Information Warfare: Time
permission from ISSUES
IN SCIENCE AND TECHNOLOGY , Berkowitz, "Information Warfare:
Time to Prepare' Winter 2000-01, pp 37-44. Copyright 2000 by the
University of Texas at Dallas, Richardson, TX
Cooperation between the government
and industry is essential to protecting the nation's information
During the past several
years, military officials have become concerned about the possibility
that a foreign adversary might strike at U.S. computers, communications
networks, and databases. Although such an "information warfare"
attack could be part of a larger conventional military operation,
it is also possible that an adversary might use information
warfare (or IW, to use the Pentagon shorthand) as a warning
shot to dissuade the United States from helping an ally abroad
or as part of a limited terrorist campaign.
IW presents special problems
for U.S. defense planners. Many, if not most, targets of an
IW attack against the United States would probably be commercial
computer and communications systems. These systems are more
vulnerable than those operated by the military. Commercial operators
are seemingly unaware that they are potential IW targets, and
few have taken any precautionary measures. Commercial software
developers and hardware designers are also not attuned to the
IW threat. Thanks to "Melissa," the "Love Bug," and other computer
viruses, the public has become more aware of the importance
of computer security. Several recent cases of cyber crime and
denial-of-service (DoS) attacks have also made computer users
more alert. Yet the IW threat is very different from vandalism
and criminal activities.
Foreign military organizations
and terrorist groups are likely to have more people and deeper
pockets. They can work harder and longer on an assignment, which
means that they can crack systems that might withstand an assault
by a more casual opponent. They are likely to be more experienced
and will use more sophisticated tactics. Most important, serious
IW attackers would not reveal their activities until it is absolutely
necessary. Unlike the typical hacker prankster who wants to
attract as much attention as possible, sophisticated IW threats
have an incentive to remain discreet and are likely to have
the skills to evade detection. They would take weeks or months
to lay the groundwork for an attack in secret and would then
create diversions to confuse their targets so that the initial
phases of an attack would be as effective as possible.
The dilemma for U.S.
officials is that although commercial information systems are
prime targets for IW attack, the government has limited influence
over how these systems are designed, manufactured, and operated.
The public is generally unaware of serious IW threats. It is
hard to prove that a specific IW threat exists, let alone that
it is planning to strike a specific target. Companies are always
under pressure to reduce costs and maximize profit. All these
factors make preparing for IW difficult.
But one factor makes
preparing for IW harder than it needs to be. The relationship
between the government and information industries has often
been rocky in recent years. The two communities are often unfamiliar
with each other and view their counterparts with suspicion.
There is, in effect, a cultural divide between the government
and the commercial sector that prevents the two communities
from cooperating. Unless government officials and the information
industries improve their relationship, the United States will
become increasingly vulnerable as it becomes more dependent
than ever on computers and the networks that interconnect them.
Virtually every aspect
of life has become more dependent on computers, imbedded electronics,
and communications systems. All these information systems--and
especially those connected to a network--are potential targets
for IW attack. When defense experts talk about the IW threat
to commercial information systems, they do not mean hackers
or even criminals. They are referring to well-funded, sophisticated,
foreign military powers, intelligence organizations, and terrorist
groups. Professional military journals in several countries,
including Russia and China, have discussed computer network
attacks as a military option. Usually these writers refer to
foreign IW capabilities and plans, but it is reasonable to assume
that any military organization that has discussed foreign plans
for IW has considered the option for itself.
One difficulty in preparing
to defend against IW is that the capabilities for such attacks
are often easy to conceal, and the best IW powers are also probably
best at concealing their capabilities. Even so, one can postulate
what an IW team might look like. It might consist of a force
of professional computer network operators, not just a few technically
savvy malcontents. These technicians will know the holes that
exist in popular software packages and the slip-ups network
operators commonly make in maintaining firewalls and other security
measures. They will also know from their own experience the
shortcuts taken by sloppy or lazy operators.
Given enough time, such
an IW force could penetrate most systems connected to a public
network, in part because they would have ample support. An IW
team would likely have an intelligence service helping it identify
the vulnerable points of an adversary's infrastructure and the
computer systems they depend on. The intelligence service would
also support the IW team through traditional espionage, such
as stealing codebooks and passwords or planting agents who could
assist an attack from inside the targeted network. IW and intelligence
organizations could also work with each other to penetrate companies
that produced or maintained commercial software. This would
enable them to insert "trapdoors" and "Trojan horses" that they
could trigger later.
