Disclaimer: Since this dissertation is still a draft only, there may be some duplication of sources in the different chapters and all references may not be in complete citation format.  

The National Security Threat of the U.S. Information Infrastructure System and U.S. Information Infrastructure System Security Policy (Draft)

DISSERTATION BIBLIOGRAPHIES

CHAPTER 1 – INTRODUCTION

1. Osgood, Robert E., and Robert W. Tucker. Force, Order, and Justice. Baltimore: The Johns Hopkins Press, 1967.

2. Millis, Water. An End to Arms. New York: Antheneum Press, 1964.

3. Campbell, Neil A. Biology. Redwood City, CA.: The Benjamin/Cummings Publishing Co., Inc., 1993.

4. Campbell, Donald T., and Julian C. Stanley. Experimental and Quasi-experimental Designs for Research. Chicago: Rand McNally & Company. 1963.

5. Beyond Cold War Thinking: Security Threats and Opportunities (Report of the Twenty-Fifth United Nations of the Next Decade Conference sponsored by the Stanley Foundation), June 24-29, 1990, convened at The Lodge, Vail, Colorado.

6. Armed Forces Staff College. National Defense University. Formulation of National Strategy (Class 83). Volume 1: Student Guidance, Part 1. Norfolk, VA. January 1988.

7. Armed Forces Staff College. National Defense University. Formulation of National Strategy (Class 83). Volume II: Faculty Guidance. Norfolk, VA. January 1988.

8. National Security Strategy of the United States, The White House, Washington, D.C. January 1988.

9. National Security Strategy of the United States, The White House, Washington, D.C. January 1993.

10. Skidmore, David, and Valerie M. Hudson.  The Limits of State Autonomy: Societal Groups and Foreign Policy Formulation. Boulder, CO.: Westview Press, 1993.

11. Parade Magazine, August 18, 1996.

12. Williams, Phil. "Transnational Criminal Organisations and International Security." Survival. Vol. 36, no. 1, Spring 1994. pp. 96-113.

13. National Security Strategy of the United States, The White House, Washington, D.C. January 1987.

14. Wolfers, Arnold. Discord and Collaboration: Essays on International Politics. Baltimore: The Johns Hopkins Press, 1962.

15. Buzan, Barry. People, States, and Fear: The National Security Problem in International Relations. Chapel Hill, N.C.: The University of North Carolina Press, 1983.

16. Kerlinger, Fred N. Foundations of Behavioral Research. New York: Holt, Rinehart and Winston, 1986.

17. Fisher, Roger, (ed.). International Conflict and Behavioral Science: The Craigville Papers. New York: Basic Books, 1964.

18. Murray, Douglas J., and Paul R. Viotti (eds.). The Defense Policies of Nations: A Comparative Study. Baltimore: The Johns Hopkins University Press, 1994.

19. Boulding, Kenneth E. "Towards a Pure Theory of Threat Systems." The American Economic Review: Papers and Proceedings of the Seventy-fifth Meeting of the American Economic Association. Vol. LIII (2), May 1963.

20. Buzan, Barry. People, States, and Fear: The National Security Problem in International Relations. Chapel Hill: The University of North Carolina Press, 1983.

21. Azar, Edward E., and Chung-in Moon.  National Security in the Third World: The Management of Internal and External Threats. Aldershot, England: Edward Elgar Publishing Limited, 1988.             

22. National Security Strategy of the United States, The White House, Washington, D.C., February 1995.

23. The President's National Security Telecommunications Advisory Committee (NSTAC) Issue Review: A Review of NSTAC issues addressed prior to NSTAC XIX. March 1997.

24. High Performance Computing and Communications: Foundation for America's Information Future. A Report by the Committee on Information and Communications, National Science and Technology Council, Supplement to the President's FY 1996 Budget.

25. Perrow, Charles. Normal Accidents: LIving with High-Risk Technologies. New York: Basic Books, Inc., Publishers, 1984.

26. Howard, John D. An Analysis of Security Incidents on the Internet 1989-1995. PhD Dissertation, Engineering and Public Policy Department, Carnegie-Mellon University, Pittsburgh, PA, April, 1997.

27. Schwartau, Winn. Information Warfare: Cyberterrorism: Protecting Your Personal Security in the Electronic Age, 2nd edition. New York: Thunder's Mouth Press, 1996.

28. Critical Foundations: Protecting America's Infrastructures. Report of the President's Commission on Critical Infrastructure Protection, Washington, D.C.: GPO, October 1997.

29. Schwartau, Winn. Information Warfare: Chaos on the Electronic Superhighway. New York: Thunder's Mouth Press, 1994.

30. Littman, Jonathan.  The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulson. Boston: Little, Brown and Company, 1997.

31. Horton, Forest, Jr., (ed.). Towards The Global Information Superhighway: A Non-Technical Primer for Policy Makers (Special Centennial Publication). FID Occasional Paper 11. Prepared by The FID Task Force on Global Information Infrastructures and Superhighways (FID/GIIS) and collaboration organizations. The Hague, Netherlands: International Federation for Information and Documentation (FID), 1995.

32. Targowski, Andrew S. Global Information Infrastructure: The Birth, Vision, and Architecture. Harrisburg, PA.: Idea Group Publishing, 1996.

