Winter 2026

As the journal enters its 25th year, the editorial team thought it was a good idea to celebrate the occasion by having two special editions, this one and one in September. This edition, 25.1, contains six papers from the 1st to the 10th editions. The idea was to examine them and see, in retrospect, how the information in them lasted over time. Were the predictions accurate? Did they add to the body of knowledge and assist in the development and understanding of Information Warfare? In the six picked for this exercise, it seems that the content gave the reader some interesting angles for the time. It must be remembered that the first edition was released on the 7th of September, 2001. Four days later the world had changed.

Zero Day Secure: A Radical Guide to Successful Computer Security

The author’s aim in this text is to supply new information about a different approach to computer security, a topic most regarded as imperative in the present environment. Her main aim is to explore the concept of the Computer Operations Continuum of Power (COCOP), And this is explained in 10 chapters with text and excellent diagrams illustrating the procedures. We thought this was an interesting concept, mainly how can one secure something from a threat you know nothing about – i.e., a Zero Day Attack? Enclosed is our review by chapters:

Chapter 1 outlines the principles of COCOP where three Principles are outlined:

• Prohibit ordinary application programs from accessing plenary power; in other words, the user must be authorized.
• Contain contemporaneous expansive operations
• Guarantee internal operations.

Chapter 2 called "Plenary Power Vulnerabilities" examines three flaws of computing:

• Erroneously opening a file with a similar name.
• Erroneously connecting with an incorrect network.
• Not quite sure about this one – input data should be verified.

A Review of: Identity Theft the Next Generation of Fraud—How Well are the Irish Protecting Themselves? by A Keaney and D Remenyi, JIW, Volume 7, Number 1, Published 2008

This is a very interesting and thought-provoking paper that, while almost two decades old, has held up surprisingly well considering how dramatically the technology has changed since 2008. For example, few would have thought that biometrics would be an integral part of mobile cyber security or that QR codes would be universally used by all. Most of this study was focused on traditional credit card use, which, while still important, has become only one of a number of ways that consumers can use to transfer funds such as Venmo and PayPal, all of which open up new vectors for scams and fraud to be perpetrated.

What the JIW leadership thought most interesting from a psychology aspect, is that the attitudes and personal behaviors have not improved as much as one would have hoped over time. When one looks at the ways that fraud is conducted now, compared to when this research was conducted, it does not seem like the general population is any more sophisticated than it was nearly 20 years ago.

A Review of: Hacking the Human: Countering the Socially Engineered Attack, by A Cullen and I Mann, JIW, Volume 7, Number 2, Published 2008

This research stands the test of time as a classic study of social engineering attack strategies and what can be done to defend against them. While technology has obviously changed, these authors were advancing concepts and strategies to protect against these threats that we see in use today. Especially of interest are their suggestions of two-factor authentication using transient codes on cell phones. While the current technology is not what they envisioned…it is much better; they did understand how the use of multiple factors could thwart cyberattacks.

They also advocated for more aggressive training as well as pre-emptive exercises and scenarios to be developed to better inform staff on what to look for. In that case, this has actually happened to a large extent over the last two decades where most organizations mandate cyber awareness training for all employees that includes real world testing and mechanisms. This is a huge sea change where the employees are recognizing cyber scams on their own and reporting it up the chain of command. It is not realistic that a company or organization is relying on a single Chief Information Officer (CIO) to protect all of the staff, and the best scenario is when all staff or team members are aware, engaged, and proactively protecting their networks.

A Review of: An Emergent Security Risk: Critical Infrastructures and Information Warfare, by BG Pye and MJ Warren, JIW, Volume 8, Number 3, Published 2009

This paper has also stood up to the test of time over the years, as these Australian academics accurately forecast the dangers to Industrial Control Systems (ICS) from a cybersecurity aspect. They were prescient when you realized how critical infrastructure such as electrical, HVAC, water, and lighting instances would all become interconnected as Facility Related Control Systems (FRCS), and the danger that would occur. In most cases, these Operational Technology (OT) devices were never meant to be accessed remotely, as availability is the overriding concern, vice confidentiality in the IT realm. And yet two decades after this paper was published, one can see a proliferation of hacks occurring in the exact same manner as was forecast in this paper.

A Review of: e-Democracy–An Invitation to i-Warfare? by D Remenyi,
JIW, Volume 2, Issue 2, Published 2003

This paper was published in 2003 and will be evaluated in that context. It was a time when most of the Internet’s structure was determined and expanding. Personal computers were common and growing in usage. Home networks were booming and social media and communication software were increasingly being used. Optimistic scenarios were being envisaged where if people could communicate, then an e-Democracy which would influence law making, policy, and political processes could be developed to assist in the development of the best interest for the majority of the people, an international democracy communicated by individuals’ understanding of the various elements of the political process. However, this is not what happened. The author claims that it needs an environment where the rules of law prevail (whose law?), civil rights are upheld, and governments can reform peacefully. This would be the outcome if information is freely and rapidly available. Some 22 years later, the situation has certainly changed but not in that way. True, things such as e-voting have flourished (but not without problems of data corruption and manipulation). So why has this electronic nirvana not been created? Basically, the one factor that politics is based on that is, power, has not been considered.

A Review of: Personalised Information Warfare—The New Homeland
Defense, by C Valli, JIW, Volume 2, Number 3, Published 2003

This paper, written when it was estimated there were 500 million personal computers in use, compared to the 5 billion in 2025, was describing an environment that has completely changed. However, the trends pointed out in the paper predicted many of the actualities of the present. The theme of personalized attacks was beginning to gradually increase at the time, with machines being attacked but also specific individuals by activities such as social engineering being perfected. Of course, this was inevitable as people were attached to their ‘own’ machines and networks. Organisations had personal computers since the early 1980s, but they tended to be separated from mainframe applications so, without that link from the Internet to the mainframe, the threat was often considered less important. However, early in this century the links began to merge. In organisations, the convenience of the applications made attacks on the ‘lesser’ networks become an attractive target.

A Review of: A Systems View of Information Warfare, by H Friman,
JIW, Volume 1, Number 1, Published 2001

Friman’s paper proposes a systems approach to Information Warfare issues. It was officially published when the Journal of Information Warfare was released at the InfoWar.com conference held in Washington, D.C., the week before the 9/11 terrorist attacks. This event changed most of the approaches to information-related approaches to conflict. The paper outlines the systems approach, which integrates both physical and psychological elements—which became essential in the new environment of the collectivisation of the targets in influencing entities using information systems. The output became targeted at groups both internal and external to the creators of systems for behavioural change.

The interest in systems (and information warfare) was high in Sweden at the time. The history of systems’ thought was also high. Throughout the latter half of the 20th century, many systems approaches were developed. These included ‘hard’ approaches such as Forrester’s ‘System Dynamics’ that emphasised feedback loops and linkages between elements of the system. It certainly presented a leap ahead but was still using the Closed (or Machine) metaphor. Beers Virtual Systems Model had a cybernetic flavour and used a fixed approach, as it specified the essential components necessary for each data component and the interactive flows between them for an effective system to work. Checkland offered another open (organic) metaphor called Soft Systems Methodology, which put emphasis on as many opinions involved with the problem that were involved in the problem’s solution. This was a reaction to the failure to provide information systems that were expensive and which failed to provide adequate service for its users. Thus, this ‘organic’ process to draw a boundary around the system provided many elements that would have previously been omitted. Also, it showed relevant functions outside the system and how they related to it.