In addition, the IW team
would coordinate its plans with the commanders of conventional
military forces. The IW team could support a conventional strike
by jamming or confusing the enemy's air defense computer network,
or it could magnify the effects of a military strike by hacking
the databases civilian authorities need for fire and rescue
operations. An IW team might spend weeks or months "footprinting"
targeted computer networks; in effect, creating a mirror image
of the system's design to identify its weak points. Once it
had a footprint, the IW team would update its analysis regularly,
as is done with any military contingency plan. With these plans
in place, an IW team would be ready to go into action when needed.
The potential civilian targets of an IW strike could be any
communications system or computer network, or any part of a
country's infrastructure that depends on such networks. For
U.S. military forces
depend on commercial transportation systems for logistics
and, in many cases, for moving units to the scene of battle.
These transportation systems depend on computer networks to
control machinery, keep track of inventories, and coordinate
their operations. A foreign adversary could significantly
hinder U.S. forces in reaching, say, the Persian Gulf or Taiwan
Straits by attacking the computers at commercial harbor facilities
used to ship ammunition or the air traffic control system
that would be needed to support and airlift personnel and
The commercial broadcast
systems and commercial Internet would be critical during a
national emergency to coordinate public safety efforts and
keep the country informed. Some of the recent virus and DoS
attacks were targeted against companies such as CNN and AOL;
it does not require much effort to imagine how these companies
might be forced to curtail operations by a more concerted,
professionally orchestrated strike.
A serious opponent
would probably target specific suppliers and companies that
are especially important to either U.S. weapons production
or mobilization. Attacks on small, seemingly unimportant companies
might be lost in the heat of a national crisis and might be
hard for such companies to detect in any case.
Most military and government
personnel use the same banks and financial institutions as
the general public. If these are insecure, it would be possible
for an adversary to target the data records of key individuals,
either to collect compromising information or to plant disinformation.
Some writers have described
how an IW attack could lead to catastrophic results: the proverbial
"electronic Pearl Harbor." Such a strike might be theoretically
possible, but it misses the point. IW is an inevitable byproduct
of the Information Revolution. Our foreign adversaries, both
regular military forces and terrorist organizations, will target
U.S. information systems simply because it is possible and because
it offers them another channel for effective action. As information
systems become more capable, we become more dependent on them
and, as we become more dependent, they will become irresistible
targets. That is why we need to prepare defenses, and this requires
cooperation between government and industry.
Deal with it
U.S. officials were
reluctant even to discuss IW threats until the mid-1990s, when
they began to understand that it was impossible to prepare for
such attacks without greater public awareness of the problem.
One of the first studies to discuss the threat openly was a
report published by the Defense Science Board in 1996. This
study, Information Warfare--Defense (IW-D), triggered more action.
President Clinton appointed a commission under retired Air Force
General Robert T. Marsh to study foreign threats to information
systems and other infrastructure, such as transportation and
power generation. Several of the Marsh Commission's recommendations
were later enacted through Presidential Decision Directives
62 and 63, which President Clinton signed in May 1998. These
directives officially acknowledged threats to the U.S. infrastructure
(including cyber attacks) and proposed measures to protect it.
At the same time, the president appointed a national coordinator
for security, infrastructure protection, and counterterrorism
to oversee the implementation of the new policies.
Several obstacles undercut
these efforts, especially in their effectiveness against serious,
well-supported IW threats. One problem was a result of bureaucratic
politics. Agencies competed for roles in dealing with the newly
acknowledged threat. The Department of Justice won the right
in February 1998 to put the National Infrastructure Protection
Center (NIPC) in the FBI. The NIPC was, in effect, supposed
to be the federal government's command post for monitoring attacks
on information systems.
Exercises simulating an IW attack would give military
and industry personnel a better understanding of threats
and an opportunity to practice their response.
Unfortunately, the FBI
is a law enforcement organization. Although law enforcement
organizations may be effective against hackers, criminals, and
the odd troublemaker, they are ill-equipped to deal with foreign
military threats and large international terrorist networks.
Law enforcement organizations are designed to respond to crimes,
apprehend suspects, bring them to trial, and put them in jail.