33. Williams, Martyn. "Hackers Penetrate Defense Department Computer Networks." Newsbytes, http://www.newsbytes.com.  April 22, 1998.

34. Revolution in the U.S. Information Infrastructure. National Academy of Engineering. National Academy Press. Washington, D.C.: 1995.

35. Pipkin, Donald L. Halting the Hacker: A Practical Guide to Domputer Security. Upper Saddle River, N.J.: Prentice Hall PTR. 1997.

36. Anthes, Gary H. "DoD on Red Alert to Fend Off Info Attacks." Computerworld. January 6, 1997.

37. Bicknell, David. "US Defence Calls For Security Testing." Computer Weekly. January 9, 1997.

38. Slabodkin, Gregory. "FBI Suspects Two Teens in DoD Systems Attack." Government Computer News. Vol. 17, no. 5. p. 3.

39. Shafer, Kevin. Dictionary of Networking. San Jose: Novell Press, 1997.

40. Myerson, Marian. Risk Management Processes for Software Engineering Models. Boston: Artech House, 1996. 

41. Greve, Frank, "French Techno-Spies Bugging U.S. Industries," San Jose Mercury News, October 21, 1992, p. F1.

42. Ruthberg, Zella G., and Harold F. Tipton. Handbook of Information Security Management: 1995-96 Yearbook. Boston: Auerbach, 1995

43. IEEE Standard Glossary of Software Engineering Terminology (Std. 610.12-1990). Standards Committee. Computer Society of the IEEE. Institute of Electrical and Electronics Engineers. September 28, 1990.

44. IEEE Standards Status Report, Institute of Electrical and Electronics Engineers.

45. Miller, Harris N. President, Information Technology Association of America (ITAA). “Fighting Cyber Crime.” Testimony before the House Subcommittee Crime.  June, 14, 2001.

46. Molander, Roger, Andrew S Riddile, and Peter A. Wilson. “Strategic Information Warfare: A New Face of War.” MR661. 1996.

47. “Strategic Warfare Rising.” MR-964-OSD. The RAND Corp. 1998.

48. Mollander, Roger, Peter A. Wilson, Andrew S. Riddile and Michelle K. Van Cleave. The Day After…in the American Strategic Infrastructure. The RAND Corp. January 9, 1998.

49. “A Review of NSTAC issues addressed prior to NSTAC XIX” The President's National Security Telecommunications Advisory Committee (NSTAC) Issue Review, March 1997.

50. Ellison, Robert J., David A. Fisher, Richard C. Linger, Howard F. Lipson, Thomas A. Longstaff and Nancy R. Mead. “Survivability: Protecting Your Critical Systems.” Proceedings of the International Conference on Requirements Engineering. April 6-10, 1998.

51. Laprie, Jean-Claude. "Dependability - Its Attributes, Impariments, and Means" in Randell, B., J.-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

52. Landwehr, Carl E., Alan R. Bull, John P. McDermott, and William S.Choi. “A Taxonomy of Computer Program Security Flaws.’ ACM Computing Surveys. September 1994.

53. Laprie, Jean-Claude, Jean Arlat, Christian Beounes, and Karama Kanoun. "Definition and Analysis of Hardware-and-Software Fault-Tolerant Architectures. . in Randell, B.,J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995

54. National Information Systems Security (INFOSEC) Glossary. NSTISSI No. 4009. NSTISSC Secretariat (142). National Security Agency. Ft. Meade, MD. September 2000.

55. Olovsson, Tomas, Erland Jonsson, Sarah Brocklehurst, and Bev Littlewood. "Towards Operational Measures of Computer Security: Experimentation and Modelling" in Randell, B., J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

56. Rochlin, Gene I. Trapped in the Net: The Unanticipated Consequences of Computerization. Princeton, N.J.: Princeton University Press, 1997.

57, "Computers: World Wide Warfare." ABC Nightline. ABCNews. December 8, ????

58. Geer, Daniel E., Jr. "Risk Management is Where the Money Is." Risks-Forum Digest. Vol. 20. Issue 6. October 12, 1998.

CHAPTER 2 - INFORMATION INFRASTRUCTURE SYSTEM

1. Horton, Forest, Jr., (ed.). Towards The Global Information Superhighway: A Non-Technical Primer for Policy Makers (Special Centennial Publication). FID Occasional Paper 11. Prepared by The FID Task Force on Global Information Infrastructures and Superhighways (FID/GIIS) and collaboration organizations. The Hague, Netherlands: International Federation for Information and Documentation (FID), 1995.

2. Targowski, Andrew S. Global Information Infrastructure: The Birth, Vision, and Architecture. Harrisburg, PA.: Idea Group Publishing, 1996.

3. The Unpredictable Certainty: Information Infrastructure Through 2000. NII 2000 Steering Committee. Computer Science and Telecommunications Board. Commission on Physical Sciences, Mathematics, and Applications. National Research Council. National Academy Press. Washington, D.C., 1996.

4. Revolution in the U.S. Information Infrastructure. National Academy of Engineering. National Academy Press. Washington, D.C.: 1995.

5. Black, Steven K., LtCol., USAF. A Sobering Look at the Contours of Cyberspace. Ridgway Viewpoints, No. 96-3. Matthew B. Ridgway Center for International Security Studies. University of Pittsburgh.  June 1996.

