sitemapInformation Warfare: Glossary
Information Warfare Glossary


The Convoluted Terminology of Information Warfare

Compiled by Randall Whitaker, Ph.D.


communications security, computer security, COMSEC, COMPSEC, COMPUSEC, cyberspace, cyberwar, cyberwarfare, electronic warfare, EW, hackers, hyperwar, information assurance, information dominance, information operations, information ops, information revolution, information security, INFOSEC, information superiority, information warfare, IW, IW-D, Military Technical Revolution (MTR), netwar, network centric warfare, Revolution in Military Affairs (RMA), third wave war (-fare), warfare

Copyright © 1998 Randall Whitaker
Except as follows....

This documentation may be freely copied for personal use, distributed, cited, etc., so long as author attribution is included. Inclusion of this document in any persistent product (e.g., rehosting / reposting on WWW) without author permission is expressly prohibited.
Listing Date = 24 May 1998

This glossary contains a summary collection of some of the terminology encountered in the IW literature. For IW-specific terminology, the criteria for inclusion in this listing include (1) opacity to the lay audience and/or (2) crucial usage in military IW discussions. In addition, I've included canonical definitions for more generic military terms as they are currently defined by the U.S. Department of Defense.


Literature citations refer to materials listed in the IW Bibliography at this site.




A 'hacker' organization whose main product is 2600 magazine. This publication has (at times) been considered the premier hacker print product.


8 Little Green Men 'hacker' group that compiles and distributes security tips.

abuse of privilege

Formal nomenclature for user action(s) not in accordance with organizational policy or law. Actions falling outside, or explicitly proscribed by, acceptable use policy.

acceptable level of risk

A judicious and carefully considered assessment by the appropriate authority that a computing activity or network meets the minimum requirements of applicable security directives. The assessment should take into account the value of assets; threats and vulnerabilities; countermeasures and operational requirements.

acceptable use policy

DoD nomenclature for documented standards and/or guidance on usage of information systems and networked assets.

Acronym = 'AUP'


The principle that individuals using a facility or a computer system must be identifiable. With accountability, violations or attempted violations of system security can be traced to individuals who can then be held responsible.


DoD parlance for the notion that information has been maintained and transferred in such a way as to be inviolate -- i.e., the information has been protected from being modified or otherwise corrupted either maliciously or accidentally. Accuracy protects against forgery or tampering. Typically invoked as a synonym for integrity.

acme of skill

Taken from Sun Tzu's The Art of War:" subdue an adversary without killing him." (Griffith translation, 1963)

active attack

A form of attack in which data is actually modified, corrupted, or destroyed.

anomaly detection

A label for the class of intrusion detection tactics which seek to identify potential intrusion attempts by virtue of their being (presumably) sufficiently deviant (i.e., 'anomalous') in comparison with expected / authorized activities. Phrased another way, anomaly detection begins with a positive model of expected system operations and flags potential intrusions on the basis of their deviation (as particular events or actions) from this presumed norm. Cf. misuse detection.

"Anomaly detection techniques assume that all intrusive activities are necessarily anomalous. This means that if we could establish a "normal activity profile" and maintain a "current activity profile" for a system, we could, in theory, flag all system states varying from the established profile by statistically significant amounts as intrusion attempts."

(Aurobindo Sundaram, An Introduction to Intrusion Detection)

application gateway

One form of a firewall in which valid application-level data must be checked / confirmed before allowing a connection. In the case of an ftp connection the application gateway appears as a ftp server to the client and as a ftp client to the server.

ASIM (Automated Security Incident Measurement)

Current DoD automated security tool that monitors network traffic, collects information on targeted unit networks, and detects unauthorized network activity.


A measure of confidence that the security features and architecture of an information system / network accurately reflect and enforce the given security policy.

asynchronous attacks

Attacks that take advantage of dynamic system actions -- especially by exploiting an ability to manipulate the timing of those actions.



"...positively or negatively learned orientations toward something or someone that have a tendency to motivate an individual or group toward some behavior. Experienced soldiers, for example, have negative attitudes toward slovenliness." (US Army Field Manual 33-1 'Psychological Operations')

audit trail

"In computer security systems, a chronological record of when users log in, how long they are engaged in various activities, what they were doing, whether any actual or attempted security violations occurred. An automated or manual set of chronological records of system activities that may enable the reconstruction and examination of a sequence of events and/or changes in an event." (AFCERT Computer Glossary)


Acronym for acceptable use policy.



"The process of determining what types of activities are permitted. Usually, authorization is in the context of authentication. Once you have authenticated a user, the user may be authorized different types of access or activity." (AFCERT Computer Glossary)

availability (of information)

back door

"A hole in the security of a computer system deliberately left in place by designers or maintainers. Synonymous with trap door; A hidden software or hardware mechanism used to circumvent security controls. A breach created intentionally for the purpose of collecting, altering or destroying data." (AFCERT Computer Glossary)

Cf. trap door

Basic PSYOP Study (BPS)

"...a detailed background document which describes the PSYOP relevant vulnerabilities, characteristics, insights, and opportunities that are known about a specific country susceptible to exploitation." (US Army Field Manual 33-1 'Psychological Operations')

battlefield visualization

"the process whereby the commander develops a clear understanding of the current state with relation to the enemy and environment, envisions a desired end state that represents mission accomplishment, and then subsequently visualizes the sequence of activity that moves the commander's force from its current state to the end state." (U.S. Army Field Manual 100-6, Information Operations, 1996)



"Access that an unauthorized user gets, typically by tapping the terminal that is inactive at the time, of a legitimate user." (AFCERT Computer Glossary)


"Binary Large Object, used to describe any random large block of bits, usually a picture or sound file; can be stored in a database but normally not interpretable by a database program. Can be used as a mild hacker threat (mailbomb) when mailed. Can also be used to hide malicious logic code." (AFCERT Computer Glossary)

blue box devices

Gadgets created by crackers and phone hackers ("phreakers") to break into the telephone system and make calls bypassing normal controls and/or billing procedures.



"The successful defeat of security controls which could result in a penetration of the system. A violation of controls of a particular information system such that information assets or system components are unduly exposed." (AFCERT Computer Glossary)


Acronym for command and control.

C2 attack

Sometimes written "C2-attack". Abbreviation for command and control-attack .

C2 protect

Abbreviation for command and control protect.

C2 Counterwar

Presumed synonym for Command and Control Counterwar (cf. Jensen, 1994, p. 35).

C2 protect

See command and control warfare



Acronym for Command, Control and Communications.


Acronym for Command, Control, Communications, and Intelligence.


Acronym for Command, Control, Communications, Computers, and Intelligence.


Acronym for Command, Control, Communications, Computer Intelligence, Surveillance and Reconnaissance.

As of 1998, this acronym is becoming the preferred label for those functional and operational capabilities previously subsumed under CXI (X = (1, 2, ...)). The probable rationale is that this label explicitly insinuates incorporation / inclusion of the intel / recon aspects of the own-force information grid.

center of gravity

A term commonly encountered which connotes a component or feature of a given system (e.g., an adversary's deployed instrumentality) which is critical to either (a) the viability of that given system and/or (b) the viability of the supersystem within which that given system is a participating component.

"The hub of all power and movement upon which everything depends. That characteristic, capability, or location from which enemy and friendly forces derive their freedom of action, physical strength, or the will to fight." (U.S. Army Field Manual FM 34-1: Intelligence and Electronic Warfare Operations, 1994)



Acronym for critical infrastructure protection.

Class I (information warfare)

Personal information warfare. That area of IW concerned with personal privacy issues. This is one of 3 IW classes delineated by Winn Schwartau.

Class II (information warfare)

Corporate / organizational-level information warfare. That area of IW concerned with espionage issues. This is one of 3 IW classes delineated by Winn Schwartau.

Class III (information warfare)

Information warfare viewed with an open / global scope. That area of IW concerned with cyber-terrorism issues. This is one of 3 IW classes delineated by Winn Schwartau.

combat information

"Unevaluated data, gathered by or provided directly to the tactical commander which, due to its highly perishable nature or the criticality of the situation, cannot be processed into tactical intelligence in time to satisfy the user's tactical intelligence requirements. See also information." (DOD Dictionary of Military Terms)

combat intelligence

"That knowledge of the enemy, weather, and geographical features required by a commander in the planning and conduct of combat operations." (DOD Dictionary of Military Terms)


Acronym for communications intelligence.


  1. The authority that a commander in the Armed Forces lawfully exercises over subordinates by virtue of rank or assignment. Command includes the authority and responsibility for effectively using available resources and for planning the employment of, organizing, directing, coordinating, and controlling military forces for the accomplishment of assigned missions. It also includes responsibility for health, welfare, morale, and discipline of assigned personnel.

  2. An order given by a commander; that is, the will of the commander expressed for the purpose of bringing about a particular action.

  3. A unit or units, an organization, or an area under the command of one individual.

    (DOD Dictionary of Military Terms)

command and control

  1. "The exercise of authority and direction by a properly designated commander over assigned forces in the accomplishment of the mission." (Widnall & Fogleman, 1995)

  2. "The exercise of authority and direction by a properly designated commander over assigned and attached forces in the accomplishment of the mission. Command and control functions are performed through an arrangement of personnel, equipment, communications, facilities, and procedures employed by a commander in planning, directing, coordinating, and controlling forces and operations in the accomplishment of the mission. Also called C2." (DOD Dictionary of Military Terms)

command and control-attack

"the synchronized execution of actions taken to accomplish established objectives that prevent effective C2 of adversarial forces by denying information to, by influencing, by degrading, or by destroying the adversary C2 system." (U.S. Army Field Manual 100-6, Information Operations, 1996)

Abbreviation = C2-attack.

command and control counterwar

Apparently a synonym for IW / knowledge war / third-wave war (cf. Jensen, 1994, p. 35). This would be distinct from C2W (Command and Control Warfare), according to Szafranski (1995), who considers C2W and IW to be entirely distinct concepts.

command and control-protect

"the maintenance of effective C2 of own forces by turning to friendly advantage or negating adversary efforts to deny information to, to influence, to degrade, or to destroy the friendly C2 system; C2-protect can be offensive or defensive in nature; offensive C2-protect uses the five elements of C2W to reduce the adversary's ability to conduct C2-attack; defensive C2-protect reduces friendly C2 vulnerabilities to adversary C2-attack by employment of adequate physical, electronic, and intelligence protection." (U.S. Army Field Manual 100-6, Information Operations, 1996)

Abbreviation = C2-protect.

command and control system

The facilities, equipment, communications, procedures, and personnel essential to a commander for planning, directing, and controlling operations of assigned forces pursuant to the missions assigned. (DOD Dictionary of Military Terms)

command and control warfare
(Acronym = C2W)

command, control and communications countermeasures

The phrase replaced by the term command and control warfare (cf. Campen, 1995, p. 68).

common battlespace picture (CBP)

Also: Common battlespace display, common battlespace view

A conceptual term for a shared information asset providing all actors in a theater SOS with a mutually accessible reference point on the status and dynamics of their operations.