Military organizations, in contrast, are designed to win wars.
Both functions are important, but each type of organization
operates under different rules and at a different tempo. Law
enforcement is reactive and emphasizes dogged detective work.
Defense is preventive, and military operations aim at ending
conflicts as expeditiously as possible on terms favorable to
the United States. Law enforcement requires respecting and protecting
the civil rights of defendants, who are presumed innocent until
proven guilty. Military operations frequently require violence
and ruthlessness to defeat (and if necessary, destroy) an adversary.
It is hard to design an organization to do both, which is, in
effect, what the NIPC is expected to do.
There are other problems,
too. Although the military services and intelligence community
have representatives at the NIPC, most of its staff comes from
law enforcement organizations. Even if defense and intelligence
organizations had greater representation at the NIPC, it would
probably still be hard to attract up-and-coming officers to
serve there. Spending a few years at a law enforcement organization
monitoring hacker reports is hardly the ticket punch that gets
a rising officer promoted. Also, the NIPC is not well connected
into the military command system. For example, there do not
appear to be clear guidelines that would define how and when
a hacking incident would be determined to be military problem
rather than a criminal investigation, and how the organization
would change its operation to deal with such a situation.
Meanwhile, military commanders
have not concentrated on protecting commercial systems from
foreign attack. They have focused mainly on ensuring that military
computer systems and communications networks work. IW attacks
against targets within the United States, such as state-sponsored
biological and chemical weapon attacks, fall into the new mission
of "homeland defense." The military services are still not certain
how to address this mission, as it is very different from the
kinds of operations U.S. forces prepared for throughout the
20th century. Homeland defense requires new kinds of forces
and new kinds of plans, many of which do not fit into the traditional
concepts of how a military force should operate. It also raises
legal issues; just as law enforcement organizations are unsuited
to dealing with military threats, U.S. military forces are prohibited
by statute from serving in a law enforcement function.
In addition to creating
the NIPC, the federal government has undertaken several other
initiatives to reduce the threat of cyber crime and cyber terrorism.
Some of these involve partnerships with industry, but there
are also problems that leave the government and the private
sector ill-prepared to respond jointly against serious IW threats.
For example, several reporting organizations have been established
to share information and issue warnings about hacker attacks
and computer viruses. One of the first of these was the Computer
Emergency Response Team/Coordination Center (CERT/CC) at Carnegie
Mellon University. CERT/CC was set up as a federally funded
R&D center by the Defense Advanced Research Projects Agency
in December 1988 after an early virus attack disabled 10 percent
of the computers then connected to the Internet. Since then,
CERT/CC has effectively become the 911 number that civilian
computer operators call to report such incidents. Other organizations
in the United States and abroad have since established local
CERTs and reporting operations. The FBI also has its Awareness
of National Security Issues and Response (ANSIR) Program, which
alerts industry and infrastructure operators to espionage and
During its last year
in office, the Clinton administration stepped up its efforts
to deal with cybersecurity issues. One of its most visible initiatives
was unveiled in February 2000, when the president announced
he would provide $9 million in accelerated funding for computer
security education programs and a new Institute for Information
Infrastructure Protection. (This was to supplement $2 billion
the administration had already proposed for cybersecurity initiatives
in FY 2001.) The administration also planned to encourage industry
to create new Information Sharing and Analysis Centers (ISACs).
These centers, two of which have already been established for
the financial and communications industries, are designed to
allow companies targeted by hackers or cybercriminals to share
information in a secure semi-anonymous environment. ISACs protect
companies from having to disclose proprietary information when
reporting such incidents and also control the flow of publicity,
so customers are informed but not unnecessarily alarmed.
The problem with CERT/CC,
ANSIR, ISACs, and similar programs is that they are geared to
peacetime operations, not to providing wartime "indications
and warning." Also, they do not routinely deal with military
commands. In other words, the most likely targets for an IW
strike against the United States are commercial computers and
networks, and the first signs of an IW strike would likely appear
in the private sector. But the reporting network that commercial
operators are coming to rely on is focused mainly on pranks,
crime, and natural disasters, not well-prepared terrorist or
military threats. In effect, the commercial sector--our canary
in the coal mine--is ill-prepared and disconnected from the
organizations that would have to respond to an attack on the
The cultural divide
It would be easier to
defend against IW threats if government and industry could cooperate
more effectively. Unfortunately, the two have collided on several
issues recently. These clashes have undermined the more highly
publicized efforts of the Clinton administration to promote
public-private partnerships. Some specific points of contention
Intel, and America Online have all been the targets of antitrust
suits or investigation by the Department of Justice. True,
computer and communications companies have long been targets
of antitrust suits; indeed, the IBM and AT&T cases were
landmarks. But it is hard for government to try to develop
a close relationship with the new information companies with
one hand, while trying to break them up with the other.