6. Steinberg, Don. "EDI Evolution Continues with Integration into Business Applications." PC Week, V. 5, No. 6.  February 9, 1998.

7. High Performance Computing and Communications: Foundations for America's Information Future. Supplement to the President's FY 1996 Budget. A Report by the Committee on Information and Communications. National Science and Technology Council. Office of Science and Technology Policy. September 1995.

8. Lee, Mara. "Creating the Ultimate Network," Washington Technology: Tech Business. December 7, 1995. http://www.wtonline.com/archive/1995_DECEMBER_7/tech_bus/tech_bus8.html.

9. Bangemann, Martin. "A New World Order for Global Communications: The Need for an International Charter." Speech to Telecom Interactive `97, International Telecommunications Union. Geneva, Switzerland. September 8, 1997.

10. Sheldon, Tom. Encyclopedia of Networking. Berkeley: Osborne McGraw-Hill, 1998.

11. Cole, Bernard. "Methodologies Focus on Core Integration."  Electronic Engineering Times. June 22, 1998.

12. Goering, Richard.  "New Tools Will Force Embedded Designer to Link Hardware/Software Efforts -- Codesign Turns Workplace on Its Head." Electronic Engineering Times. January 12, 1998.

13. "Mentor Graphics and IKOS Deliver Verification Environment to Accelerate Telecom and Datacom System Design."  PR Newswire, March 30, 1998.

14. Berger, S. Arnold. "Co-Verification Handles More Complex Embedded Systems, Part I." Electronic Design. Vol. 46, No. 6, March 9, 1998, p.9.

15. High Performance Computing and Communications: Foundation for America's Information Future. Supplement to the President's FY 1996 Budget. A Report by the Committee on Information and Communications. National Science and Technology Council. Office of Science and Technology Policy.

16. Information Warfare: Legal, Regulatory, Policy and Organizational Considerations for Assurance. The Joint Staff, Department of Defense. Washington, D.C. July 4, 1996.

17. Perrow, Charles. Normal Accidents: Living with High-Risk Technologies. New York: Basic Books, Inc., Publishers. 1984.

18. Malhotra, Yogesh; Abdullah Al-Shehri & Jeff J. Jones (1995). National Information Infrastructure: Myths, Metaphors And Realities [WWW document]. URL http://www.brint.com/papers/nii/.

19. Peters, Paul Evan. “National Information Infrastructure Act of 1993 (HR1757) Passes House,” Coalition for National Information, July 30, 1993, http://www.cni.org/Hforums/cni-announce/1993/0046.html.

20. U.S. Congress, Senate, S.1086, “National Telecommunications Infrastructure Act of 1993”, 103d. Congress, 1^st Session, June 9, 1993.

21. U.S. Congress, Senate, “National Public Telecommunications Infrastructure Act of 1994,” 103d Congress, 2d Session, June 15, 1994.

22. “Conference on the Nat’l Competitiveness Act (HR820/S.4),” FINS Special Report, September 27, 1994, http://www.sunsite.uk.edu/FINS/Special_Reports/Fins-SR2-36.txt.

23. Ruthberg, Zella G., and Harold F. Tipton. Handbook of Information Security Management: 1995-96 Yearbook. Boston: Auerbach, 1995.

24. Report of the DSB Task Force on Information Warfare (Defense). Defense Science Board. Washington, D.C. January 8, 1997.

25. High Performance Computing and Communications: Toward a National Information Infrastructure. Supplement to the President's FY 1994 Budget. A Report by the Committee on Physical Mathematical and Engineering Sciences, Federal Coordinating Council for Science, Engineering, and Technology, Office of Science and Technology Policy June 1993. 

26. High Performance Computing and Communications: Technology for the National Information Infrastructure. Supplement to the President's FY 1995 Budget. Committee on Information and Communications, National Science and Technology Council, Office of Science and Technology Policy May 1994.

27. High Performance Computing and Communications: FY 1997 Implementation Plan. National Coordination Office for High Performance Computing and Communications. December 1996.

28. Report of the Defense Science Board Summer Study Task Force on Information Architecture for the Battlefield. Defense Science Board. Washington, D.C. October 1994.

29. Redefining Security. A Report to the Secretary of Defense and the Director of Central Intelligence. Joint Security Commission. Washington, D.C. February 28, 1994.

30. Matlack, William H., Jr. "Interoperability the Rage at Forum." Electronic Engineering Times. August 24, 1998.

31. Scott, Richard W. Organizations: Rational, Natural, and Open Systems. Englewood Cliffs, N.J.: Prentice Hall, 1992.

32. Willets, Dennis.  “Telecommunications Security.” in Computer Security Reference Book edited by K.M. Jackson and J. Hruska.  CRC Press, Inc. 1992.

33. Rochlin, Gene I. Trapped in the Net: The Unanticipated Consequences of Computerization. Princeton, N.J.: Princeton University Press, 1997.

Chapter 3 - INFORMATION INFRASTRUCTURE SYSTEM VULNERABILITIES, RISKS, AND THREATS.

1. Pipkin, Donald L. Halting the Hacker: A Practical Guide to Computer Security. Upper Saddle River, N.J.: Prentice Hall PTR, 1997.