"...the process of standardizing and exchanging intelligence perceptions and meanings found in the form of value statements, ideas, sentiments, beliefs, etc., using words, symbols, or actions." (US Army Field Manual 33-1 'Psychological Operations')

communications intelligence

"Technical and intelligence information derived from foreign communications by other than the intended recipients." (DOD Dictionary of Military Terms)

Acronym = COMINT.

communications security

"The protection resulting from all measures designed to deny unauthorized persons information of value which might be derived from the possession and study of telecommunications, or to mislead unauthorized persons in their interpretation of the results of such possession and study. Also called COMSEC. Communications security includes: ...

(Adapted from DOD Dictionary of Military Terms)

complete message

"The complete message is the propaganda message (word) and action (deed) to persuade the individual or group to change or strengthen their opinions, emotions, attitudes, and behavior; the words and deeds are mutually supportive. The deed plus the word equals the message." (US Army Field Manual 33-1 'Psychological Operations')

computer abuse

"The willful or negligent unauthorized activity that affects the availability, confidentiality, or integrity of computer resources. Computer abuse includes fraud, embezzlement, theft, malicious damage, unauthorized use, denial of service, and misappropriation." (AFCERT Computer Glossary)

computer fraud

Crimes involving deliberate misrepresentation or alteration of data in order to obtain something of value, perpetrated via or with regard to computers and/or information networks.

computer security

Acronym = COMPSEC and sometimes COMPUSEC.


Acronyms for computer security.


Acronym for communications security.


The protection from observation or surveillance. (DOD Dictionary of Military Terms)

confidentiality (of information)


  1. Authority which may be less than full command exercised by a commander over part of the activities of subordinate or other organizations.

  2. In mapping, charting, and photogrammetry, a collective term for a system of marks or objects on the Earth or on a map or a photograph, whose positions or elevations, or both, have been or will be determined.

  3. Physical or psychological pressures exerted with the intent to assure that an agent or group will respond as directed.

  4. An indicator governing the distribution and use of documents, information, or material. Such indicators are the subject of intelligence community agreement and are specifically defined in appropriate regulations.

(DOD Dictionary of Military Terms)


Efforts to negate, neutralize, diminish the effects of, or gain advantage from, a foreign deception operation. Counterdeception does not include the intelligence function of identifying foreign deception operations. (DOD Dictionary of Military Terms)


"Actions dedicated to controlling the information realm." (Widnall & Fogleman, 1995) Also spelled counter-information (cf. Gen. Joe Ralston, quoted in Arana-Barradas, 1995)


"Information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted by or on behalf of foreign governments or elements thereof, foreign organizations, or foreign persons, or international terrorist activities. Also called CI." (DOD Dictionary of Military Terms)


"Action, device, procedure, technique, or other measure that reduces the vulnerability of an automated information system. Countermeasures that are aimed at specific threats and vulnerabilities involve more active techniques as well as activities traditionally perceived as security." (AFCERT Computer Glossary)

covert operations

"Operations which are so planned and executed as to conceal the identity of or permit plausible denial by the sponsor. They differ from clandestine operations in that emphasis is placed on concealment of identity of sponsor rather than on concealment of the operation." (Joint Chiefs of Staff publication JCS1, 1987)



As contrasted with crackers and vandals in a tripartite taxonomy of cyberspace intruders, this term is used by Icove, Seger & von Storch (1995) to denote anyone whose goal is to obtain some form of gain (e.g., profit) by their 'hacking' into computer systems.

critical information

Specific facts about friendly intentions, capabilities, and activities vitally needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for friendly mission accomplishment. (DOD Dictionary of Military Terms)

critical infrastructure protection

A general label for measures taken to ensure own-system infrastructure (physical, informational, etc.) is maintained in such a way as to minimize vulnerability to exogenous corruption, disruption, and/or destruction.

Acronym = CIP

critical intelligence

Intelligence which is crucial and requires the immediate attention of the commander. It is required to enable the commander to make decisions that will provide a timely and appropriate response to actions by the potential/actual enemy. It includes but is not limited to the following:

  1. strong indications of the imminent outbreak of hostilities of any type (warning of attack);

  2. aggression of any nature against a friendly country;

  3. indications or use of nuclear-biological-chemical weapons (targets); and

  4. significant events within potential enemy countries that may lead to modification of nuclear strike plans."

(DOD Dictionary of Military Terms)

cyber medium


A term, not yet clearly defined, which is sometimes invoked to connote a manner of government or politics in which information and the global information networks are the dominant source of empowerment.

"This term, from the roots "cyber-" and "-cracy," signifies rule by way of information. As it develops, information and its control will become a dominant source of power, as a natural next step in man's political evolution. In the past, under aristocracy, the high-born ruled; under theocracy, the high priests ruled. In modern times, democracy and bureaucracy have enabled new kinds of people to participate in government. In turn, cyberocracy, by arising from the current revolution in information and communications technologies, may slowly but radically affect who rules, how, and why."

(Ronfeldt, 1992 [revised version of 1991])




data driven attack

"A form of attack that is encoded in innocuous seeming data which is executed by a users or other software to implement an attack. In the case of firewalls, a data driven attack is a concern since it may get through the firewall in data form and launch an attack against a system behind the firewall." (AFCERT Computer Glossary)


"Any numerical or geometrical quantity or set of such quantities which may serve as reference or base for other quantities. Where the concept is geometric, the plural form is "datums" in contrast to the normal plural 'data.' " (DOD Dictionary of Military Terms)


acronym for dominant battlespace awareness.


acronym for dominant battlespace knowledge.


"Those measures designed to mislead the enemy by manipulation, distortion, or falsification of evidence to induce him to react in a manner prejudicial to his interests." (DOD Dictionary of Military Terms)


"In an estimate of the situation, a clear and concise statement of the line of action intended to be followed by the commander as the one most favorable to the successful accomplishment of the mission." (DOD Dictionary of Military Terms)

defense information infrastructure

Acronym = DII.

A label for the composite information assets of DoD (the American defense establishment).

"the shared or interconnected system of computers, communications, data, applications, security, people, training, and other support structures serving DOD's location and worldwide information needs; the DII connects DOD mission support, command and control, and intelligence computers and users through voice, data, imagery, video, and multimedia services and provides information processing and value-added services to subscribers of the [Defense Information Systems Network." (U.S. Army Field Manual 100-6, Information Operations, 1996)

"As a result of the rapid growth in computer technology, the Department of Defense, like the rest of government and the private sector, has become extremely dependent on automated information systems. These systems have also become increasingly interconnected worldwide to form virtual communities in cyberspace. The Department calls its portion of this global community the Defense information infrastructure. ... The Defense information infrastructure consists of communications networks, computers, software, databases, applications, and other capabilities that meets the information processing, storage, and communications needs of Defense users in peace and wartime." (GAO, Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, Report GAO/AIMD-96-84, 1996)

defensive counterinformation

"Actions protecting our military information functions from the adversary." (Widnall & Fogleman, 1995)

degradation of service

Any reduction (with respect to norms or expectations) in service processes' reaction / response time, quantitative throughput, or quality parameters. This term is often used to denote the general set of service(s) impairment(s) which at the extreme (i.e., total degradation to a 'zero state' with respect to the given parameter(s)) constitutes an absolute denial of service.

Note that (owing to operational constraints such as 'time before timing out' settings) a disruptive tactic capable of only degrading service(s) may result in a complete denial of said service(s) from the perspective of the end user(s).

Cf. denial of service

denial of service

"Action(s) which prevent any part of an AIS from functioning in accordance with its intended purpose." (AFCERT Computer Glossary)

Denial of service attacks may include denying services or processes limited to one host machine. However, the term is most often invoked to connote action against a single host (or set of hosts) which results in the target's inability to perform service(s) for other users -- particularly over a network.

One may consider denial of service to be the extreme case of degradation of service in which one or more normal functional parameters (e.g., response, throughput) get 'zeroed out', at least as far as the end user is concerned.

It is important to note that 'denial' is delineated with respect to whether or not the normal end user(s) can exploit the system or network as expected. Seen in this light, 'denial' (like 'degradation') is descriptive of a functional outcome, and it is not therefore definitive with respect to cause(s) (i.e., tactics effecting said result). Forms of attack not geared to 'denial' per se may lead to 'denial' as a corollary effect (e.g., when a system administrator's actions in response to an intrusion attempt lead to a service outage). As such, 'denial of service' is not a good criterion for categorizing attack tactics.

Cf. degradation of service

denial time

"The average length of time that an affected asset is denied to the organization." (AFCERT Computer Glossary) The temporal extent of operational malaise induced by a denial of service attack.


Acronym for defense information infrastructure.

direct information warfare

"Changing the adversary's information without involving the intervening perceptive and analytical functions." (Widnall & Fogleman, 1995)

directed-energy protective measures

"That division of directed-energy warfare involving actions taken to protect friendly equipment, facilities, and personnel to ensure friendly effective uses of the electromagnetic spectrum that are threatened by hostile directed-energy weapons and devices." (Department of Defense Dictionary of Military and Associated Terms)

directed-energy warfare

"Military action involving the use of directed-energy weapons, devices, and countermeasures to either cause direct damage or destruction of enemy equipment, facilities, and personnel, or to determine, exploit, reduce, or prevent hostile use of the electromagnetic spectrum through damage, destruction, and disruption. It also includes actions taken to protect friendly equipment, facilities, and personnel and retain friendly use of the electromagnetic spectrum. Also called DEW." (Department of Defense Dictionary of Military and Associated Terms)

directed-energy weapon

"A system using directed energy primarily as a direct means to damage or destroy enemy equipment, facilities, and personnel." (Department of Defense Dictionary of Military and Associated Terms)

DNS spoofing

dominant battlespace awareness (DBA)

A term applied to connote own-system advantage with respect to sensor / reconnaissance / intelligence data in a particular battlespace. Cf. Owens (1995a; 1995b).

dominant battlespace knowledge (DBK)

double enveloping

Given the usage of an envelope -- information added to a data packet to ensure the packet is received correctly at its destination ...