The federal government tried throughout the 1980s and most
of the 1990s to regulate encryption technology. Law enforcement
and intelligence agencies feared losing their ability to intercept
communications. The information industry, however, believed
that developing electronic commerce was impossible without
In July 2000, the FBI became ensnared in a controversy when
the press reported its use of "Carnivore," a portable computer
system for implementing court-ordered intercepts of e-mail
at Internet service providers (ISPs). Civil liberties groups
criticized the system as an invasion of privacy. The Clinton
administration, which had moved slowly on Internet privacy
issues, was unprepared to explain either how the system worked
or how it intended to protect the rights of e-mail users and
address the concerns of ISPs.
Immigration laws have prevented IT companies from hiring the
foreign talent they believe they need. This has increased
their labor costs and threatened their competitiveness with
foreign companies. Such restrictions also conflicted with
the New Economy zeitgeist of borderless markets.
Paradoxically, from the
perspective of preparing defenses against an IW strike, the
government's position on all of these issues was counterproductive.
Americans would probably be safer from an IW attack if U.S.
companies dominated commercial markets for software and hardware,
and such domination often requires a monopoly. Antitrust litigation
opens opportunities for foreign competitors. (How would national
security be affected if a foreign company designed the software
used in U.S. banks or in popular Internet browsers?) Similarly,
although encryption cannot guarantee that a commercial computer
network is secure against an IW attack, it is probably impossible
to make a system secure without strong encryption. Finally,
immigration restrictions have encouraged U.S. companies to outsource
software development to foreign countries, where there is a
greater chance that it will be compromised by foreign military
organizations and intelligence services.
Yet these disagreements
run deeper than just quibbles over policy details. The recent
disputes reflect a clash of cultures. How did this clash occur?
Part of the problem may
simply be geography and history. The first-generation computer
companies such as IBM, Burrows, Sperry, NCR, Control Data, and
Digital were mainly based in the east and the midwest. So was
AT&T, which operated as a heavily regulated government-sanctioned
monopoly until its breakup in 1984. Most of these companies
had long histories as contractors to the Department of Defense
or other government agencies. As a result, they were accustomed
to cooperating with the government, even when "cooperation"
really meant following instructions. They also shared similar
cultures. Many company officials had served in the military
or had at least worked closely with government agencies. There
were also cultural parallels: hierarchical organizations, formal
rules, and even a uniform dress code at IBM.
The new companies that
led the personal computer and Internet revolutions--Intel, Apple,
Netscape, Oracle, and, of course, Microsoft--were different.
Most took root on the west coast. Many corporate leaders had
little experience with government and had never served in the
military, having been born too late to be eligible for the Vietnam
era draft (Bill Gates and Steve Jobs were born in 1955; Steve
Case in 1958; Marc Andreessen in 1973). The new leaders often
learned computers on their own and often rejected the usual
course of formal education and earning professional credentials.
Gates and Jobs both left college early to concentrate on business;
Andreessen completed a normal stay at the University of Illinois,
but once claimed he was not sure whether he received a degree
or not. Their model for success was the startup and the IPO,
not climbing the corporate ladder; and they believed that the
consumer market was more important than government sales. Generalizations
are always risky: Andreessen, for example, worked on Mosaic
under government-funded research, and Larry Ellison created
Oracle partly with Air Force funding. But it seems fair to say
that the new corporate leaders lacked many of the government
ties their predecessors had. Many see government, along with
high interest rates and tight-fisted investment bankers, as
just another threat that could put them out of business.
Industry should expand its efforts to develop institutions
that allow companies to share information about cyber
attack without compromising privacy.
