The American military is the most information-dependent force in the world. It uses computers to help design weapons, guide missiles, pay soldiers, manage medical supplies, write memos, control radio networks, train tank crews, mobilize reservists, issue press releases, find spare parts and even suggest tactics to combat commanders.

Moreover, all these military missions rest on a foundation of computer-driven civilian information networks. An amazing 95 percent of military communications travel via the same phone networks you use to fax a contract or chat with a lover in Wisconsin. More than 150,000 military computers are tied into the civilian Internet commonly used to exchange research papers, e-mail and X-rated images among computers worldwide, including many in Russia, Iran and China. American military bases are powered by the national electric power grid. Pentagon purchases are conducted via the federal banking network. Soldiers are transported under the watchful eyes of the air traffic and railroad control systems.

In short, if the civilian computers stopped working, America's armed forces couldn't eat, talk, move or shoot.

Yet as the Pentagon becomes ever-more dependent on high tech, it finds itself deeper and deeper in a maze: It is developing a new cyberspace warfare strategy that is intended both to defend and wreck the very computer networks that support it and all other modern armed forces.

Military officials acknowledge that they have no ability to protect themselves from cyberspace attacks and no legal or political authority to protect commercial phone lines, the electrical power grid and vast, vital databases against hackers, saboteurs and terrorists.

Despite these flaws, or perhaps because of them, the military's emerging strategy for waging war in cyberspace is the hottest topic among the high-tech defense intelligentsia these days. Pentagon officials have named it "information warfare"; others describe it as four-dimensional, full-contact chess.

In April, CIA Director John Deutsch (then deputy defense secretary) said at his Senate confirmation hearing, "This is a very important subject ... which we don't really have a crisp answer to. Understanding that we have a vulnerability, and knowing what to do about it ... are two different things."

In May, the CIA's now-retired deputy director, Adm. William Studeman, told a conference of intelligence officials that infowar targets "can include U.S. telecommunications, financial systems ... the stock exchange, the Internal Revenue system of the United States, social security, banking, strategically important companies, research and development, air traffic control systems and high-tech databases, all of which are vulnerable today from outside." Infowar strategy is based on the assumption that it is computerized information, not manpower or mass production, that increasingly drives the U.S. economy and that will win wars in a world wired for 500 TV channels. This computerized information exists in cyberspace – the new dimension created by the endless reproduction of computer networks, satellites, modems, databases and the public Internet.

The Pentagon formally defines infowar as the effort to seize control of electronic information systems during a conflict. To do so, military hackers would spike the software in enemy computer networks, diplomats would horse-trade to shut down international phone lines, covert jammers would clog military radio links, electromagnetic-pulse weapons would burn out enemy electronics and sensitive eavesdropping devices would tap into the enemy's vulnerabilities, fears and strategic thinking. Success need not be total; even partial and temporary control over the flow of information would help the Pentagon blind, deafen, gag, confuse and deceive its enemy.

Even among the muddy techno-skeptics in the Army, there's some optimism that infowar can win wars without much bloodshed; "You can stop a war before it starts. ... We think we have a paradigm shift here," Col. Mike Tanksley, head of the Army infowar center at Fort Belvoir, told a defense industry meeting last December.

The world saw the Pentagon's first stab at infowar during the 1991 Gulf War, when the United States and its allies quickly gave the Iraqi army an involuntary lobotomy. Their techniques included some traditional measures such as bombing telephone exchanges, as well as exotic infowar weapons, such as the Army's Sandcrab jammer that disrupted long-range radio links throughout Iraq.

But as soon as the shooting stopped, Pentagon officials began to ask themselves how well U.S. forces could resist a similar infowar attack. To test the resilience of the Pentagon's networks against enemy computer hackers, the Defense Information Systems Agency (DISA) in Arlington put together a team of in-house hackers last year and set them free in the Internet. The result? The hackers grabbed control of 88 percent of the 8,900 Pentagon computers they attacked, and only 4 percent of the penetrations were ever noticed by the Defense Department's computer operators, according to Robert Ayers, chief of DISA's information warfare division.

The data from the test were combined with data from 350 break-ins by unidentified hackers, allowing Ayers to conclude that the department's computers were broken into more than 300,000 times in 1994 by assailants unknown. "We are not prepared for an electronic version of Pearl Harbor. ... Our [electronic] infrastructure is not safe and not secure," Ayers said.

Sometimes too the military shoots itself in the foot. This spring a pilot who helped rescue Capt. Scott O'Grady in Bosnia later described the mission to military friends via e-mail. Within hours, sensitive (but not secret) details – including pilot code names, radio frequencies and weapons information – were available worldwide to 3 million America Online subscribers. Aside from the military's own computers, how secure are the civilian networks upon which the Pentagon and the nation depend? Pathetically insecure, judging by the number of computer crimes, front-page hacker stories and software errors such as that which collapsed much of the AT&T network in January 1990. Even everyday human error can play havoc, such as the November 1990 episode in Chicago where a backhoe accidently severed a phone link, cutting off 150,000 phones, some ATMs and O'Hare International Airport.