"A technique consisting of encasing the content and envelope of a message in a new outer envelope to protect the information on the envelope whenever a message is forwarded through a less trusted domain. The content of the new outer envelope may or may not be encrypted, depending on the degree of trust accorded to the less trusted domain." (AFCERT Computer Glossary)

dumpster diving

A form of HUMINT in which cast-off articles and information are scavenged in an attempt to obtain advantageous data. For example, going through someone's trash to recover documentation of his / her critical data (Social Security number, credit card ID numbers, etc.).

"The practice of raiding the dumpsters behind buildings where producers and/or consumers of high-tech equipment are located with the expectation of finding discarded but still-valuable equipment or information." (AFCERT Computer Glossary)

economic info-warfare / economic information warfare

The application of IW tactics to leverage one's interests in the economic realm. A subclassification of IW delineated by Martin Libicki in his essay What Is Information Warfare?.

economic warfare

"Aggressive use of economic means to achieve national objectives." (DOD Dictionary of Military Terms)

electromagnetic intrusion

"The intentional insertion of electromagnetic energy into transmission paths in any manner, with the objective of deceiving operators or of causing confusion. See also electronic warfare." (DOD Dictionary of Military Terms)

electronic warfare

"Any military action involving the use of electromagnetic and directed energy to control the electromagnetic spectrum or to attack the enemy. Also called EW. The three major subdivisions within electronic warfare are:

  1. electronic attack. That division of electronic warfare involving the use of electromagnetic, directed energy, or antiradiation weapons to attack personnel, facilities, or equipment with the intent of degrading, neutralizing, or destroying enemy combat capability. Also called EA. EA includes: 1) actions taken to prevent or reduce an enemy's effective use of the electromagnetic spectrum, such as jamming and electromagnetic deception, and 2) employment of weapons that use either electromagnetic or directed energy as their primary destructive mechanism (lasers, radio frequency weapons, particle beams).

  2. electronic protection. That division of electronic warfare involving actions taken to protect personnel, facilities, and equipment from any effects of friendly or enemy employment of electronic warfare that degrade, neutralize, or destroy friendly combat capability. Also called EP.

  3. electronic warfare support. That division of electronic warfare involving actions tasked by, or under direct control of, an operational commander to search for, intercept, identify, and locate sources of intentional and unintentional radiated electromagnetic energy for the purpose of immediate threat recognition. Thus, electronic warfare support provides information required for immediate decisions involving electronic warfare operations and other tactical actions such as threat avoidance, targeting, and homing. Also called ES. Electronic warfare support data can be used to produce signals intelligence, communications intelligence, and electronics intelligence."

    (DOD Dictionary of Military Terms)

electronics intelligence

"Technical and geolocation intelligence derived from foreign non-communications electromagnetic radiations emanating from other than nuclear detonations or radioactive sources." (DOD Dictionary of Military Terms)

Acronym = ELINT.

electronics security

"The protection resulting from all measures designed to deny unauthorized persons information of value that might be derived from their interception and study of noncommunications electromagnetic radiations, e.g., radar." (DOD Dictionary of Military Terms)

This term is also (more loosely) used to connote the topical area or task specialization focusing on achieving this type of protection.

electro-optical intelligence

"Intelligence other than signals intelligence derived from the optical monitoring of the electromagnetic spectrum from ultraviolet (0.01 micrometers) through far infrared (1,000 micrometers)." (DOD Dictionary of Military Terms)



Acronym for electronics intelligence.


"The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations." (AFCERT Computer Glossary)

essential elements of friendly information

"Key questions likely to be asked by adversary officials and intelligence systems about specific friendly intentions, capabilities, and activities, so they can obtain answers critical to their operational effectiveness. Also called EEFI." (DOD Dictionary of Military Terms)

essential elements of information

"The critical items of information regarding the enemy and the environment needed by the commander by a particular time to relate with other available information and intelligence in order to assist in reaching a logical decision. Also called EEI." (DOD Dictionary of Military Terms)

Ethernet meltdown

"An event that causes saturation or near saturation on an Ethernet. It usually results from illegal or misrouted packets and typically lasts only a short time." (AFCERT Computer Glossary)

For example, an IP transmission addressed to a nonexistent recipient node and broadcast to all machines on a network can result in gateways' / routers' sending out Address Resolution Protocol (ARP) packets in an attempt to locate the non-existent recipient and forward the transmission. This forces the gateway(s) to spend processing cycles on the futile search, to the expense of handling normal network traffic. To the extent the network's operations are negatively affected, this can constitute an effective means for degradation of service or even temporary denial of service.

Ethernet sniffing

A form of sniffing directed at basic Ethernet traffic (e.g., by monitoring packets passing through / by a router) and screening for packets of interest (e.g., those containing or indicative of passwords). This process can be performed by automatic means, with the composite 'take' being logged into a summary form for further analysis and exploitation.


Acronym for electronic warfare.


A metaphorical label for a set of hardware and software components protecting system resources (e.g., servers, LANs) from exogenous attack via a network (e.g., from Internet users) by intercepting and checking network traffic. The 'mix' of hardware and software accomplishing firewall operations can vary. For LAN installations of any size, the typical approach is to install one or more computers 'positioned' at critical junctures (e.g., gateways) and dedicated to the firewall functions. It is typically the case that such installations are configured such that all external connections (e.g., modems, ports) are 'outside' the firewall (with respect to its domain of protection), or at least 'abut' it on its 'external face'. The firewall's own 'internal' connection into the protected domain is typically the focus of monitoring functions.

"A system or combination of systems that enforces a boundary between two or more networks. Gateway that limits access between networks in accordance with local security policy. The typical firewall is an inexpensive micro-based Unix box kept clean of critical data, with a bunch of modems and public network ports on it but just one carefully watched connection back to the rest of the cluster." (AFCERT Computer Glossary)

firewall machine

A specific computer dedicated to effecting a firewall.

first-wave war(fare)

Cf. Toffler & Toffler (1993). The term for the mode or character of war(fare) exemplified in primitive, pastoral, and agricultural societies and dating from prehistory. This is Toffler's category corresponding to pre-industrial war(fare) or primitive war(fare), as those terms are colloquially used.


A defensive IW tactic in which a suspicious or unauthorized user is permitted to continue established access to the protected system / network, but whose interactions with that system / network are (all unknown and unapparent to the subject) 'encapsulated' within a secure domain of operations (e.g., rerouted to an isolated computer; redirected to a dummy environment simulating an actual server) so that IW defenders can observe and analyze the user's intentions, tactics, and/or identity.

"To contain, isolate and monitor an unauthorized user within a system in order to gain information about the user." (AFCERT Computer Glossary)

fog of war

The aggregate of factors which reduce or preclude situational certainty in a battlespace. The origin of this term is often attributed to Clausewitz, although it would appear that the label is actually more of a post hoc appellation for some of the issues which Clausewitz addressed.

fork bomb

A disruptive piece of code directed toward a Unix-based system which causes runaway 'forking' (splitting / replication) of operating system processes to degrade or (if saturation is achieved) deny that target system's operations.

"Code that can be written in one line of code on any Unix system; used to recursively spawn copies of itself, "explodes" eventually eating all the process table entries and effectively locks up the system." (AFCERT Computer Glossary)

friction (of war)

The aggregate of factors and events which reduce or degrade operational efficiency (and hence effectiveness) in the "real world" of warmaking. The label is a metaphorical allusion to the sort of 'heat loss' which is an inescapable part of physical-mechanical systems. This 'friction' was a focal idea in the 19th Century writings of Clausewitz.

global information environment

"all Individuals, organizations, or systems, most of which are outside the control of the military or National Command Authorities, that collect, process, and disseminate information to national and international audiences." (U.S. Army Field Manual 100-6, Information Operations, 1996)


The label 'hacker' has come to connote a person who deliberately accesses and exploits computer and information systems to which he / she has no authorized access. Originally, the term was an accolade for someone highly motivated to explore what computers could do and/or to explore the limits of his / her technical skills (especially in programming). 'A great hack' was a common compliment for an especially cunning or innovative piece of software code. The term 'cracker' was then reserved for people intruding into computer / information systems for the thrill of it (or worse). Over time, 'cracker' faded from usage and 'hacker' came to subsume its (unfortunate) connotations.

"A person who enjoys exploring the details of computers and how to stretch their capabilities. A malicious or inquisitive meddler who tries to discover information by poking around. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary." (AFCERT Computer Glossary)

"The term hackers has a relatively long history. Hackers were at one time persons who explored the inner workings of computer systems to expand their capabilities, as opposed to those who simply used computer systems. Today the term generally refers to unauthorized individuals who attempt to penetrate information systems; browse, steal, or modify data; deny access or service to others; or cause damage or harm in some other way."

(GAO, Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, Report GAO/AIMD-96-84, 1996)

"The definition of the term "hacker" has changed over the years. A hacker was once thought of as any individual who enjoyed getting the most out of the system he was using. A hacker would use a system extensively and study the system until he became proficient in all its nuances. This individual was respected as a source of information for local computer users; someone referred to as a "guru" or "wizard." Now, however, the term hacker is used to refer to people who either break into systems for which they have no authorization or intentionally overstep their bounds on systems for which they do have legitimate access."

(Bassham & Polk, 1992)


A term (typically applied in combination with another) to connote action to usurp activity or interactions in progress. Most commonly used for those tactics which allow an intruder to usurp an authorized user's session for his / her own ends.

Cf. IP splicing / hijacking, session hijacking


A term (attributed to 'Air Force planners') describing the notion that "...war is becoming unimaginably and unmanageably fast." (Arnett, 1992, p. 15)


Acronym for infrastructural and information warfare (cf. M. Wilson, 1997).


Acronym for indications and warnings. (U.S. Army Field Manual 100-6, Information Operations, 1996)

This is a sort of catch-all label for any and all data signifying an operant or potential threat. Typically, 'indications and warnings' connotes a summarization or fusion of raw data into a synopsis of current threat condition(s) -- e.g., a report from an intel unit.