To make matters worse,
the government has been losing clout. It is no longer the most
important customer for computers and often does not have a lead
in technology. For example, government officials could once
boast that the most capable supercomputers in the world resided
at the government's nuclear labs and the National Security Agency
(NSA), where they were used to design hydrogen bombs and break
foreign codes. Today, however, the most powerful computers available
are as often in the private sector, being used, for example,
by Boeing to generate three-dimensional designs for airliners
or by Pixar to create animated cartoons.
The government's diminishing
influence has been clear in its efforts to promote security
standards for commercial information systems: a key component
of any defense against the IW threat. At one time, the National
Institute of Standards and Technology (NIST) could issue a standard
such as the Data Encryption Standard and assume that industry
would adopt it because there was nothing better. By the mid-1980s,
though, some companies began offering encryption technology
that approached or surpassed that offered by the government
and that would have been difficult or impossible for government
agencies to defeat. In 1994 the government tried and failed
to convince industry to adopt Clipper, an NSA-developed encryption
system that would have given law enforcement and intelligence
organizations the means to break ciphers under certain legally
authorized conditions. Because it was no longer dependent on
the government for the best encryption and because its commercial
interests seemed to diverge from the government's efforts to
restrict the technology, industry refused to go along.
have had difficulty adapting to the new situation. Even as the
controversy over encryption and Clipper ensued, NSA and NIST
created the National Information Assurance Partnership (NIAP)
in August 1997. NIAP, a joint program to test and evaluate commercial
security technology, works with industry and with standard-setting
agencies in other countries. Alas, figuring out how to negotiate
and facilitate, rather than impose, industry standards has put
government officials on new and unfamiliar ground. Officials
are still trying to make the process work, and representatives
from industry have been slow to forget that its partners were
only recently opposed to any process in which they had a significant
say about this key component of information security.
To be sure, the information
industry was not blameless. Even as companies complained about
government restrictions on encryption, most software packages
designed for consumers have been designed to be easy to use,
not secure. The automatic features that make popular programs
easy to use also often make them easy to hack. Similarly, although
companies warned that government agencies threatened the privacy
of their customers for the sake of national security or law
enforcement, industry often had an even more cavalier attitude
toward privacy. Witness the use of "cookies" to monitor surfing
habits on the World Wide Web, the selling of customer databases,
and often ambiguous self-policing privacy standards. And there
is the immortal quotation of Scott McNealy, chief operating
officer of Sun Microsystems, who said when asked about security
features in a new network software product, "You have zero privacy
anyway. Get over it."
The Clinton administration's
efforts during its final year to smooth relations between government
and industry will help prepare the country against IW threats.
Possibly the most important step was the administration's January
2000 reversal on encryption restrictions that, for all practical
purposes, deregulated a key technology necessary for security
against IW attack. Administration officials also began to meet
more often with representatives from industry. Even so, there
are several measures that the next administration should undertake
that would further close the gap between the commercial sector
and the government and better prepare the country for the IW
The new administration
must appoint officials who are willing and able to establish
a better relationship with the private sector. (Lt. Gen. Michael
Hayden, the current director of NSA, is an example.) Officials
must appreciate that global markets will usually defeat any
efforts to limit technology. Intelligence and law enforcement
are always challenging tasks, and figuring out how to gain access
to an opponent's communications is simply part of the job. Government
agencies will probably lose any fight in which they try to maintain
access to sources simply through regulation. Besides, allowing
industry to develop better information security technology is
not only essential to privacy and electronic commerce, it is
essential to protecting the country against IW attacks.
Another step would be
to concentrate on improving the private sector's understanding
of the IW threat. It is impossible for any government organization
to identify and fix all the vulnerabilities that may exist in
the private sector's information systems. The infrastructure
is too large, and there are too many restrictions on proprietary
data, intellectual property, and consumer privacy that will
limit the government's ability to act. Commercial software developers
and network operators need to build defenses into their own
systems. They need to be aware that they are the likely targets
of attack, and they should have incentives to take precautions.
Education is key. Colleges should be encouraged to include IW
as a topic in computer science departments' curricula on information
system security. Dorothy Denning, a Georgetown University computer
science professor, currently offers such a course, which is
a possible model. Some of the additional funding the Clinton
administration proposed for cybersecurity education could be
used to develop such courses. Law enforcement, military, and
intelligence organizations might also make some of their personnel
available to support these courses.
Industry should expand
its current efforts to develop institutions that allow companies
to share information about cyber attacks without compromising
their customers' privacy. But an additional step is required.