2. Shafer, Kevin. Dictionary of Networking. San Jose: Novell Press, 1997.

3. Meinel, Carolyn P. "How Hackers Break In...." Scientific American. Volume 279, Number 4. October 1998.

4. Glave, James. "U.S. Computer Security Called Critical Mess." (Original article written October 28, 1997). Inforwar.Com & Interpact, Inc. WebWarrior@Infowar.Com. March 22, 2001.

5. Lange, Larry. "More Microsoft Security Woes." TechWeb News. March 28, 1997.

6. Borland, John. "Trojan-Horse Security Flaw Found in Cisco Software." TechWeb News. August 7, 1998.

7. Patrizio, Andy. "Security Firm Exposes Back Orifice Functions." TechWeb News. August 7, 1998.

8. Caisse, Kimberly.  "Cisco Software Bug Exposes Router to Hackers." TechWeb News. August 24, 1998.

9. Scott, Richard W. Organizations: Rational, Natural, and Open Systems. Englewood Cliffs, N.J.: Prentice Hall, 1992.

10. Machlis, Sharon. "Military Beefing Up Its Hacker Defenses; Concerned About Risks to National Security." Computerworld. April 7, 1997.

11. Cupito, Mary Carmen. "Creating WEb Windows May Leave Doors to Dat Unsecure." Health Management Technology, vol. 18, no. 10, DATE?????

12. McWilliams, Brian. "Hacker Reveals Serious Security Hole in IE4." PC World News Radio.  November 12, 1997.

13. Myerson, Marian. Risk Management Processes for Software Engineering Models. Boston: Artech House, 1996.

14. Boulding, Kenneth. "General Systems Theory: The Skeleton of Science." Management Science. Vol. 2, 1956.

15. Williamson, Mickey. "The Science of Software Development." CIO. April 15, 1996.

16. Williamson, Miryam. "Software Reuse." CIO. March 1, 1997.

17. Thomas, Doug. "Why Hackers Hate Microsoft." Online Journalism Review. April 29, 1998.

18. "ARPA Moves on `Spoofing'." 1998 Exchange Telecommunications Newsletter. September 4, 1998.

19. Borland, John. "Feds Work to Block Domain-Name Hackers." TechWeb News. August 25, 1998.

20. Eddy, Andy. "Buffer Overflow Bugs Here to Stay: Recent Microsoft, Netscape Software Problems Nothing Out of the Ordinary." Network World. August 10, 1998.

21. Adams, Charlotte. "DoD Security Software: Good Year for COTS." Military & Aerospace Electronics. February 1998, vol. 9, Issue 2.

22. Clark, David, and Joseph Pasquale, et.al., "Strategic Directions in Networks and Telecommunications," ACM Computing Surveys: ACM 50th Anniversary Issue: Strategic Directions in Computing Research, Vol. 28, No. 4, December 1996.

23. Wiener, Lauren Ruth. Digital Woes: Why We Should Not Depend on Software. Reading, MA: Addison-Wesley Publishing Company, 1993.

24. Kopetz, H. Software Reliability. New York: Springer-Verlag New York Inc., 1979. 

25.Lee, Leonard. The Day the Phones Stopped: The Computer Crisis - The What and Why of It, and How We Can Beat It. New York: Donald I. Fine, Inc., 1991.

26. Brown, William J., Raphael C. Malveau, et.al. AntiPatterns: Refactoring Software, Architectures, and Projects in Crisis. New York: John Wiley & Sons, Inc., 1998.

27. Hatton, Les. Safer C: Developing Software for High-integrity and Safety-critical Systems. London: McGraw-Hill Book Company, 1995.

28. Clark, Don. "Computer Experts to Disclose Discovery of Potentially Serious Web-Security Gap." Wall Street Journal. January 5, 1999.

29. Suresh babu, R.M., B.B. Biswas, and G. Govindarajan. "Developing Highly Reliable Software." IEEE Micro. vol. 17, No. 5. September/October 1997.

30. Marks, Paul. "Faults Highlight Problems of Nuclear Software." New Scientist. Vol. 135, No. 1836. August 29, 1992.

31. Costlow, Terry, and Alexander Wolfe. "Embedded Systems May Harbor Hidden Glitches." Electronic Engineering Times. January 14, 1998.

32. Van Name, Mark L., and Bill Catchings. "Seamless Doesn't Always Mean Smooth." PC Week. November 27, 1997.

33. Pluth, Ron, and Taimur Aslam. "Cosimulation Targets Early Integration." Electronic Engineering Times.  June 22, 1998.

34. Schirrmeister, Frank, and Timothy Rhodes. "Felix Ties System Behavior, Architecture." Electronic Engineering Times. June 22, 1998.

35. "At Nortel, Coverification Is an Ongoing Effort." Electronic Engineering Times. January 19, 1998.

36. Bacharowski, Walter. "EJTAG Port Can Simplify Prototyping."Electronic Engineering Times. February 9, 1998.

37. Cole, Bernard. "Methodologies Focus on Core Integration."  Electronic Engineering Times. June 22, 1998.

38. Goering, Richard. "New Tools Will Force Embedded Designer to Link Hardware/Software Efforts -- Codesign Turns Workplace on Its Head." Electronic Engineering Times. January 12, 1998.