Acronym for 'indications and warnings / threat assessment'. This label is occasionally used to connote the summarization of incoming data with respect to threat conditions (extant or predicted).


  1. Acronym for information-based warfare (Ryan, 1995).

  2. Acronym for intelligence-based warfare (Libicki / National Defense University Strategic Forum 28, 1995).


Acronym for intrusion detection system.


Acronym for information dominance warfare.


Acronym for intelligence and electronic warfare. (U.S. Army Field Manual 100-6, Information Operations, 1996)

indications and warning(s)

"Those intelligence activities intended to detect and report time-sensitive intelligence information on foreign developments that could involve a threat to the United States or allied military, political, or economic interests or to U.S. citizens abroad. It includes forewarning of enemy actions or intentions; the imminence of hostilities; insurgency; nuclear/non-nuclear attack on the United States, its overseas forces, or allied nations; hostile reactions to United States reconnaissance activities; terrorists' attacks; and other similar events." (DOD Dictionary of Military Terms)

Acronym = "I&W".

indirect information warfare

"Changing the adversary's information by creating phenomena that the adversary must then observe and analyze." (Widnall & Fogleman, 1995)

industrial warfare

Cf. Toffler & Toffler (1993). The term for the class or character of war / warfare exemplified from the 18th Century through to the present. Synonymous with Second-Wave War(fare).


  1. "Facts, data, or instructions in any medium or form.

  2. The meaning that a human assigns to data by means of the known conventions used in their representation."

    (DOD Dictionary of Military Terms)

"In intelligence usage, unevaluated material of every description that may be used in the production of intelligence." (U.S. Army Field Manual FM 34-1: Intelligence and Electronic Warfare Operations, 1994)

Information Age

A label generally used to connote the present / prospective era in which information technology (IT) is the dominant technical artifacture.

"the future time period when social, cultural, and economic patterns will reflect the decentralized, nonhierarchical flow of information; contrast this to the more centralized, hierarchical, social, cultural, and economic patterns that reflect the Industrial Age's mechanization of production systems." (U.S. Army Field Manual 100-6, Information Operations, 1996)

information age warfare

information attack

"Directly corrupting information without visibly changing the physical entity within which it resides." (Widnall & Fogleman, 1995, p. 6) In the wake of an information attack " information function is indistinguishable from its original state except through inspecting its data or instructions." (Ibid.)

information-based warfare

information collection

That aspect of IW activities concerned with the acquisition of data. "An organization needs a variety of information to support its operations. ...Information collection includes the entry points for information into an organization from both internal and external sources. Issues include quantity (completeness), quality (accuracy), and timeliness of this information. Business examples of collection systems include point-of-sale (POS) systems, market surveys, government statistics, and internal management data. Military examples of collection systems include tactical radars and other sensors." (Cramer, 1996)

information compromise

That class or type of IW threat which "... involves a competitor gaining access to an organization's proprietary data." (Cramer, 1996)

information denial

A term used by Cramer (1996) to connote "... measures beyond normal protection to specifically target an adversary's collection systems. There are two types of denial: direct attacks on the adversary's information systems, and providing misinformation to its systems to deceive and induce the adversary to take actions that are not to its advantage. ... For the military, direct attacks include electronic warfare (jamming) of sensors and radio links. ... Besides direct attacks, there are safer ways to corrupt an adversary's data bases. These rely on providing false information to the targeted competitoršs collection systems to induce this organization to make bad decisions based upon this faulty information."

information destruction

That class or type of IW threat to one's data assets which "... involves the loss of these data (or loss of access to these data) as the result of a hostile attack by an adversary." (Cramer, 1996)

information dominance

information dominance warfare (IDW)

The subcategory of information warfare (IW) aimed at leveraging data, information, and knowledge to tactical and strategic advantage, as opposed to leveraging the media, channels, and vehicles of information transfer and/or processing. Cf. Widnall & Fogleman's (1995) definition for IW. The goal of IDW is to achieve information dominance.

information function

"Any activity involving the acquisition, transmission, storage, or transformation of information." (Widnall & Fogleman, 1995)

information in war / information in warfare

A term which has come to be used to denote the application of information (and information processing / technology) in the context of military operations (conventionally delineated), as opposed to that connotation accorded IW to the effect that information and information systems are the substance, the tools, and the targets in an emerging warform.

"Information-in-war involves the AF's extensive capabilities to provide global awareness throughout the range of military operations based on integrated intelligence, surveillance, and reconnaissance (ISR) assets; information collection/dissemination activities; and global navigation and positioning; weather; and communications capabilities."

(USAF Air University / CADRE, Information Warfare Division definitions)

Acronyms = IinW(information in war); IIW(information in warfare)

information operations (also Information Ops)

The term "information operations" is typically encountered in IW discussions as a label for those concrete tasks and activities by which one pursues one's own interests in the information realm. As such, information operations (or "info ops") most commonly denotes specific paths of action, in contrast to IW denoting the broader sphere within which these actions are undertaken.

information ops (also "info ops")

Synonym for information operations. (Defense Issues 10:18, 1995)

information protect

A (seemingly ungrammatical) synonym for information protection, quite frequently used in the U.S. military IW literature.

Acronym = IP.

information protection

"Information protection addresses two types of threats: information compromise and destruction. Compromise involves a competitor gaining access to an organization's proprietary data. Destruction involves the loss of these data (or loss of access to these data) as the result of a hostile attack by an adversary." (Cramer, 1996)

Acronym = IP.

information realm

A commonly-used term to denote the virtual space of data networks, their contents, and their commerce. Related terms include: infosphere, cyberspace, datasphere, and virtual realm.

information security

Acronym = INFOSEC

information superiority

"That degree of dominance in the information domain which permits the conduct of operations without effective opposition." (DOD Dictionary of Military Terms)

"Information Superiority combines the capabilities of intelligence, surveillance, reconnaissance (ISR) and command, control, communications, computers, and intelligence (C4I) to acquire and assimilate information needed to effectively employ our own forces to dominate and neutralize adversary forces. It includes the capability for near-real-time awareness of the location and activity of friendly, adversary, and neutral forces throughout the battlespace; and a seamless, robust C4I network linking all friendly forces that provides common awareness of the current situation." (DOD Joint Warfighting Science and Technology Plan)

information system(s)

Acronym = INFOSYS.

"the entire infrastructure, organization, personnel, and components that collect, process, store, transmit, display, disseminate, and act on information." (U.S. Army Field Manual 100-6, Information Operations, 1996)

information systems security

As used in the AFCERT Computer Glossary, a synonym for INFOSEC - "Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit and against the denial of service to authorized users."

information systems warfare (ISW)

The subcategory of information warfare (IW) aimed at leveraging media, channels, and vehicles of information transfer and/or processing to tactical and strategic advantage. Cf. Widnall & Fogleman's (1995) information age warfare.

information terrorism

An ill-defined term (as yet) invoked to connote cyberspace mischief undertaken with intentions or ramifications analogous to the fear-inducing physical attacks we associate with 'terrorist' activity.

"Political terrorism is the systematic use of actual or threatened physical violence in the pursuit of a political objective, to create a general climate of public fear and destabilize society, and thus influence a population or government policy. Information terrorism is the nexus between criminal information system fraud or abuse, and the physical violence of terrorism. However, particularly in a legal sense, information terrorism can be the intentional abuse of a digital information system, network, or component toward an end that supports or facilitates a terrorist campaign or action. In this case, the system abuse would not necessarily result in direct violence against humans, although it may still incite fear."

(Devost, Houghton & Pollard, 1997)

These authors go on to use a 2 X 2 matrix (of 'physical' vs. 'digital' crossed with 'tools' versus 'targets') to delineate information terrorism as those activities exhibiting 'terrorist' profiles in which either the tools or the target of the attack(s) were 'digital'.

information transport

That element of IW activities which "... involves moving data from points of collection to points of storage or use. The speed with which this is done affects the timeliness of the data availability and therefore the responsiveness of the organization to situations. ... Transport considerations must be viewed within the overall Information Warfare perspective, since the same efficiency that facilitates rapid message and data transportation also may be used by a competitor to download proprietary data bases in seconds or minutes." (Cramer, 1996)

information war

information warfare (abbreviated IW)


Acronym for information security.



Acronyn for information systems.


Apparent synonym for information warfare (cf. Waller, 1995).

infrastructural and information warfare

A term used by Michael Wilson (cf. papers listed in the Bibliography) to connote the composite of information/cyber warfare and exploitation/disruption of fundamental infrastructures.

Acronym = 'I2WAR'

"Target profiles of I2WAR fall into four general categories:

Denial of service physical infrastructure attacks, which can be viewed as low intensity conflicts, including guerrilla and terror actions;

Denial of service virtual infrastructure attacks, what are being referred to as information warfare;

Psychological warfare attacks, more subtle efforts that have their effect through perversion of the functionality of the decision-making process;

Technologically augmented political warfare, which straddles the line of legitimate action in the political process.

(Wilson, Infrastructural Warfare Threat Model, 1997)

infrastructural warfare

A term connoting warmaking activities directed toward degradation, disruption, or destruction of an adversary's 'infrastructure' -- those elements, assets, and composites thereof providing operational foundations for target activities.

"Infrastructural Warfare (IWAR) is warfare waged to or from the material and information infrastructures, and includes terrorism, guerrilla warfare, information warfare." (Journal of Infrastructural Warfare WWW home page)

"Information warfare is closely related to infrastructural warfare, which involves the disruption of a government without necessarily causing direct loss of life. As more computers connect to systems used by society as a whole, the capability to use computers to engage in infrastructural warfare will only increase." (Nitzberg, 1997)

Acronym = 'IWAR'

Cf. infrastructure, infrastructural and information warfare


A term used in general parlance to connote the distinguishable set of resources, elements, and arrangements thereof which comprise the operational foundation for a given activity. Because the Internet is rapidly becoming a basis for (e.g.) commerce, it is increasingly seen as a critical piece of 'infrastructure'. Because many forms of IW mischief disrupt or degrade the operation of an adversary's network 'infrastructure' (at any of a variety of levels of constitution), IW has come to be treated in some quarters as a matter of 'infrastructural warfare'.