Industry and the Defense Department should establish operational
links that will ensure that companies can work with military
commanders if they are targeted by an IW strike. These links
would be parallel to the existing reporting links to the NIPC,
but would have a military, rather than a law enforcement, approach.
There should be a clearly defined cooperative procedure that
would allow military, defense, and industry representatives
to reach a consensus on which mode of operations is most appropriate
in a given situation.
One practical difficulty
in establishing these links is that military commanders need
precise, specific information that they can act on, but almost
all companies would have difficulty justifying the cost of the
additional people and facilities required to provide this information.
There is also the always-present problem of how a company can
provide information to government authorities without compromising
its business interests or legal responsibilities. One approach
might be for military commands to assign active or reserve officers
to CERTs and the ISACs now being established. The officers would
be responsible for generating the information the military commands
require and would be paid by the government, but they would
operate under the supervision of the civilian heads of these
organizations. The relationship might also be facilitated if
the military personnel provided assistance to commercial organizations
in preparing their own security plans.
These links would be
critical if the United States found itself under a serious IW
attack. Industry would need assistance in taking defensive measures.
During the summer of 2000, the U.S. Space Command was assigned
responsibility for coordinating information operations by U.S.
military forces, so this is where the most important connection
between government and industry is required. It is especially
important to develop personal relationships at the working level
between people who will need to share information to respond
to an attack. Exercises simulating an IW attack would give military
and industry personnel a better understanding of potential threats
and give them an opportunity to test and practice their response.
Such exercises would also give military personnel a better appreciation
of industry's concerns, and commercial operators a better appreciation
of the military's concerns. Again, this is one specific activity
that the proposed funding for cybersecurity education could
The government should
provide a combination of carrots (such as subsidies) and sticks
(such as liability statutes defining standard accepted industry
practices) to encourage commercial operators to take reasonable
security and privacy measures that would also protect against
IW attack. For example, the level of redundancy required to
ensure that a commercial computer network, communications link,
or database is available during wartime may exceed the level
of protection a company can justify. The government could offer
programs in which it would pay for this redundancy for companies
willing to participate.
Certain legislation could
also help. For example, some companies are reluctant to cooperate
with government on cybersecurity issues because they fear that
even if officials protect their proprietary data in good faith,
they may be required to release the information to comply with
disclosure statutes and regulations. Some experts believe that
once such information is in the possession of the government,
it might be subject to a Freedom of Information Act (FOIA) request.
There is some disagreement on this point, and there are already
many exemptions protecting information from FOIA requests. For
example, technical information that companies create under cooperative
development projects with the government is exempt from FOIA,
as is most information that would compromise national security
if released. But legislation would make the exemptions required
for cooperation on cybersecurity clear, and it is doubtful that
industry will participate without such ironclad guarantees.
The Cyber Security Information Act of 2000, introduced by Reps.
Tom Davis (R-Va.) and Jim Moran (D-Va.) last year, would provide
these. Other legislation that would facilitate preparation against
IW threats would stipulate disclosure requirements. For example,
financial institutions could be required to report whether they
meet industry standards for protecting their networks and data.
And most legislation aimed at protecting the privacy of consumers
and other users of the Internet would have the added benefit
of improving security against IW.
Finally, all these institutions
need to have effective oversight mechanisms to ensure the privacy
of consumers. Despite recent controversies, government officials,
civil liberties advocates, the information industry, and the
public all need to understand that they have common interests.
A system that ensures privacy is also more resistant to IW strikes
and criminal attack. With a little cooperation and foresight,
Bruce D. Berkowitz, "War
Logs On," Foreign Affairs (May/June 2000): 812.
Dorothy E. Denning, Information
Warfare and Security (Reading, Mass.: Addison Wesley, 1999).
Roger C. Molander, Andrew
S. Riddile, and Peter A. Wilson, Strategic Information Warfare:
A New Face of War (Santa Monica, Calif.: RAND, 1996).
The White House, National
Plan for Information Systems Protection, Version 1.0: An Invitation
to Dialogue (Washington, D.C.: U.S. Government Printing
Office, January 2000).
Bruce Berkowitz is a research fellow
at the Hoover Institution and coauthor of Best Truth: Intelligence
in the Information Age (Yale University Press, 2000).
by the University of Texas at Dallas, Richardson, TX