39. "Mentor Graphics and IKOS Deliver Verification Environment to Accelerate Telecom and Datacom System Design."  PR Newswire. March 30, 1998.

40. Berger, S. Arnold. "Co-Verification Handles More Complex Embedded Systems, Part I." Electronic Design. Vol. 46, No. 6, March 9, 1998.

41. Ruthberg, Zella G., and Harold F. Tipton. Handbook of Information Security Management: 1995-96 Yearbook. Boston: Auerbach, 1995.

42. "Technology, Society, and National Security." Predecision Draft.  National Security Study Group (NSSG). The Hart-Rudman Commission. May 1, 1999.

43. Strategic Plan. Chief Information Officers Council. Washington, D.C. January 1998.

44. Anderson, Dave. “Sometimes a Nickname Has a Price.” NY Times. May 3, 2001.

45. Blair, Jayson, and William K. Rashbaum. “Man Broke Into Accounts of Celebrities, Police Say.” NY Times. March 21, 2001.

46. Bader, Jenny Lyn. “Ideas & Trends; Paranoid Lately? You May Have Good Reason.” NY Times. March 25, 2001.

47. Neumann, Peter G. Computer-Related Risks. Reading, MA: Addison-Wesley Publishing Company,1995.

48. Common Vulnerabilities and Exposures (CVE). http://cve.mitre.org, May 9, 2001.

49. Siedsma, Andrea. “Spy vs Spy.” T Sector: Everything Tech San Diego. January 2001.

50. Albert, Reka, Hawoong Jeong, and Albert-Laszlo Barabasi. “Error and Attack Tolerance of Complex Networks.” Nature. 402. July 27, 2000.

51. Tu, Yuhai. “How Robust is the Internet?” Nature. 402. July 27, 2000.

52. Claffy, K., Tracie E. Monk, and Daniel Mc Robb. “Internet Tomography.” Nature. January 7, 1999.

53. Erroneous Verisign-Issued Digital Certificates Pose Spoofing Hazard. Microsoft Security Bulletin MS01-017. March 22, 2001. http://www.microsoft.com/technet/ security/bulletin/ms01-017.asp.

54. Landwehr, Carl E., Alan R. Bull, John P. McDermott, and William S.Choi. “A Taxonomy of Computer Program Security Flaws.” ACM Computing Surveys. September 1994.

55. Willets, Dennis.  “Telecommunications Security.” in Computer Security Reference Book edited by K.M. Jackson and J. Hruska.  CRC Press, Inc. 1992.

56. SANS Resources. “How to Eliminate the Ten Most Critical Internet Security Threats: The Experts’ Consensus.” Version 1.32. January 18, 2001. http://www.sans.org/topten.html.

57. Miller, Harris N. “Fighting Cyber Crime.” Testimony before the House Subcommittee Crime.  June, 14, 2001.

58. Keller, TW. “Achieving Error-Free Man-Rated Software” in 2^nd International Software Testing, Analysis, and Review Conference. Monterey. CA. 1993.

59. Musa, John D., and A. Frank Ackerman. “Quantifying Software Validation: When to Stop Testing.” IEEE Software. May 1989.

60. Ellison, Robert J., David A. Fisher, Richard C. Linger, Howard F. Lipson, Thomas A. Longstaff, and Nancy R. Mead. “Survivability: Protecting Your Critical Systems.” Proceedings of the International Conference on Requirements Engineering. April 6-10, 1998.

61. “Rough Sailing for Smart Ships.” Scientific American. Vol. 279, No. 5. November 1998.

62. Randell, Brian, Alexander Romanovsky, Cecilia M.F. Rubira, Robert J. Stroud, Zhixue Wu, and Jie Xu. "From Recovery Blocks to Concurrent Atomic Actions” in Randell, B., J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

63. Laprie, Jean-Claude, Jean Arlat, Christian Beounes, and Karama Kanoun. "Definition and Analysis of Hardware-and-Software Fault-Tolerant Architectures” in Randell, B., J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

64. Xu, Jie, Andrea Bondavalli, and Felicita Di Giandomenico.  "Dynamic Adjustment of Dependabiltiy and Efficiency in Fault-Tolerant Software" in Randell, B., J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

65. Fabre, Jean-Charles, Yves Deswart, and Brian Randell. "Designing Secure and Reliable Applications using Fragmentation-Redundancy-Scattering: an Object-Oriented Approach" in Randell, B., J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

66. Thevenod-Fosse, Pascale, Helene Waeselynck, and Yves Crouzet. "Software Statistical Testing" in Randell, B., J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

67. Marre, Bruno, Pascale Thevenod-Fosse, Helene Waeselynck, Pascale Le Gall, and Yves Crouzet. "An Experimental Evaluation of Formal Testing and Statistical Testing" in Randell, B., J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

68. Shutz, Werner. "Testing Distributed Real-Time Systems: An Overview" in Randell, B., J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

69. Kanoun, Karama and Jean-Claude Laprie. "Software Reliability Trend Analyses: From Theoretical to Practical Considerations" in Randell, B., J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

70. Laprie, Jean-Claude, Christian Beounes, Mohamed Kaaniche, and Karama Kanoun. "The Transformation Approach to the Modelling and Evaluation of Reliabilty and Availability Growth" in Randell, B., J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

71. Laprie, Jean-Claude, Christian Beounes, Mohamed Kaaniche, and Karama Kanoun. "Validation of Ultra-High Dependability for Software-based Systems" in Randell, B., J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

72. Littlewood, Bev, Sarah Brocklehurst, Norman Fenton, Peter Mellor, Stella Page, David Wright, John Dobson, John McDermid, and Dieter Gollman.  "Towards Operational Measures of Computer Security: Concepts" in Randell, B., J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

73. Olovsson, Tomas, Erland Jonsson, Sarah Brocklehurst, and Bev Littlewood. "Towards Operational Measures of Computer Security: Experimentation and Modelling" in Randell, B., J-C. Laprie, H. Kopetz, and B. Littlewood (eds.). Predictably Dependable Computing Systems. Berlin: Springer, 1995.

74. Rochlin, Gene I. Trapped in the Net: The Unanticipated Consequences of Computerization. Princeton, N.J.: Princeton University Press, 1997.

75. "Computers: World Wide Warfare." ABC Nightline. ABCNews. December 8, 1997.

76. Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise. Microsoft Security Bulletin MS01-033. June 18, 2001. http://www.microsoft.com/telnet/security/bulletin/MS01-033.asp.

77. Poulson, Kevin L. Letter to the Honorable Manuel L. Real, United States District Judge. Los Angeles, CA. Re: United States v. Kevin Poulson, CR 93-276R, February 9, 1995..

CHAPTER 5 - POLICY DIS-ORGANIZATION: AN ORGANIZATIONAL ANALYSIS OF U.S. GOVERNMENT INFORMATION INFRASTRUCTURE SYSTEM SECURITY POLICY

1. Ozier, Will. “Implementing Integrated Risk Management.” in Ruthberg, Zella G., and Harold F. Tipton (eds.). Handbook of Information Security Management: 1995-96 Yearbook. Boston: Auerbach. 1995.

2. Jackson, K.M., and J. Hruska (eds.). Computer Security Reference Book. Boca Raton, FL: CRC Press, Inc. 1992.

            3. Information Warfare: Legal, Regulatory, Policy and Organizational Considerations for Assurance. The Joint Staff, Department of Defense. Washington, D.C. July 4, 1996.

            4. Presidential Decision Directive/NSC 29, Security Policy Coordination, The White House, September 16, 1994.

            5. The Unpredictable Certainty: Information Infrastructure Through 2000. NII 2000 Steering Committee. Computer Science and Telecommunications Board. Commission on Physical Sciences, Mathematics, and Applications. National Research Council. National Academy Press. Washington, D.C., 1996.

            6. Report of the DSB Task Force on Information Warfare (Defense). Defense Science Board. Washington, D.C. January 8, 1997.

            7. Executive Order 12472, Assignment of National Security and Emergency Preparedness Telecommunications Functions, April 3, 1984.

8. High Performance Computing and Communications: FY 1998 Implementation Plan. National Coordination Office for High Performance Computing and Communications. September 3, 1998.

9. High Performance Computing and Communications: Information Technology Frontiers for a New Millennium. Supplement to the President’s FY 2000 Budget. A Report by the Subcommittee on Computing, Information, and Communications Research and Development. National Science and Technology Council. Office of Science and Technology Policy. April 8, 1999.

10. “Opening Statement of Chairwoman Constance A. Morella. Subcommittee on Technology. Committee on Science. U.S. House of Representatives. ? Session, 105^th Congress, February 11, 1997.

            11. A National Security Strategy For a New Century. The White House. Washington, D.C. December 1999.

            12. National Security Agency/National Institute of Standards and Technology MOU, 24 March 1989.

            13. Cryptography’s Role in Securing The Information Society (CRISIS). Committee to Study National Cryptography. Computer Science and Telecommunications Board. Commission on Physical Sciences, Mathematics, and Applications. National Research Council. Academy Press. Washington, D.C. 1996.

            14. Redefining Security. A Report to the Secretary of Defense and the Director of Central Intelligence. Joint Security Commission. Washington, D.C. February 28, 1994.

            15. Report of the Joint Security Commission II. Joint Security Commission. Washington, D.C. August 24, 1999.

            16. Computer Security Act of 1987 (P.L. 100-235).

            17. National Security Decision Directive 145. National Policy on Telecommunications and Automated Information Systems Security. The White House. Washington, D.C. September 17, 1984.

            18. Presidential Decision Directive 39. U.S. Policy on Counterterrorism, The White House. Washington, D.C. June 21, 1995.

19. Defending America’s Cyberspace: National Plan for Information Systems Protection, Version 1.0: An Invitation to a Dialogue. The White House.  2000.

20. “Administration Updates Encryption Export Policy.” Fact Sheet. The White House. Office of the Press Secretary. Washington, D.C. September 16, 1999.

21. “Commerce Announces Streamlined Encryption Export Regulations.” Fact Sheet. Department of Commerce. Washington, D.C. January 12, 2000.

22. Presidential Decision Directive 63. Protecting America’s Critical Infrastructure. The White House. Washington, D.C. May 22, 1998.