How real, how widespread, is the threat of this new kind of warfare? More so than most Americans realize. No fewer that 30 countries are working on infowar techniques, according to a December 1994 report prepared by the National Communication System, the DISA-managed unit charged with assuring that a core of the nation's information networks remains operational during any crisis. The report concludes: An "adversary determined to harm the United States through the use of information warfare techniques may choose to completely ignore military [computer] systems because of the higher likelihood of success with civilian systems. Major dislocations in American society could be caused by targeting sensitive but unclassified data, such as power systems, electronic funds transfer systems, the PSN [phone network] and the national airspace management system."

Apply that judgment to a scenario in 1997:

Saddam is in his bunker and his troops are again fighting their way into Kuwait City. U.S. troops are airborne to rescue the Emir again.

But what if the Iraqis respond to the U.S. intervention by attacking the New York phone system? Their weapon would not be a Scud missile or a bunch of terrorists but a professional hacker sitting in an Amsterdam apartment or an Ivy League-trained Iraqi computer scientist resting in Finland, either of whom could use the Internet to vandalize New York's phone exchanges.

Without a phone network, Wall Street goes silent, the city's cash registers stop ringing, scheduled flights to JFK and LaGuardia are rerouted and Howard Stern and the daytime soaps go off the air. Maybe even the computer-controlled power grid goes down along the East Coast, causing widespread panic, looting and rioting.

Yet the U.S. government can't do much about this because it can't locate hackers who carefully hide their tracks in the maze of Internet links.

An alarmist scenario by obsolete Cold War Warriors? Perhaps, but it raises a legitimate question: Who protects the information sinews of the nation? During World War II, everyone knew it was the Navy's job to protect Standard Oil tankers from marauding U-boats, DISA's Ayers said. But even though information is now more important and vulnerable than oil, the government has no information protection plan. This gap has prompted Pentagon officials to draft a classified document asking the White House to draw up a national infowar strategy. If the request is approved by the Defense Department and accepted by President Clinton, senior officials from the Pentagon, the intelligence agencies, the FBI, Secret Service, State Department, U.S. Information Agency and Commerce Department would develop the infowar strategy for the president's approval.

Whatever the eventual result of this effort, the Pentagon is nowhere near solving its immediate information-war problems. First, it hasn't allocated the money needed to fix its own networks. More than a year ago, the directors of DISA and the NSA asked Defense Secretary William Perry for an extra $500 million a year to bolster network security. That increase is half the price of a B-2, but Perry approved only an extra $50 million per year. Second, even if the Pentagon did allocate the needed billions for network security, it can't compete with industry's flood of high-quality information-technology products that negate much of the Pentagon's supposed high-tech advantage. According to a 1994 study by the Pentagon's top-level Defense Science Board, infowar "technologies and capabilities are largely being developed in an open commercial market and are outside of direct government control. ... A Third World' nation could procure a formidable, modern IW capability virtually off-the-shelf."

The third and most important reason why the military can do little to stave off an infowar threat is the United States' libertarian tradition. Today's vital but vulnerable civil networks were built for commercial use and for private data – and managers (and voters) don't want to be hassled by government-sponsored security guards or Pentagon-prepared security regulations.

The controversy over the NSA's "Clipper chip" program demonstrates the political and cultural barriers to any government role. The Clipper program would offer companies a data-scrambling technology – called the "Clipper chip" – that they could use to hide private phone calls and financial records from eavesdroppers, hackers and other troublemakers. The price is that the courts would gain a master key to unlock Clipper-protected phone calls, allowing them to eavesdrop upon conversations and data held by criminals, terrorists and drug smugglers. But despite the support of the White House, the FBI and the NSA, the Clipper chip has been bottled up by opponents using constitutional privacy and freedom of speech arguments and by large corporations reluctant to accept government regulation of data-scrambling technology.

Defense officials know they'll never have a significant role in the protection of private information, no matter how much of an infowar target it may be. "[S]ubstantial protection of the civil information enterprise would entail a cultural change' in the private sector," grumbled the Defense Science Board study. This is precisely why the Pentagon's infowar warriors want the White House to patch together some kind of national policy that promotes the security of commercial information networks.

Whatever the ultimate shape of infowar, the military has to recognize that it must hand over the defense of the nation's information networks to industrialists, entrepreneurs and – gasp – lawyers. The industrialists, not the military, are the only ones who can build larger and more durable networks for shared military and civilian use. Ambitious entrepreneurs will develop the sophisticated software and hardware needed for the specialized tasks of fending off computer criminals and infowar hackers. And money-grubbing lawyers can successfully frighten industrialists into buying the infowar-defense technology with the threat of costly lawsuits for breach of electronic privacy or failure to provide continuous phone service.

From the Pentagon's point of view, there would be at least one good thing in all of this technological and cultural change; the military budget won't be used to pay for the many billions of dollars that would be needed to close the Hacker Gap.

Neil Munro covers Congress and intelligence issues for Washington Technology and is the author of "The Quick and Dead: Electronic Combat and Modern War" (St. Martins Press, 1991).