as the Islamist militia that was ousted from power in
Afghanistan by the 2001 U.S.-led invasion is making a violent comeback, particularly in the
country's south and east.
Many of the messages come as songs, religious chants and poetry.
One poem — Death is a gift — includes the phrase, "I will not kiss the hand of Laura Bush."
The Taliban movement also has a Web site, Al Emarah, or "The Emirate," which has various domain
names due to attempts to block it.
Table of Contents

Al-Qaeda Recruiting Scores of New Jihadis
Officials say Web sites from Chechnya to Turkey are drawing many to Afghanistan.
By Kathy Gannon, Philadelphia Inquirer, July 18, 2008
PESHAWAR, Pakistan - Afghanistan has been drawing a fresh influx of jihadi fighters from Turkey,
Central Asia, Chechnya and the Middle East, one more sign that al-Qaeda is regrouping on what is
fast becoming the most active front of the war on terror groups.
More foreigners are infiltrating Afghanistan because of a recruitment drive by al-Qaeda as well as a
burgeoning insurgency that has made movement easier across the border from Pakistan, U.S.
officials, extremists and experts say. For the last two months, Afghanistan has overtaken Iraq in
deaths of U.S. and allied troops, and nine American soldiers were killed at a remote base in Kunar
province Sunday in the deadliest attack in several years.
Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, warned during a visit to Kabul this month
about an increase in foreign fighters crossing into Afghanistan from Pakistan, where a new
government is trying to negotiate with militants.
Two U.S. officials, who spoke on condition of anonymity because of the sensitivity of the
information, told the Associated Press that the United States was closely monitoring the flow of
foreign fighters into both Afghanistan and Pakistan.
Jihadist Web sites from Chechnya to Turkey to the Arab world featured recruitment ads as early as
2007 calling on the "Lions of Islam" to fight in Afghanistan, said Brian Glyn Williams, associate
professor of Islamic history at the University of Massachusetts. Williams has tracked the movement
of jihadis for the U.S. military's Combating Terrorism Center at West Point.
Local Afghans in the border regions are increasingly concerned about the return of the Araban or
Ikhwanis, as Arab fighters are known in the Pashtun language, Williams wrote in a CTC paper. He
said there were rumors of hardened Arab fighters from Iraq training Afghan Pashtuns in the
previously taboo tactic of suicide bombing.
Turkey also appears to have emerged as a source of recruits. Williams estimated as many as 100
Turks had made their way to Pakistan to join the fight in Afghanistan.
"The story of Turkish involvement in transnational jihadism is one of the best-kept stories of the
war on terror," said Williams, who noted that al-Qaeda videos posted on YouTube mentioned Turks
engaging in the insurgency. "The local Afghans whom I talked to claim that the Turks and other
foreigners are more prone to suicidal assaults than the local Taliban."
Dozens of Turkish Islamic extremists have trained in al-Qaeda camps in Afghanistan and taken part
in attacks there, said Emin Demirel, an antiterrorism expert in Turkey. He said images of attacks on
mosques or Muslim villages provided propaganda for recruiting young Turkish Muslims.

                                                        Page 30
"Nowadays, they are effectively using the Internet to communicate with fellow militants, and police
have difficulty in keeping tabs on several of the jihadist sites," said Demirel, author of several
books on Turkish Islamic militant groups. "Turkish courts sometimes locally block access to one
particular site, but it is still accessed outside Turkey. Those Web sites eulogize fallen fighters as
martyrs in order to recruit among radical Muslim youths."
A senior official in Turkey's Interior Ministry said it had no information to corroborate claims of an
increase in the number of Turks fighting in Afghanistan. The official asked not to be identified
because Turkish rules bar civil servants from making statements to the media.
Al-Qaeda's recruitment drive stems from a slow and steady resurgence that started in 2002,
according to Taliban sources.
"They are awake," said Qari Mohammed Yusuf, who Afghan authorities confirm is a senior Taliban.
"They have people going by different names to other countries. They are coming and going easily.
In the last year, they have been organizing more day by day."
Al-Qaeda has financed the Taliban in both Pakistan and Afghanistan, Yusuf told the Associated
Press. In the chaos created by the Taliban groups, al-Qaeda has been able to steadily recruit,
reestablish its public-relations wing, plot new attacks, and reestablish areas of operation on both
sides of the border.
Some new recruits cross into Afghanistan's northern Balkh province or through Iran into Herat
province in western Afghanistan, said Nangyal Khosti, a commander loyal to Jalaluddin Haqqani, a
wanted extremist. The recruits, Yusuf said, head to Afghanistan's Paktika province, where there are
roughly 150 Arab extremists.
In Pakistan, al-Qaeda recruits are sent to Waziristan and the lawless regions of the northwest along
Afghanistan's eastern border, Yusuf said.
Afghan and Western officials say a key route for al-Qaeda recruits is from Central Asia into
northeastern Kunar and Nuristan provinces, where former U.S. intelligence officials suspect Osama
bin Laden is hiding. Both provinces border Pakistan's Bajaur tribal area, where the Taliban hold
Table of Contents

Army Activates Network Warfare Unit
US Army News Release, Jul 02, 2008
A new chapter for the Army began this morning, July 2, when the Army Network Warfare Battalion
(Provisional) was activated during a ceremony at Fort George G. Meade, Md.
The battalion's cyber mission will provide support to the Army and the Department of Defense. This
support will include a variety of tasks, ranging from tactical support to Army Brigade Combat
Teams in Iraq through strategic support to the other services, joint commanders, and interagency
partners as required.
"We observe history this morning when this battalion activates. It is a first for INSCOM and a first
for the Army," said Maj. Gen. David Lacquement, commander, U.S. Army Intelligence and Security
Command. "This battalion formalizes and centralizes the Army's mission to provide rapid,
increasing support to forces worldwide and will lead the Army in providing a larger and more robust
network warfare capability."
The threats to America's computer networks are real and significant. As part of approved military
operations, the U.S. Army maintains capabilities to defend itself in cyberspace or any other domain,
against terrorist groups or any adversary who seeks to harm our national security.
In the space of 15 years, networked information systems have become essential to organized
human activity across much of the globe. These systems are integral to telecommunications,
banking and finance, transportation and energy distribution, human services, government, and all
levels of military operations. "Activation of this unit centralizes the U.S. Army's existing computer

                                                Page 31
network operations into a provisional battalion, which gains efficiencies. This unit will serve as core
for Army network warfare activities that will expand and gain capacity in the coming years,"
Lacquement said.
Members and guests of the 704th Military Intelligence Brigade watched two ceremonies this
morning. The INSCOM commander presided over the activation ceremony for the new battalion, as
well as the brigade's change of command ceremony.
Lt. Col. Jen Easterly accepted command of the ANWB from the 704th MI Brigade commander, Col.
George J. Franz. Easterly previously served as the director's fellow for the director of the National
Security Agency.
After the activation ceremony, Franz, the outgoing brigade commander and a driving force behind
the establishment of the new battalion, relinquished brigade command to Col. Robert Taylor. Taylor
previously served as the director, School of Advanced Military Studies, Combined Arms Center, Fort
Leavenworth, Kansas.
Table of Contents

                                                Page 32