            23. Critical Foundations: Protecting America’s Infrastructures. Report of The President’s Commission on Critical Infrastructure Protection.  The White House. Washington, D.C. June, 1997.

            24. Zuckerman, M.J. “Asleep at the Switch? How the Government Failed to Stop the World’s Worst Internet Attack.” USA Today. March 9, 2000.

            25. Rourke, John T. International Politics on the World Stage, Seventh Edition. Dushkin/McGraw-Hill. 1999.

            26. High Performance Computing and Communications: Foundation for America’s Information Future. Supplement to the President’s FY 1996 Budget. A Report by the Committee on Information and Communications. National Science and Technology Council. Office of Science and Technology Policy. September 1995.

            27. Ward, Tommy. “Remote Access Security” in Zella G. Ruthberg and Harold F. Tipton (editors). Handbook of Information Security Management: 1995-96 Yearbook. Boston: Auerbach, 1995.

            28. http://cio.gov, CIO Council, March 24, 2000.

            29. Executive Order 13011, Federal Information Technology, The White House, Washington, D.C., July 16, 1996.

            30. Lew, Jacob, “Incorporating and Funding Security in Information Systems Investments.” Memorandum for the Heads of Departments and Agencies. Office of Management and Budget. Washington, D.C. February 28, 2000.

31. Strategic Plan, Fiscal Year 2000. Chief Information Officers Council.  Washington, D.C.

32. "Statement of Principles." ITAA's InfoSec Home Page. Information Technology Association of America. Arlington, VA. http://www.itaa.org/infosec/principles.html.

33. "Response to PCCIP Report." ITAA's InfoSec Home Page. Information Technology Association of America. Arlington, VA. http://www.itaa.org/es/cne/cippccip.html.

34. "Information Security from the Private Perspective: Obstacles, Opportunities, and Responsibilities." IMP Magazine. Information Technology Association of America. September 22, 1999. http://www.cisp.org/imp/september 99/09 99itaa-insight.htm.

35. "Information Security," ITAA Public Policy Report, http://www.itaa.org/govt/pubs/pprtext.cfm?TopicID=6.

36. EO 12333, United States Intelligence Activities, The White House, Washington, D.C., December 4, 1981.

37. NSDD 97, National Security Telecommunications Policy, The White House, Washington, D.C., June 13, 1983.

38. NSDD 84, Safeguarding National Security Information, The White House, Washington, D.C., 1982.

39. Presidential Review Directive 27, Advance Telecommunications and Encryption, The White House, Washington, D.C., 1993.

40. EO 13130, National Infrastructure Assurance Council, The White House, Washington, D.C., July 14, 1999.

41. PDD 39, U.S. Policy on Counterterrorism, The White House, Washington, D.C., June 21, 1995.

42. PDD 24, U.S. Counterintelligence Effectiveness, The White House, Washington, D.C., May 3, 1994.

43. EO 13010, Critical Infrastructure Protection, The White House, Washington, D.C., July 15, 1996.

44. OMB Circular No. A-130, Management of Federal Information Resources, Office of Management and Budget, Washington, D.C., February 8, 1996.

45. National Security Act of 1947.

46. EO 13011, Federal Information Technology, The White House, Washington, D.C., July 16, 1996.

47. Clinger-Cohen Act.

48. CIAO Webpage, http://www.info-sec.com/ciao.

49. Executive Order 12356, National Security Information, The White House, April 2, 1982.

50. Executive Order 12958, Classified National Security Information, The White House, April 17, 1995.

51. Executive Order 12958, Classified National Security Information, The White House, April 17, 1995.

52. Clinton Administration’s Policy on Critical Infrastructure Protection: Presidential Decision Directive 63, White Paper, The White House, May 1998, http://www.info-sec.com/ciao.

53. National Telecommunications System, www.ncs.gov.

54. IITF Webpage, http://www. iitf.nist.gov/committee.html.

55. Information Reform Act of 1996.

56. United States Senate Select Committee on Governmental Operations with Respect to Intelligence Activities, Foreign and Military Intelligence — Book I, 94^th Congress, 2^nd Session, 26 April 1976.

57. Executive Order 12382, President’s National Security Telecommunications Advisory Committee, The White House, September 13, 1982.

58. National Security Directive (NSD) 42, National Policy for Security of National Security Telecommunications and Information Systems, The White House, Washington, D.C., July 5, 1990.

59.  http://www.nstissc.gov/html/overview.html.

60. "National Telecommunications and Information Administration"
www.nce.gov/ncs/html/ntia.html.

61. Telecommunications Act of 1996.

62. Paperwork Reduction Act of 1980 (PL-511), December 11, 1980.

63. Paperwork Reduction Act of 1995.

64. 42 USC 6614.

65. 47 CFR 201, 202.

66. OSTP NSIA Web Page, http://www.whitehouse.gov/WH/EOP/OSTP/Security/html/Security.html

67. Executive Order 12882, President’s Committee of Advisors on Science and Technology Policy, The White House, Washington, D.C., November 23, 1993.

68. Executive Order 12864, United States Advisory Council on the National Information Infrastructure, The White House, September 15, 1993.

69.  47 C.F.R. 63.100.

70. Miller, Harris N. “Fighting Cyber Crime.” Testimony before the House Subcommittee Crime.              June, 14, 2001.

71. Molander, Roger, Andrew S Riddile, and Peter A. Wilson. “Strategic Information Warfare: A New Face of War.” MR661. 1996.

CHAPTER 8 - INFORMATION INFRASTRUCTURE SYSTEM SECURITY AND IIS SECURITY R&D FUNDING

1. A National Security Strategy For a New Century. The White House. Washington, D.C. December 1999.

2. Defending America's Cyberspace: National Plan for Information Systems Protection, Version 1.0: An Invitation to a Dialogue. The White House.  2000.

3. Executive Order 12882, President’s Committee of Advisors on Science and Technology Policy, The White House, Washington, D.C., November 23, 1993.

4. High Performance Computing and Communications: Information Technology Frontiers for a New Millennium. Supplement to the President's FY 2000 Budget. A Report by the Subcommittee on Computing, Information, and Communications Research and Development. National Science and Technology Council. Office of Science and Technology Policy. April 8, 1999.

5. http://www.whitehouse.gov/OSTP, 5/17/99.

6. High Performance Computing and Communications: Advancing the Frontiers of Information Technology. Supplement to the President's FY 1997 Budget. Committee on Computing, Information, and Communications, National Science and Technology Council, Office of Science and Technology Policy. November 1996.

7. http://www.whitehouse.gov/WH/EOP/OSTP/NSTC/html/NSTC_Home.html, 5/17/99.

8. http://www.whitehouse.gov/WH/EIP/OSTP/NSTC/htm/committee/cns_purpose.html

9. National Science and Technology Council Annual Report, 1997.  The White House.  Washington, D.C. April 1998.

10. National Science and Technology Council Annual Report, 1998.  The White House.  Washington, D.C. 1999.

11. Report of the Joint Security Commission II. Joint Security Commission. Washington, D.C. August 24, 1999.

12. Report on Information Technology Investments (Exhibit 53), FY2001 Budget, OMB Circular A-11, Exhibit 53.

13. High Performance Computing and Communications: Technologies for the 21st Century. Supplement to the President's FY 1998 Budget.  Committee on Computing, Information, and Communications, National Science and Technology Council, Office of Science and Technology Policy, November 1997.

14.High Performance Computing and Communications: Toward a National Information Infrastructure. Supplement to the President's FY 1994 Budget. A Report by the Committee on Physical Mathematical and Engineering Sciences, Federal Coordinating Council for Science, Engineering, and Technology, Office of Science and Technology Policy. June 1993.

15. High Performance Computing and Communications: Technology for the National Information Infrastructure. Supplement to the President's FY 1995 Budget. Committee on Information and Communications, National Science and Technology Council, Office of Science and Technology Policy. May 1994.

16. Neumann, Peter G. Computer Related Risks. Reading, MA: Addison-Wesley Publishing Company, 1995.

17. High Performance Computing and Communications: FY 1995 Implementation Plan. National Coordination Office for High Performance Computing and Communications. April 8, 1994.

18. High Performance Computing and Communications: Foundation for America's Information Future. Supplement to the President's FY 1996 Budget. A Report by the Committee on Information and Communications. National Science and Technology Council. Office of Science and Technology Policy. September 1995.

19. High Performance Computing and Communications: FY 1997 Implementation Plan. National Coordination Office for High Performance Computing and Communications. December 1996.

20. High Performance Computing and Communications: FY 1998 Implementation Plan. National Coordination Office for High Performance Computing and Communications. September 3, 1998.

21. High Performance Computing and Communications: Networked Computing for the 21st Century. Supplement to the President's FY 1999 Budget. Committee on Computing, Information, and Communications, National Science and Technology Council, Office of Science and Technology Policy, August 1998.

22. "President Clinton Announces Nearly A $3 Billion Increase in Twenty-First Century Research Fund." Office of the Press Secretary. The White House. Washington, D.C. January 21, 2000.

23. IT R&D Handout for FY2001 Budget Rollout by the National Coordination Office on February 7, 2000.

24. Chapter 7. “Investing in Science and Technology.” The President’s 7-Year Balanced Budget Plan. http://www.whitehouse.gov/WH/EOP/OSTP/html/fy96.html.

25. Report on Information Technology Investments (Exhibit 53), FY2001 Budget, OMB Circular A-11, Exhibit 53.

26. High Performance Computing and Communications: FY 1998 Implementation Plan. National Coordination Office for Computing, Information, and Communications. Interagency Working Group on Information Technology Research and Development.  Office of Science and Technology Policy.  Executive Office of the President. Washington, D.C. April 2000.

27. Budget of the United States. Fiscal Year 2001. Office of Management and Budget. Executive Office of the President. GPO: Washington, D.C. February 7, 2000.

28. Analytical Perspectives. Budget of the United States. Fiscal Year 2001. Office of Management and Budget. Executive Office of the President. GPO: Washington, D.C. February 7, 2000.

29. High Performance Computing and Communications: FY 1999 – FY 2000 Implementation Plan. National Coordination Office for Computing, Information, and Communications. Interagency Working Group on Information Technology Research and Development.  Office of Science and Technology Policy.  Executive Office of the President. Washington