The US military reduces the Information Operations Condition (Infocon) to Normal—the lowest possible threat level—less than 12 hours before the 9/11 attacks commence, reportedly due to reduced fears of attacks on computer networks.

Level Reduced Due to ‘Decreased Threat’ – The Infocon level is lowered to Normal, meaning there is no special threat, at 9:09 p.m. this evening. The reason for this, according to historical records for the 1st Fighter Wing at Langley Air Force Base, Virginia, is “a decreased threat from hacker and virus attacks on the computer networks across the US.” [Colorado Springs Gazette, 5/3/2001; 1st Fighter Wing History Office, 12/2001] Since October 1999, the commander of the US Space Command has been in charge of Defense Department computer network defense, and has had the authority to declare Infocon levels. [IAnewsletter, 12/2000 ] General Ralph Eberhart, the current commander of both the US Space Command and NORAD, is thus responsible for evaluating the threat to US military computers and issuing information conditions—“Infocons”—to the US military. He is presumably therefore responsible for lowering the Infocon level this evening.

Higher Infocon Level Requires More Precautions – It is unclear what difference the reduced Infocon level makes. But an e-mail sent earlier in the year from Peterson Air Force Base in Colorado, where NORAD and the US Space Command are headquartered, revealed the steps to be taken when the Infocon level is raised one level from Normal, to Alpha. These steps include “changing passwords, updating keys used to create classified communication lines, minimizing cell phone use, backing up important documents on hard drive, updating virus protection on home computers, reporting suspicious activity, and reviewing checklists.” [Colorado Springs Gazette, 5/3/2001]

Level Increased Earlier in Year – It is also unclear what the Infocon level was prior to being reduced this evening and why it had been at that raised level. Pentagon networks were raised to Infocon Alpha for the first time at the end of April this year, as a precaution against attacks on US systems, after Chinese hackers warned of such attacks in Internet chat room postings. [United Press International, 4/30/2001; Colorado Springs Gazette, 5/3/2001; United Press International, 7/24/2001] The Infocon level was raised to Alpha a second time in late July, due to the threat posed by the Code Red computer virus. [United Press International, 7/24/2001; US Department of Defense, 7/24/2001] It will be raised again, from Normal to Alpha, during the morning of September 11, immediately after the second attack on the World Trade Center takes place (see 9:04 a.m. September 11, 2001). [1st Fighter Wing History Office, 12/2001]

System Intended to Protect Defense Department Computers – The Joint Chiefs of Staff established the Infocon system in March 1999 in response to the growing and sophisticated threat to Defense Department information networks. The system is intended as a structured, coordinated approach to defend against and react to attacks on Defense Department systems and networks. Reportedly, it “provides a structured, operational approach to uniformly heighten or reduce defensive posture, defend against unauthorized activity, and mitigate sustained damage to the defense information infrastructure.” It is analogous to other Defense Department alert systems, such as Defense Condition (Defcon) and Threat Condition (Threatcon). The Infocon system comprises five levels of threat, each with its own procedures for protecting systems and networks. These levels go from Normal, through Alpha, Bravo, and Charlie, up to Delta, which, according to Rear Admiral Craig Quigley, the deputy assistant secretary of defense for public affairs, is when “You’re currently under an absolutely massive hack attack, from a variety of means, from a variety of sources. You’re talking a very concerted, focused attack effort to get into [Defense Department] systems.” [IAnewsletter, 12/2000 ; General Accounting Office, 3/29/2001 ; US Department of Defense, 7/24/2001]

Source: September 10, 2001: Military ‘Infocon’ Alert Level Reduced because of Perceived Lower Threat of Computer Attacks