"Infrastructure is dynamic and varies widely across the individuals of a society. A working definition can be gained by the simple process of recording `a day in the life' of a significant subset of individuals ..."

"For a period in the subject's life, a record could be made of every service, object, mechanism, information, or process they take advantage of yet do not supply themselves. This record is a first-stage approximation of the dependencies the individual has on the infrastructural elements provided by the political economy." ...[This process continues until it produces] "... a list of individuals and domains, and the material and informational dependencies they require to continue to function in their daily lives."

(M. Wilson, 1997)

instrumental dominance

(As opposed to information dominance). The advantage obtained through superior physical force projection, without regard to or reliance upon any corresponding advantage in relevant informational activities.

integrity (of information)

"Integrity refers to keeping information accurate, i.e., keeping it from being modified or corrupted." (GAO, Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, Report GAO/AIMD-96-84, 1996) As such, this term is a more precise label for at least one of the interpretations given the term 'accuracy'.


Common abbreviated form of the term intelligence.


  1. "The product resulting from the collection, processing, integration, analysis, evaluation, and interpretation of available information concerning foreign countries or areas.

  2. Information and knowledge about an adversary obtained through observation, investigation, analysis, or understanding." (DOD Dictionary of Military Terms)

  3. "The product resulting from the collection, evaluation, analysis, integration, and interpretation of all available information which concerns one or more aspects of foreign nations or of areas of foreign operations, and which is immediately or potentially significant to military planning and operations." (AFCERT Computer Glossary)

NOTE: The DOD Dictionary of Military Terms contains discrete listings for: acoustic intelligence; all-source intelligence; basic intelligence; civil defense intelligence; combat intelligence; communications intelligence; critical intelligence; current intelligence; departmental intelligence; domestic intelligence; electronics intelligence; electro-optical intelligence; escape and evasion intelligence; foreign intelligence; foreign instrumentation signals intelligence; general military intelligence; human resources intelligence; imagery intelligence; joint intelligence; laser intelligence; measurement and signature intelligence; medical intelligence; merchant intelligence; military intelligence; national intelligence; nuclear intelligence; open source intelligence; operational intelligence; photographic intelligence; political intelligence; radar intelligence; radiation intelligence; scientific and technical intelligence; security intelligence; strategic intelligence; tactical intelligence; target intelligence; technical intelligence; technical operational intelligence; telemetry intelligence; terrain intelligence; unintentional radiation intelligence.

intelligence-based warfare

Warfighting characterized by rapid and effective acquisition and application of intelligence data. (cf. Libicki, 1995).

Acronym = IBW. NOTE: The 'IBW' acronym is also used for information-based warfare.

intelligence cycle

"The steps by which information is converted into intelligence and made available to users. There are five steps in the cycle:

  1. planning and direction--Determination of intelligence requirements, preparation of a collection plan, issuance of orders and requests to information collection agencies, and a continuous check on the productivity of collection agencies.

  2. collection--Acquisition of information and the provision of this information to processing and/or production elements.

  3. processing--Conversion of collected information into a form suitable to the production of intelligence.

  4. production--Conversion of information into intelligence through the integration, analysis, evaluation, and interpretation of all source data and the preparation of intelligence products in support of known or anticipated user requirements.

  5. dissemination--Conveyance of intelligence to users in a suitable form."

(DOD Dictionary of Military Terms)

intelligence preparation of the battlespace

Acronym = IPB.


Acronym for intelligence satellite.


"Interaction occurs when two or more individuals may come into contact and a change in the behavior and/or attitude of one, some, or all takes place. The psychological operator, using the technique of face-to-face communications, interacts with an individual or group. Through his persuasive message, a behavior and/or attitude change is sought." (US Army Field Manual 33-1 'Psychological Operations')


An instance of unauthorized access into or penetration of a computer / information system.

intrusion attempt

An event taken to be a potentially deliberate and unauthorized action toward accessing data / information, manipulating data / information, and/or rendering a given data / information system unreliable or unusable.

intrusion detection

The general label for the technical field(s) addressing how one identifies and characterizes actions presumed to be threatening to own-system security. The label is attributed to: J.P Anderson. Computer Security Threat Monitoring and Surveillance. Technical report, James P Anderson Co., Fort Washington, Pennsylvania, April 1980.

Intrustion detection tactics can be subdivided into 2 main categories: anomaly detection and misuse detection.

"Pertaining to techniques which attempt to detect intrusion into a computer or network by observation of security logs or audit data. Detection of break-ins or attempts either manually or via software expert systems that operate on logs or other information available on the network." (AFCERT Computer Glossary)

intrusion detection system (IDS)

A software and/or hardware system designed to monitor computer and/or network operations and identify any pattern(s) of activity presumed to indicate intrusion attempts.

Acronym = 'IDS'.


Acronym for information operations. (U.S. Army Field Manual 100-6, Information Operations, 1996)


Acronym for information operations center. (U.S. Army Field Manual 100-6, Information Operations, 1996)


  1. Acronym for information protection / information protect.

  2. Acronym for Internet Protocol (as in TCP/IP).

IP splicing / hijacking

A form of surreptitious co-opting of an interactive session through manipulation of low-level IP features. The allusion to 'splicing' connotes that the attacker 'splices' his packet stream into a stream already established / acknowledge / authenticated. The allusion to 'hijacking' connotes that the attacker thus masquerades as whomever originally established the connection, allowing him to 'hijack' the session to his own ends.

"An attack whereby an active, established, session is intercepted and co-opted by the attacker. IP splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP splicing rely on encryption at the session or network layer." (AFCERT Computer Glossary)

IP spoofing

"An attack whereby a system attempts to illicitly impersonate another system by using IP network address." (AFCERT Computer Glossary)


Acronym for intelligence preparation of the battlespace.


Acronym for intelligence / surveillance / reconnaissance (i.e., the set of functions comprising the 'sensor / perception' interface of a military system).


Acronym for information systems warfare.


Acronym for information warfare


Acronym for information warfare-defense -- i.e., that subset of IW which addresses protection of own-force systems and networks against intrusion and attacks.

key communicator

" individual or group having the economic, social, or political power to persuade the individuals or groups with which he interacts to change or reinforce existing opinions, emotions, attitudes, and behaviors." (US Army Field Manual 33-1 'Psychological Operations')

keystroke monitoring

A form of user surveillance in which the actual character-by-character traffic (i.e., that user's 'keystrokes') are monitored, analyzed, and/or logged for future reference.

"A specialized form of audit trail software, or a specially designed device, that records every key struck by a user and every character of the response that the host computer returns to the user." (AFCERT Computer Glossary)


The state or mechanism(s) ascribed to a system to explain complex mediation between effective acquisition of data from, and effective action in, an operational environment. This approach to knowledge explicitly ties it to the processes of both eduction and enaction with respect to the given operational environment, and hence links it to one or more specific actors in that given domain. These connections explain the IW literature's claims that knowledge " active and must be possessed if it is to exist -- let alone be useful." (Mann, 1994, p. 9).

knowledge-based warfare

Per the AJP ACTD Web site:

"Knowledge-based warfare is the ability of one side to obtain essential and key elements of truth while denying these same elements of truth to the other side. It is based on Sir Winston Churchill's premise that 'truth (knowledge) is the most precious commodity in warfare.' "

"The key attributes of knowledge-based warfare are timely, high fidelity, comprehensive, synthesized, and visual data. The end game is a complete 'pictorial' representation of reality that the decision maker can tune to his/her unique needs at any given time. This picture must include both 'blue' and 'red' data, although this ACTD concentrates on the provision of 'blue' data only."

(cf. information warfare, information-based warfare, intelligence-based warfare )

knowledge dominance

In warfare, an operational advantage (vis a vis an adversary) in exploiting information to guide effective action. This is the goal of information dominance (Mann, 1994, p. 9)

knowledge war

A synonym for IW or Third-Wave War (cf. Jensen, 1994, p. 35).

leapfrog attack

  1. Any form of intrusion / attack accomplished by exploitation of data / information obtained on a site / server other than the attack's target.

    "Use of userid and password information obtained illicitly from one host to compromise another host." (AFCERT Computer Glossary)

  2. In a second, distinct, sense -- a method of intrusion / attack in which the intruder / attacker 'approaches' the target system through at least one intermediate system other than his / her own platform.

    "The act of TELNETing through one or more hosts in order to confuse a trace (a standard cracker procedure)." (AFCERT Computer Glossary)

letter bomb / letterbomb

Malicious / disruptive code delivered via an email message (and / or an attachment to said message).

"A piece of email containing live data intended to do malicious things to the recipient's machine or terminal. Under UNIX, a letterbomb can also try to get part of its contents interpreted as a shell command to the mailer. The results of this could range from silly to tragic." (AFCERT Computer Glossary)

logic bomb

The term for a mischievous / destructive piece of software (cf. virus, Trojan horse which lies resident on the victim computer / system until 'triggered' by a specific event (e.g., onset of a predetermined date or set of system conditions).

"A logic bomb is unauthorized code that creates havoc when a particular event occurs, e.g. the perpetrator's name is deleted from the payroll or a certain date occurs." (GAO, Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, Report GAO/AIMD-96-84, 1996)

"A resident computer program which, when executed, checks for particular conditions or particular states of the system which, when satisfied, triggers the perpetration of an unauthorized act." (AFCERT Computer Glossary)

mail bomb / mailbomb

Unlike 'logic bomb' (a thing), 'mail bomb' is a verb used to connote deliberately deluging a target system / host with email messages for purposes of harassment, degradation of service, or even denial of service.

"The mail sent to surge others to send, massive amounts of email to a single system or person with the intent to crash the recipient's system. Mailbombing is widely regarded as a serious offense." (AFCERT Computer Glossary)

mail storm / mailstorm

What the target system / users see when being mail bombed. Any large amount of incoming email sufficient to disrupt or bog down normal local operations.

"What often happens when a machine with an Internet connection and active users re-connects after extended downtime --- a flood of incoming mail that brings the machine to its knees." (AFCERT Computer Glossary)


Acronym for measurement and signature intelligence.

measurement and signature intelligence

"Scientific and technical intelligence obtained by quantitative and qualitative analysis of data (metric, angle, spatial, wavelength, time dependence, modulation, plasma, and hydromagnetic) derived from specific technical sensors for the purpose of identifying any distinctive features associated with the source, emitter, or sender and to facilitate subsequent identification and/or measurement of the same. Also called MASINT." (DOD Dictionary of Military Terms)


Acronym for minimum essential information infrastructure.


"Any thought or idea expressed briefly in a plain or secret language and prepared in a form suitable for transmission by any means of communication." (DOD Dictionary of Military Terms)

Note that this DOD definition is neither the most intuitive nor the most consistent with colloquial or technical usages for this term.


Acronym for military information environment.

military deception

"Actions executed to deliberately mislead adversary military decisionmakers as to friendly military capabilities, intentions, and operations, thereby causing the adversary to take specific actions (or inactions) that will contribute to the accomplishment of the friendly mission. The five categories of military deception are:

  1. strategic military deception -- Military deception planned and executed by and in support of senior military commanders to result in adversary military policies and actions that support the originator's strategic military objectives, policies, and operations.

  2. operational military deception -- Military deception planned and executed by and in support of operational-level commanders to result in adversary actions that are favorable to the originator's objectives and operations. Operational military deception is planned and conducted in a theater of war to support campaigns and major operations.

  3. tactical military deception--Military deception planned and executed by and in support of tactical commanders to result in adversary actions that are favorable to the originator's objectives and operations. Tactical military deception is planned and conducted to support battles and engagements.

  4. Service military deception -- Military deception planned and executed by the Services that pertain to Service support to joint operations. Service military deception is designed to protect and enhance the combat capabilities of Service forces and systems.

  5. military deception in support of operations security (OPSEC) -- Military deception planned and executed by and in support of all levels of command to support the prevention of the inadvertent compromise of sensitive or classified activities, capabilities, or intentions. Deceptive OPSEC measures are designed to distract foreign intelligence away from, or provide cover for, military operations and activities."

    (DOD Dictionary of Military Terms)

military information environment

Acronym = MIE.

"the environment contained within the global information environment, consisting of information systems and organizations -- friendly and adversary, military and nonmilitary -- that support, enable, or significantly influence a specific military operation." (U.S. Army Field Manual 100-6, Information Operations, 1996)

military information function

"Any information function supporting and enhancing the employment of military forces." (Widnall & Fogleman, 1995) Cf. same authors' definition for information function.

military technical revolution (MTR)

A term from Soviet military theorization of the late 1970's. It denotes the phenomenon where "...extreme transformations in warfare occurred as a result of the exploitation of technology." (Lee, 1994, p. 3, credited to Krepenivich, 1992, p. 3) The Soviets "...saw the operational and organizational innovations resulting from the exploitation of the technology as defining a military technical revolution." (Ibid.). Abbreviated 'MTR'.

minimum essential information infrastructure (MEII)

A label for the least set of own-force information assets which can serve to support a given mission or operation. Abbreviated 'MEII'.

misuse detection

The class of intrusion detection tactics which proceed on the presumption that problematical intrusions (e.g., attacks) can be positively characterized, and that detection of their characteristic 'profile' is sufficient for identifying potential threats. Cf. anomaly detection.

"The concept behind misuse detection schemes is that there are ways to represent attacks in the form of a pattern or a signature so that even variations of the same attack can be detected. This means that these systems are not unlike virus detection systems -- they can detect many or all known attack patterns, but they are of little use for as yet unknown attack methods. An interesting point to note is that anomaly detection systems try to detect the complement of "good" behavior. Misuse detection systems try to recognize known "bad" behavior. The main issues in misuse detection systems are how to write a signature that encompasses all possible variations of the pertinent attack, and how to write signatures that do not also match non-intrusive activity."

(Aurobindo Sundaram, An Introduction to Intrusion Detection)


"A computer program or process which mimics the legitimate behavior of a normal system feature (or other apparently useful function) but performs malicious activities once invoked by the user." (AFCERT Computer Glossary)


Acronym for military technical revolution.

National Information Infrastructure (NII)

A general label for the composite network of data / information systems and connectivity channels which serve as the foundation for US economic, political, and military operations. Abbreviated 'NII'.

navigation warfare

A term for activities directed toward disrupting, degrading, or denying the adversary's capabilities for geographical location, tracking, and control (i.e., navigation) based on such capabilities. This term is currently used specifically to connote those EW and IW (counter-)measures involving the Global Positioning System (GPS) network of satellites and / or terrestrial / airborne / shipborne receivers.

Acronym = NAVWAR


network spoofing

"In network spoofing a system presents itself to the network as though it were a different system (system A impersonates system B by sending B's address instead of its own). The reason for doing this is that systems tend to operate within a group of other "trusted" systems. Trust is imparted in a one-to-one fashion; system A trusts system B (this does not imply that system B trusts system A). Implied with this trust, is that the system administrator of the trusted system is performing his job properly and maintaining an appropriate level of security for his system. Network spoofing occurs in the following manner: if system A trusts system B and system C spoofs (impersonates) system B, then system C can gain otherwise denied access to system A."

(Bassham & Polk, 1992)

network worm

A worm which migrates across platforms over a network by copying itself from one system to another by exploiting common network facilities, resulting in execution of the (replicated) worm on that system and potentially others.

Cf. worm


Acronym for National Information Infrastructure.

O-O-D-A Loop (also OODA Loop)

Observation, Orientation, Decision, Action loop (cited by many and ascribed to Boyd, 1987). See definition under the primary spelling (OODA).

offensive counterinformation

"Actions against the adversary's information functions." (Widnall & Fogleman, 1995)

OODA Loop (also O-O-D-A Loop)

Observation, Orientation, Decision, Action Loop (cited by many and ascribed to Boyd, 1987). Taken to describe a single iteration of the cycle proceeding from data acquisition, through information integration and decision making, to enaction of a response. Disruption or other damage to the OODA loop (cf. Mann, 1994, on Desert Storm) is a common way of portraying the goal and/or main effect of IW. Also spelled O-O-D-A (per Boyd quote in Mann, 1994).


Acronym for operations other than war -- i.e., missions carried out by the military which lie outside the scope of what is conventionally termed "war". Examples include humanitarian and police actions.

open-source intelligence

"Information of potential intelligence value that is available to the general public. Also called OSINT." (DOD Dictionary of Military Terms)

operational intelligence

"Intelligence that is required for planning and conducting campaigns and major operations to accomplish strategic objectives within theaters or areas of operations." (DOD Dictionary of Military Terms)

operations security

"A process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to:

  1. Identify those actions that can be observed by adversary intelligence systems.

  2. Determine indicators hostile intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries.

  3. Select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation."

(DOD Dictionary of Military Terms)

"A type of security that prevents and detects security breaches. With operations security, an organization can deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting evidence of the planning and execution of sensitive activities and operations." (AFCERT Computer Glossary)

Acronym = OPSEC.


"...a view, judgment, or appraisal formed in the mind about a particular matter or particular matters. It may also be said to be an intellectually defined judgment of what is true for the individual or group. It may be more influenced by attitudes than facts." (US Army Field Manual 33-1 'Psychological Operations')


cf. OODA loop (Orientation is the second 'O').


Acronym for open-source intelligence.

packet sniffer

"A device or program that monitors the data traveling between computers on a network." (AFCERT Computer Glossary)

packet sniffing

"Packet sniffing is a technique in which attackers surreptitiously insert a software program at remote network switches or host computers. The program monitors information packets as they are sent through networks and sends a copy of the information retrieved to the hacker. By picking up the first 125 keystrokes of a connection, attackers can learn passwords and user identifications, which, in turn, they can use to break into systems." (GAO, Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, Report GAO/AIMD-96-84, 1996)

passive attack

A form of attack in which data is 'released' (i.e., captured or obtained) from the target system.

"Attack which does not result in an unauthorized state change, such as an attack that only monitors and/or records data." (AFCERT Computer Glossary)

passive threat

"The threat of unauthorized disclosure of information without changing the state of the system. A type of threat that involves the interception, not the alteration, of information." (AFCERT Computer Glossary)

password cracking / password theft

"Password cracking is a technique used to surreptitiously gain system access by using another users account. Users often select weak password. The two major sources of weakness in passwords are easily guessed passwords based on knowledge of the user (e.g. wife's maiden name) and passwords that are susceptible to dictionary attacks (i.e.brute-force guessing of passwords using a dictionary as the source of guesses)."

(Bassham & Polk, 1992)

"Password cracking and theft is a technique in which attackers try to guess or steal passwords to obtain access to computer systems. This technique has been automated by attackers; rather than attackers trying to guess legitimate users' passwords, computers can very efficiently and systematically do the guessing. For example, if the password is a dictionary word, a computer can quickly look up all possibilities to find a match. Complex passwords comprised of alphanumeric characters are more difficult to crack. However, even with complex passwords, powerful computers can use brute force to compare all possible combinations of characters until a match is found."

(GAO, Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, Report GAO/AIMD-96-84, 1996)

password sniffing

A form of sniffing which entails sampling specific portions of the data stream during a session (e.g., collecting a certain number of initial bytes where the password can be intercepted in unencrypted form on common Internet services) so as to obtain password data that can then be exploited.


penetration signature

"The description of a situation or set of conditions in which a penetration could occur or of system events which in conjunction can indicate the occurrence of a penetration in progress." (AFCERT Computer Glossary)


"...the process of evaluating information which has been received and classified by the five physical senses (vision, hearing, smell, taste, and touch) and interpreted by criteria of the culture and society." (US Army Field Manual 33-1 'Psychological Operations')

perception management

"Actions to convey and/or deny selected information and indicators to foreign audiences to influence their emotions, motives, and objective reasoning; and to intelligence systems and leaders at all levels to influence official estimates, ultimately resulting in foreign behaviors and official actions favorable to the originator's objectives. In various ways, perception management combines truth projection, operations security, cover and deception, and psychological operations." (DOD Dictionary of Military Terms)


"Individual who combines phone phreaking with computer hacking." (AFCERT Computer Glossary). Formed by a play on both phreaker and hacker.

phreak / phone phreak

  1. A term for 'hacking' or 'cracking'-type exploitation directed at the telephone system (as opposed to the data communications networks). Where the intrusion / action involves both telephone and data communications networks, that portion of the intrusion activity directed toward manipulating the telephone system is typically called 'phreaking'.

    "The act of employing technology to attack the public telephone system. The art and science of cracking the phone network." (AFCERT Computer Glossary)

  2. A term for someone engaging in '(phone) phreaking'. Sometimes the label 'phreak' is used for both the perpetrator and the act.

    "The "phone phreak" (phreak for short) is a specific breed of hacker. A phreak is someone who displays most of the characteristics of a hacker, but also has a specific interest in the phone system and the systems that support its operations. Additionally, most of the machines on the Internet, itself a piece of the Public Switched Network, are linked together through dedicated, commercial phone lines. A talented phreak is a threat to not only the phone system, but to the computer networks it supports."

    (Bassham & Polk, 1992)


"Individual fascinated by the telephone system. Commonly, an individual who uses his knowledge of the telephone system to make calls at the expense of another." (AFCERT Computer Glossary)

Cf. phreak

piggy back / piggybacking

"The gaining of unauthorized access to a system via another user's legitimate connection." (AFCERT Computer Glossary)

political warfare

"Aggressive use of political means to achieve national objectives." (DOD Dictionary of Military Terms)

politicomilitary activities

"...encompass the complex of military activities which are conducted primarily for their direct, social, economic, political, and psychological impact. The activities, in their purest form, are the interaction of the military with the society-government. The operational concept involves such functions as community relations; civil affairs, to include civic action; psychological operations; certain aspects of informational activities; and coordination with other US Government agencies and friendly foreign governments." (US Army Field Manual 33-1 'Psychological Operations')

postindustrial warfare

Synonym for IW (cf. Mann, 1994, p. 13). Cf. information warfare, cyberwar, knowledge war, Third-Wave war.

precision force

"...the capability to destroy selected high-value and time-critical targets or inflict damage with precision while limiting collateral damage. This capability includes precision-guided munitions, surveillance, and targeting capabilities. It requires advances in sensors, C2 interoperability, battle management, and lethality. It also requires precision-guided munition enhancements for increased range, accuracy, and weapon effectiveness. Additionally, "sensor-to-shooter" C4I enhancements are necessary for responsive, timely force application." (DOD Joint Warfighting Science and Technology Plan)

pre-industrial warfare

Synonym for First-Wave War(fare) (cf. Toffler & Toffler, 1993).

preventive diplomacy

"Diplomatic actions taken in advance of a predictable crisis to prevent or limit violence." (DOD Dictionary of Military Terms)


"Any effort to gather information about a machine or its users on-line for the apparent purpose of gaining unauthorized access to the system at a later date." (AFCERT Computer Glossary)


"Any form of communication in support of national objectives designed to influence the opinions, emotions, attitudes, or behavior of any group in order to benefit the sponsor, either directly or indirectly." (DOD Dictionary of Military Terms; also US Army Field Manual 33-1 'Psychological Operations')


  1. Specifically.....

    "A firewall mechanism that replaces the IP address of a host on the internal (protected) network with its own IP address for all traffic passing through it. A software agent that acts on behalf of a user, typical proxies accept a connection form a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination." (AFCERT Computer Glossary)

  2. Generally.....

    Any site, host, or service invoked as an indirect surrogate for a given user or platform.


"An apparent loophole deliberately implanted in an operating system program as a trap for intruders." (AFCERT Computer Glossary)

psychological media

(NATO-specific usage) "The media, technical or non-technical, which establish any kind of communication with a target audience." (Joint Chiefs of Staff publication JCS1, 1987)

psychological objective

"...a statement of measurable response expected from the target audience as a result of PSYOP. The psychological objective must accurately define the specific behavioral response or attitude change desired which, in turn, must support the PSYOP goals." (US Army Field Manual 33-1 'Psychological Operations')

psychological operations

Acronym = PSYOP / PSYOPS.

psychological operations approach

(NATO-specific terminology) "The technique adopted to induce a desired reaction on the part of the target audience." (Joint Chiefs of Staff publication JCS1, 1987)

psychological situation

(NATO-specific terminology) "The current emotional state, mental disposition or other behavioral motivation of a target audience, basically founded on its national political, social, economic, and psychological peculiarities but also subject to the influence of circumstances and events." (Joint Chiefs of Staff publication JCS1, 1987)

psychological theme

(NATO-specific terminology) "An idea or topic on which a psychological operation is based." (Joint Chiefs of Staff publication JCS1, 1987)

psychological warfare

Acronym = PSYWAR

psychological warfare consolidation

"Psychological warfare directed toward populations in friendly rear areas or in territory occupied by friendly military forces with the objective of facilitating military operations and promoting maximum cooperation among the civil populace." (Joint Chiefs of Staff publication JCS1, 1987)


Acronym for psychological operations.


Acronym for psychological warfare.


"A retro-virus is a virus that waits until all possible backup media are infected too, so that it is not possible to restore the system to an uninfected state." (AFCERT Computer Glossary)

Revolution in Military Affairs (RMA)

Current term for the transformations driven by the proliferation of information technology (IT) as tools for optimizing military operations and weapons of military utility. Abbreviated 'RMA'. The current RMA is an instance of a military technical revolution (MTR).


With specific regard to data / information systems: "accidental or unpredictable exposure of information, or violation of operations integrity due to the malfunction of hardware or incomplete or incorrect software design." (J.P. Anderson Co., Computer Security Threat Monitoring and Surveillance. Technical report, Fort Washington PA, April 1980.)


Acronym for Revolution in Military Affairs.


Acronym for situation awareness.

scavenge / scavenging

"Searching through object residue (discarded disks, tapes, or paper) to acquire sensitive data without authorization." (AFCERT Computer Glossary)

Cf. dumpster diving

second-wave war(fare)

A synonym for industrial warfare -- the mode of warfare characteristic of nation states as they developed during the Enlightenment, through the Industrial Revolution, and on through the 20th Century. The allusion is to Toffler's "Second Wave" of economic activity, typified by mass production and populations integrated at the national level.


  1. "Measures taken by a military unit, an activity or installation to protect itself against all acts designed to, or which may, impair its effectiveness.

  2. A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences.

  3. With respect to classified matter, it is the condition that prevents unauthorized persons from having access to official information that is safeguarded in the interests of national security."

    (DOD Dictionary of Military Terms)

  4. "The condition achieved when designated information, materiel, personnel, activities and installations are protected against espionage, sabotage, subversion and terrorism, as well as against loss or unauthorized disclosure." (AFCERT Computer Glossary)

security audit

"A search through a computer system for security problems and vulnerabilities." (AFCERT Computer Glossary)

security breach

"A violation of controls of a particular information system such that information assets or system components are unduly exposed." (AFCERT Computer Glossary)

security classification

"A category to which national security information and material is assigned to denote the degree of damage that unauthorized disclosure would cause to national defense or foreign relations of the United States and to denote the degree of protection required. There are three such categories:

  1. top secret -- National security information or material which requires the highest degree of protection and the unauthorized disclosure of which could reasonably be expected to cause exceptionally grave damage to the national security. Examples of "exceptionally grave damage" include armed hostilities against the United States or its allies; disruption of foreign relations vitally affecting the national security; the compromise of vital national defense plans or complex cryptologic and communications intelligence systems; the revelation of sensitive intelligence operations; and the disclosure of scientific or technological developments vital to national security.

  2. secret -- National security information or material which requires a substantial degree of protection and the unauthorized disclosure of which could reasonably be expected to cause serious damage to the national security. Examples of "serious damage" include disruption of foreign relations significantly affecting the national security; significant impairment of a program or policy directly related to the national security; revelation of significant military plans or intelligence operations; and compromise of significant scientific or technological developments relating to national security.

  3. confidential -- National security information or material which requires protection and the unauthorized disclosure of which could reasonably be expected to cause damage to the national security."

(DOD Dictionary of Military Terms)


A descriptive phrase employed to connote the cumulative feed-forward of data and information through an operational military system, from initial acquisition of novel data elements (via the sensors) through to the element(s) effecting instrumental response as needed (e.g., the 'shooter'). A loose descriptor for the scope of processing for intrasystemic functions to obtain advantage in a theater of operations.

session hijacking

"Taking over an authorized user's terminal session, either physcially when the user leaves his terminal unattended or electronically when the intruder carefully connects to a just-disconnected communications line." (AFCERT Computer Glossary)

Cf. IP splicing / hijacking

shared situation awareness

The collective perception, comprehension, and projection of environmental elements among a set of actors.

Acronym = SSA.


Acronym for signals intelligence.


  1. As applied to electronics, any transmitted electrical impulse.

  2. Operationally, a type of message, the text of which consists of one or more letters, words, characters, signal flags, visual displays, or special sounds with prearranged meaning, and which is conveyed or transmitted by visual, acoustical, or electrical means.

(DOD Dictionary of Military Terms)

signal security

"a generic term that includes both communications security and electronic security." (U.S. Army Field Manual 100-6, Information Operations, 1996)

Acronym = SIGSEC.

signals intelligence

  1. A category of intelligence comprising either individually or in combination all communications intelligence, electronics intelligence, and foreign instrumentation signals intelligence, however transmitted.

  2. Intelligence derived from communications, electronics, and foreign instrumentation signals.

    Acronym = SIGINT.

(DOD Dictionary of Military Terms)


Acronym for signal security.

situation awareness

Sometimes termed "situational awareness".

"...the perception of the elements in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future." (Endsley, 1988, p. 97).

Acronym = SA.

This term is broadly used to denote the state of awareness that a subject (operator; pilot) has in the course of a task at a given time point. As such, it connotes a degree of orientation to those circumstances at that time point -- particularly those which are germane to the task itself. The term is also (more loosely) used to connote such a state of awareness or orientation with respect to multiple actors and/or organizational units. As such, the notion of situation awareness maps straightforwardly onto the "Orientation" phase of the OODA Loop.

sniff / sniffing

The act of surreptitiously monitoring data streams so as to intercept and capture exploitable information.

Cf. Ethernet sniffing, packet sniffing, password sniffing


  1. A tool used to intercept potentially exploitable data from the traffic on a network.

    "A program to capture data across a computer network. Used by hackers to capture user id names and passwords. Software tool that audits and identifies network traffic packets." (AFCERT Computer Glossary)

  2. Occasionally, this term is used to denote someone who 'sniffs' for data among (e.g.) network traffic.

social engineering

A term for personal (i.e., 'social') tactics employed in support of attempts to achieve unauthorized access to a computer / information system. This is something of a 'catch-all' category for any tricks used to obtain the intended access or to obtain information critical to achieving that access.

