Computer attacks against U.S. systems were up 22 percent from 1996 to 1997, according to a survey by the Computer Security Institute and the FBI. The most recent Computer Security Institute/Federal Bureau of Investigation survey, published in March 1999, confirms this trend.1 The 1999 report notes that denial-of-service attacks were reported by 32 percent of survey respondents, sabotage of data or networks was reported by 19 percent, and virus contamination was reported by 90 percent. Such attacks can be considered as the ordinary background activity that must be dealt with day to day. Some of this activity, when directed against DOD systems, might include information warfare actions to “prepare the battlefield” in the event of a need to interfere with U.S. activity in some future engagement. This is certainly of concern. Of even greater concern, perhaps, is the fact that the United States can expect targeted attacks on DOD systems to increase during hostilities. Both the threat and U.S. vulnerability can be expected to increase, especially as a result of our increased reliance on the technology that network-centric warfare represents. Vulnerability is increasing along with the increasing connectivity among military systems and between military and civilian networks. Thus, vulnerabilities in the networking technology or in any connected system can be exploited by anyone anywhere to penetrate and corrupt DOD systems.

Another source of vulnerability is the increased reliance on commercial products. Commercial security is neither designed nor intended to withstand information warfare attacks, and a large number of exploitable flaws in commonly used products are known to a wide community. Furthermore, the increased homogeneity that results from the nature of today’s commercial computer system marketplace leaves DOD open to attacks that can quickly affect a large percentage of its operations. DOD also depends on vulnerable commercial infrastructures such as telephone networks that, although highly reliable, were not designed to withstand information warfare attack. In addition, since the fleet’s operational networks and the naval force business networks will of necessity be interconnected, the shore establishment will provide many attractive opportunities for penetration and disruption that can extend to the fleets and even their tactical networks, as well as their essential shore support.


The United States can count upon its adversaries to search for ways to disrupt the NCII. An adversary may be able to perform analysis (such as traffic


Rapalus, Patrice. 1999. Issues and Trends: 1999 CSI/FBI Computer Crime and Security Survey. Computer Security Institute, San Francisco, Calif. Available online at <>.

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement