Book abstract:

This book addresses the organization and management of the national security establishment, and especially the Department of Defense, to implement the policies the nation's leaders choose for it, to manage the programs they direct, and to adapt to a changing world.

This paper develops a probabilistic model that can be used to determine the technical performance required for a defense to meet specific political/military objectives. The defense objective is stated as a certain probability that no warheads leak through the defense. The technical performance is captured by the interceptor single-shot probability of kill and the warhead detection, tracking, and classification probability. Attacks are characterized by the number of warheads and undiscriminated decoys. Barrage and shoot-look-shoot firing modes are examined, with the optimal interceptor allocation derived for the shoot-look-shoot mode. Applications of this model for sizing national and theater missile ballistic missile defenses are discussed.

The military campaign unleashed in Chechnya in September 1999 was portrayed by the Russian leadership as a limited and carefully targeted counter-terrorist operation aimed at eliminating the threat to Russia posed by "international terrorism." In a 14 November article in the New York Times, then Prime Minister Putin sought to deflect American criticism of Russian actions and to win acquiescence, if not sympathy, by likening Russias effort in Chechnya to U.S. anti-terrorist actions. The Russian military, he insisted, had chosen "accurately targeted strikes on specifically identified terrorist bases" to avoid direct attacks on Chechen communities.

But the radical discrepancy between the initial rationale and the actual conduct of the campaign makes it clear that what we are seeing is in fact a deliberate resumption of the 1994-96 war by the Russian Government--and a unilateral abrogation of the agreements that terminated it--now pursued with even greater determination and brutality, with even less regard for civilian casualties, and with a more sophisticated military and public relations strategy.

Not only is there a massive chasm between the professed aims of the campaign and its actual conduct; there appears to be a major disconnect between the real problems of the region and the Russian Government's response. Indeed, the attempt at military subjugation and occupation of Chechnya by Russian forces is likely to exacerbate rather than solve the deeper problems of the Northern Caucasus.

This analysis focuses on three broad issues: (a) the challenge facing Moscow in Chechnya more broadly, and in particular why the opportunity for a political solution of the conflict afforded by the Khasaviurt and other peace agreements was squandered; (b) the assumptions that appear to underlie the actions of the Russian Government and why some of these assumptions appear to be questionable; and (c) the prospects for a political resolution of the conflict and for establishing longer-term peace and stability in the region.

Reprinted in Central Asia and the Caucasus, no. 4, August 2000.

Chapter in Chechnya: The International Community and Strategies for Peace and Stability, edited by Lena Jonson and Murad Esenov.

The proliferation of chemical, biological, and nuclear weapons is now the single most serious security concern for governments around the world. Peter R. Lavoy, Scott D. Sagan, and James J. Wirtz compare how military threats, strategic cultures, and organizations shape the way leaders intend to employ these armaments. They reveal the many frightening ways that emerging military powers and terrorist groups are planning the unthinkable by preparing to use chemical, biological, or nuclear weapons in future conflicts.

Distinguished specialists consider several states and organizations that have this weaponry: Iraq, Iran, India, Pakistan, North Korea, and Israel, as well as the Aum Shinrikyo cult. The contributors expose plans for using unconventional weapons, highlighting the revolutionary effects these arsenals might have on international politics and regional disputes.

The Global Diffusion of the Internet Project was initiated in 1997 to study the diffusion and absorption of the Internet to, and within, many diverse countries. This research has resulted in an ongoing series of reports and articles that have developed an analytic framework for evaluating the Internet within countries and applied it to more than 25 countries. (See http://mosaic.unomaha.edu/gdi.html for links to some of these reports and articles.)

The current report applies the analytic framework to compare and contrast the Internet experiences of Turkey and Pakistan, through mid-2000. Although historically these countries have not been closely related, there are significant parallels between the two that make them well suited for a comparative study of the absorption of the Internet. Turkey and Pakistan are among the largest non-Arab Muslim countries in the world. In contrast to most of their Arab counterparts, their governments were founded as secular, parliamentary democracies. Both countries have had stormy political histories, however, with periodic coups and authoritarian governments. Each country has firmly entrenched bureaucracies with closed and, to varying degrees, corrupt processes.

Their economies have been similarly troubled, with periods of relative hopefulness punctuated by stagnation and decline. Both countries have suffered from erratic growth rates, high inflation, and high deficits. For most of their histories, their economies were rather closed and autarkic.

In recent decades, each country has taken substantial steps to move toward a more open, market-oriented economy and made expansion of the telecommunications infrastructure a high priority. Each country has sought, less successfully than had been hoped, to attract foreign investment and integrate itself more fully with the global economy.

Each country has a number of national security concerns. Turkey and Pakistan both have histories of serious domestic terrorism and persistent conflict with a non-Muslim neighbor.

In spite of the macro-similarities, there are numerous differences between the two countries. Pakistan is considerably poorer and less developed than Turkey; it has had more coups and assassinations, deeper economic troughs, greater heterogeneity within its population, and more endemic corruption.