" 'Social engineering' is the final method of gaining unauthorized system access. People have been known to call a system operator, pretending to be some authority figure, and demand that a password be changed to allow them access. One could also say that using personal data to guess a user's password is social engineering."

(Bassham & Polk, 1992)

"An attack based on deceiving users or administrators at the target site. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user, to attempt to gain illicit access to the systems."

(AFCERT Computer Glossary)

Antonym = technical attack


Acronym for system of systems (cf. Owens, 1995a)


The act of bombarding a target (system, Usenet news group, set of email addresses) with sufficient volume of data (or a volume of sufficiently massive data items) such that degradation or even denial of service is achieved. This term is also perjoratively applied to describe the perceived harassment of receiving profligately-broadcast data (e.g., 'junk email' advertising).

"To crash a program by overrunning a fixed-site buffer with excessively large input data. Also, to cause a person or newsgroup to be flooded with irrelevant or inappropriate messages." (AFCERT Computer Glossary)

spectrum management

"Planning, coordinating, and managing joint use of the electromagnetic spectrum through operational, engineering, and administrative procedures, with the objective of enabling electronic systems to perform their functions in the intended environment without causing or suffering unacceptable interference. See also electromagnetic spectrum; electronic warfare. (DOD Dictionary of Military Terms)


A generic label for activities in which trusted relationships or protocols are exploited for mischievous or surreptitious ends -- especially those cases in which an unknown or unauthorized actor surreptitiously pretends to be a trusted one. The 'spoofing' need not entail personal identification -- tactics in which a machine's identity or address data are usurped are also termed 'spoofing'.

"Pretending to be someone else. The deliberate inducement of a user or a resource to take an incorrect action. Attempt to gain access to an AIS by pretending to be an authorized user. Impersonating, masquerading, and mimicking are forms of spoofing." (AFCERT Computer Glossary)

Cf. network spoofing


Acronym for shared situation awareness.

strategic psychological operations (strategic PSYOP)

"...are generally designed to further broad or long-term aims in coordination with general strategic planning, with gradual results realizable in the indefinite future. They are directed at enemy troops and civilians behind the combat zones or in enemy, friendly, or neutral countries." (US Army Field Manual 33-1 'Psychological Operations')


"...the degree to which the target audience can be influenced to respond in ways that will assist in the accomplishment of the PSYOP portion of the commander's mission." (US Army Field Manual 33-1 'Psychological Operations')


"...objects or images whose values or meanings are given by those who use or recognize them; the values are not derived from physical properties. For example, the dove may be a symbol of peace." (US Army Field Manual 33-1 'Psychological Operations')

system of systems

A term used by Admiral W. A. Owens (1995a) to denote collective (e.g., theater-wide) forces and players operating as an integrated whole.

Acronym = SOS.

tactical internet

"a battlefield communication system networked together using commercially based internet protocols." (U.S. Army Field Manual 100-6, Information Operations, 1996)


Acronym for technical intelligence.

technical attack

"An attack that can be perpetrated by circumventing or nullifying hardware and software protection mechanisms, rather than by subverting system personnelor other users." (AFCERT Computer Glossary)

Cf. social engineering

technical intelligence

"Intelligence derived from exploitation of foreign materiel, produced for strategic, operational, and tactical level commanders. Technical intelligence begins when an individual service member finds something new on the battlefield and takes the proper steps to report it. The item is then exploited at succeedingly higher levels until a countermeasure is produced to neutralize the adversary's technological advantage." (DOD Dictionary of Military Terms)

Acronym = TECHINT.

terminal hijacking

"Allows an attacker on a certain machine to control any terminal session that is in progress. A attack hacker can send and receive terminal I/O while a user is on the terminal." (AFCERT Computer Glossary)

Cf. hijacking, session hijacking

third-wave war(fare)

A synonym for IW or knowledge war (cf. Jensen, 1994, p. 35).Cf. Toffler & Toffler (1993). The allusion is to Toffler's 'Third Wave' of economic activity, which concentrates on information and knowledge as raw material and product. According to Toffler & Toffler (1993), this three-tiered economic / political model was a major influence on the DOD thinkers whose work led to today's interest in IW.

time bomb

A logic bomb which is specifically triggered by a temporal event (e.g., a predetermined date/time).

"A logic bomb that is triggered by reaching some preset time, either once or periodically. A variant of the Trojan horse in which malicious code is inserted to be triggered later." (AFCERT Computer Glossary)

Cf. logic bomb, Trojan horse


Acronym for transmission security (cf. communications security).

trap door

"A hidden software or hardware mechanism used to circumvent security control." (AFCERT Computer Glossary)

Cf. back door

Trojan horse


  1. The act of subverting a forum by deliberately posting provocative (especially provocatively stupid) messages with the intention of distracting others into response.
  2. "An online message whose purpose is to attract responses and make the responders look stupid. People who troll want to make you waste your time responding to their pointless statements." (AFCERT Computer Glossary)

  3. Someone who generates troll messages (i.e., engages in 'trolling').


As contrasted with crackers and criminals in a tripartite taxonomy of cyberspace intruders, this term is used by Icove, Seger & von Storch (1995) to denote anyone whose goal is to destroy information and/or information systems in the course of their intrusion attempts. GAO (Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, Report GAO/AIMD-96-84, 1996) similarly distinguishes such attackers from simple 'crackers':

"Others--known as computer vandals--are out to cause harm to particular organizations, and in doing so, attempt to ensure that their adversary knows about the attack."

virtual battlespace

"...the 'ether' occupied by communications impulses, databases, and computer codes." (Grier, 1995, p. 36) In this usage, the term is synonymous with cyber medium, cyberspace, infosphere.

virtual realm

As used by Libicki (1995), a synonym for information realm or cyberspace.


The generic label for a unary set of code which is designed to operate so as to cause mischief or other subversive effect in a target computer system. The term 'computer virus' was first defined by Fred Cohen (working at DEC) in 1983.

"A virus is a code fragment that reproduces by attaching to another program. It may damage data directly, or it may degrade system performance by taking over system resources which are then not available to authorized users." (GAO, Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, Report GAO/AIMD-96-84, 1996)

"Virus - A variation of Trojan Horse. It is propagating with a triggering mechanism (event time) with a mission (delete files, corrupt data, send data). Often self replicating, malicious program segment that attaches itself to an application program or other executable system component and leaves no obvious signs of its presence." (AFCERT Computer Glossary)

Cf. logic bomb, time bomb, Trojan horse



An event characterized by the open, total, and (relatively) unrestricted prosecution of warfare by lethal means. As such, war " not synonymous with warfare" (Szafranski, 1995, p. 57).

war dialer

"A cracking tool, a program that calls a given list or range of numbers and records those which answer with handshake tones (and so might be entry points to computer or telecommunications systems)." (AFCERT Computer Glossary)


"...the set of all lethal and non-lethal activities undertaken to subdue the hostile will of an adversary or enemy." (Szafranski, 1995, p. 57). The distinction between this and war ties into Szafranski's delineation of information warfare as an activity which could / should be conducted outside the situational frame of war itself.


A class of mischievous / disruptive software whose negative effect is primarily realized through rampant proliferation -- e.g., via replication and distribution of the worm's own code. Replication is the hallmark of the worm. Worm code is relatively host-independent, in that the code is self-contained enough to migrate across multiple instances of a given platform, or across multiple platforms over a network (cf. network worm). To replicate itself, a worm needs to spawn a process; this implies that worms require a multitasking operating system to thrive.

"A program or executable code module which resides in distributed systems or networks. It will replicate itself, if necessary, in order to exercise as much of the systems's resources as possible for its own processing. Such resources may take the form of CPU time, I/O channels, or system memory. It will replicate itself from machine to machine across network connections, often clogging networks and computer systems as it spreads." (AFCERT Computer Glossary)



The following are some of my preferred selections for other IW-relevant glossary / lexicon resources accessible via WWW. They are listed in no particular order.


Security Glossary
(George Mason University)

An extremely detailed / in-depth listing of terms and jargon relating to computer and information security.

The Jargon File / New Hacker's Dictionary

Eric S. Raymond

Raymond is the author / custodian of the Jargon File and its Gutenberg projection (The New Hacker's Dictionary). The original source information on these references can be found at:

Mirror sites on the WWW providing this material can be found at:

Computer Glossary

Air Force Computer Emergency Response Team (AFCERT)

AFCERT, as the lead USAF component in computer and information security, serves as one of the main DoD IW units. Their WWW site offers a large glossary of computer terminology, much of which is COMSEC / INFOSEC / COMPUSEC related.

DOD Dictionary of Military Terms

(Defense Technical Information Center)

This Web site offers a collection of the approved joint definitions as contained in Joint Publication 1-02, "DOD Dictionary of Military and Associated Terms." From this page you can either browse the dictionary or search for the definition and usage of individual terms.

Joint Warfighting Science and Technology Plan Glossary

(Copy provided at the Federation of American Scientists WWW site):

Defense Science Board

Report of the Defense Science Board Task Force on Information Warfare - Defense (IW-D), Washington DC: Office of the Under Secretary of Defense for Acquisition and Technology, November 1996.

This massive document on defensive IW includes the following terminological resources:

Institute for the Advanced Study of Information Warfare (IASIW) Glossary

This is a small glossary specifically dedicated to IW. NOTE: This site seems to have been dormant since summer 1996, and many of the resources linked to it have moved or disappeared.

A Hacker's Glossary

Michelle Slatalla A component of 'Hacker's Hall of Fame' Discovery Channel Online January 1997

FBIS Foreign Language Glossaries

Includes links to some non-English military lexicons. Of possible use in tracking down non-English nomenclature.

Lisa's Glossary

Lisa Freeburg

This untitled glossary (hosted by SWRI) contains extensive listings of IW-relevant terminology.

Information Warfare Glossary

Georgetown University

A modest glossary associated with the Georgetown University Information Warfare Database.

Military Terminology Glossary

(U.S. Army, Picatinny Arsenal)

A general glossary of U.S. military terminology and acronyms.

GO Back

Copyright © 1998 Randall Whitaker
Except as follows....

This documentation may be freely copied for personal use, distributed, cited, etc., so long as author attribution is included. Inclusion of this document in any persistent product (e.g., rehosting / reposting on WWW) without author permission is expressly prohibited.