wherewithal to conduct such repeated attacks would be more likely to make the initial strike and then use the recovery period not to stage and launch another strike against the Internet but to attack the physical infrastructure; this could leverage the inoperative Internet to cause additional damage and chaos.
Terrorists, like other parties, have limited resources. Thus, they are likely to concentrate their efforts where the impact is largest for the smallest expenditure of resources. For example, terrorists who want to create immediate public fear and terror are more likely to use a physical attack (perhaps in conjunction with an attack using IT to amplify the resulting damage) than an attack that targets IT exclusively. The reason is that the latter is not likely to be as cinematic as other attacks. What would television broadcast? There would be no dead or injured people, no buildings on fire, no panic in the streets, and no emergency-response crews to the rescue. The image of a system administrator typing furiously is simply much less terrifying than images of buildings collapsing.
The IT infrastructure (or some element of it) can be a weapon used in an attack on something else as well as the target of an attack. An attack using the IT infrastructure as a weapon has advantages and disadvantages from the point of view of a terrorist planner. It can be conducted at a distance in relative physical safety, in a relatively anonymous fashion, and in potentially undetectable ways. On the other hand, the impact of such an attack (by assumption, some other critical national asset) is indirect, harder to predict, and less certain.
State sponsorship of terrorism poses threats of a different and higher order of magnitude, for a variety of reasons that include access to large amounts of financial backing and the ability to maintain an actively adversarial stance at a high level for extended periods of time. For example, state-sponsored terrorism might use the state’s intelligence services to gain access to bribable or politically sympathetic individuals in key decision-making places, or to systematically corrupt production or distribution of hardware or software.
Some of the scenarios above are potentially relevant to information warfare attacks against the United States, i.e., attacks launched or abetted by hostile nation-states and/or directed against U.S. military forces or assets. A hostile nation conducting an information attack on the United States is likely to conceal its identity to minimize the likelihood of retaliation, and hence may resort to sponsoring terrorists who can attack without leaving clear national signatures.
While these considerations make certain types of attack more or less likely, none of the scenarios described above can be categorically excluded. This fact argues in favor of a long-term commitment to a strategic R&D program that will contribute to the robustness of the telecommunications and data networks and of the platforms embedded in them. Such a program would involve both fundamental research into the scientific underpinnings of information and network security and the development of deployable technology that would contribute to informa-