Societies are becoming more dependent on computer networks and therefore more vulnerable to cyber crime and terrorism. Measures to protect information systems are receiving increasing attention as the threat of attack grows and the nature of that threat is better understood. The primary purpose of this article is to determine what legal standards should govern the use of such measures and what nontechnical constraints are likely to be placed, or should be placed, on them. The article demonstrates that policing of computer networks poses a real threat to privacy, protection against self-incrimination and unwarranted searches and seizures, and the right to due process of law. Technological realities and the differences in national values and rules concerning the intrusiveness of law enforcement, protection of citizen's rights, and international cooperation can complicate the observance of these rights and allow misuse of systems set up for preventing, tracking, or punishing cyber crime. Another purpose of this article is to show that while technologies of crime and punishment are undergoing a rapid and profound evolution, the legal and normative principles discussed here will endure, because they are independent of specific technology. As such, they can provide a framework for building a global infrastructure and policy environment that can balance the needs for crime-free business, government, and personal communications, with the protection of property, privacy, and civil liberties. The article concludes that ensuring civil liberties in the course of legal and technological cooperation against cyber attacks is essential.

How much security is enough? No one today can satisfactorily answer this question for computer-related risks. The first generation of computer security risk modelers struggled with issues arising out of their binary view of security, ensnaring them in an endless web of assessment, disagreement, and gridlock. Even as professional risk managers wrest responsibility away from the first-generation technologists, they are still unable to answer the question with sufficient quantitative rigor. Their efforts are handicapped by a reliance on non-quantitative methodologies originally developed to address the deployment and organizational acceptance issues that plagued first-generation tools.

In this report, I argue that these second-generation approaches are only temporary solutions to the computer security risk-management problem and will eventually yield to decision-focused, quantitative, analytic techniques. Using quantitative decision analysis, I propose a candidate modeling approach that explicitly incorporates uncertainty and flexibly allows for varying degrees of modeling detail to address many of the failings of previous modeling paradigms. Because quantitative modeling requires data, I also present a compilation and critique of publicly available computer security data. I highlight the importance of data collection, sharing, and standardization with discussions of measurement, relevance, terminology, competition, and liability. I conclude with a case study example, demonstrating how uncertain data and expert judgments are used in the proposed modeling framework to give meaningful guidance to risk managers and ultimately to answer the question: How much is enough?

The war in the Democratic Republic of the Congo (DRC), which began in August 1998, is unprecedented-at times involving armies from eight African states. Soldiers from Chad are fighting alongside regiments from Namibia, Angola, and Zimbabwe in defense of President Laurent Kabila. And on offense, the two main rebel groups, the Congolese Assembly for Democracy (which is known by the acronym RCD) and the Movement for the Liberation of Congo (MLC), are backed by troops from Uganda and Rwanda. As Susan E. Rice, assistant secretary of state for African affairs, warned the House International Relations Committee in September 1998, "The fighting threatens regional stability, hampers economic progress, endangers the lives of millions of people, perpetuates human rights abuses, and impedes the democratic transformation of Africa's third-largest country." This war, Rice said, is potentially "among the most dangerous conflicts on the globe."

Yet, the war in Congo goes on almost unnoticed outside of Africa. While African heads of state spent much of the last year shuttling across the continent, wrestling with the crisis and searching for a peaceful solution, Congo has been largely missing from the agendas of the Western powers and multilateral organizations. Only in January, when the U.S. representative to the United Nations, Richard Holbrooke, taking advantage of his tenure as Security Council president to draw attention to Africa, did the war enter Western consciousness.

The conflict in the DRC is the first interstate war in sub-Saharan Africa since Uganda invaded Tanzania in 1978, and only the third since 1960. Although Africa is seen as a hotbed of violence and warfare, most conflicts have been intrastate in nature. Norms of sovereignty reinforced by clauses in the charter of the Organization of African Unity (OAU) and the constitutions of the various subregional organizations have effectively prevented cross-border conflict from the time of independence until now. The Ugandan and Rwandan-led invasion of Congo, as well as the presence there of the Southern African Development Community (SADC) intervention force, therefore represents a watershed in the recent history of African conflict. It appears that the forces preventing cross-border conflict since 1960 have become seriously weakened.

What are the implications of the rise of interstate war in Africa for peace and security on the continent? Why have Western powers been so reluctant to take an active role in resolving Africa's first "world war"? And what impact will the changing nature of warfare in Africa have on U.S. policy and the role of the United Nations there?

On July 19, 2000 the Center for International Security and Cooperation (CISAC) and the Lawyers Alliance for World Security (LAWS) gathered forty preeminent scientists, security experts, and political analysts for a Roundtable Discussion on the Comprehensive Test Ban Treaty at Stanford University. The day-long seminar was intended to explore the diverse set of topics that arose during the October 1999 Sentate debate of the Treaty and to develop a consensus on steps that the United States should now take with regard to the CTBT. This booklet includes a transcript of that discussion along with a collection of short papers submitted by experts who were unable to attend.