Home > Articles > Software Development & Management

The Impact of September 11 on Information Technology

IT will be one of the likely battlefields of the future. Here's an introduction to the discussion of the impact of September 11 on information technology. Read on if you're involved in, affected by, or interested in the IT-related aspects of the terrorist attacks, and whatever consequences flow from those attacks.
This chapter is from the book

My aim is to put down on paper what I see and what I feel in the best and simplest way.
—Ernest Hemingway

September 11, 2001

During the late 1980s and early 1990s, I made several business-related trips to Japan to work with some of the leading computer companies in the country. One of those trips took place in early December 1991; at the end of a long, busy work-week, I awoke in my Tokyo hotel room on a Saturday morning, and realized with a shock that it was December 7th.

December 7th—a date, as my parents had been informed by a somber President Franklin Delano Roosevelt, that would forever live in infamy. And this was not just any run-of-the-mill December 7th, but the 50th anniversary of the attack on Pearl Harbor that launched America into the second World War. I am one generation removed from that event, and was not even born when it occurred; but I couldn't help feeling tense and nervous as I left my hotel room to stroll around the streets of Tokyo on that quiet, gray Saturday morning. How will people behave? I wondered. What will they say to me? How will I respond?

I tried to anticipate a number of different attitudes and interactions from Japanese citizens that I expected to encounter in the hotel lobby, on the streets, and in the shops. I anticipated seeing thoughtful editorials in the newspapers, and earnest spokesmen on the television news programs; and I tried to sort out my own feelings about a date that had taken on mythic proportions throughout my entire life. But the one attitude and reaction that I did not expect, and that I saw consistently throughout the city of Tokyo that day, was: nothing. No remorse, no belligerence, no moment of quiet reflection, no jingoistic speeches of pride for the Japanese military forces, no mention whatsoever. Nothing. Nada. Zip. Everywhere I went, I was surrounded by a young generation of earnest, well-groomed, polite Japanese men and women who were completely preoccupied with the day-to-day tasks of shopping, or taking their children to the park, or (as they do so often in Japan, even on Saturday) hurrying into their offices to put in a full day of work. Pearl Harbor, for all its significance to me, apparently meant nothing to them.1

And perhaps a grandchild of mine, 50 years from now, will have the same experience—and perhaps that experience will be magnified, as it was for me, by the unexpected coincidence of celebrating the 50th anniversary of September 11, 2001 on the streets of Kabul or Kandahar. But as I write these words, just a few short weeks after the attack on the Pentagon and the World Trade Center, it's hard to imagine that anyone could ever forget the horror, and also the significance, of that Tuesday morning in New York City and Washington. It was, as Obe Wan Kenobee remarked in the original Star Wars movie, when he sensed that one of the rebel planets had been obliterated by Darth Vader's Death Star, a "disturbance in the Force."

More than just a disturbance in the Force, September 11th represents a paradigm shift—a fundamental transformation in our understanding of how things work, and why things happen. Part, though by no means all, of that paradigm shift will involve the field of information technology (IT); and the details of the IT paradigm shift are the subject of this book.

The paradigm shift

The term "paradigm shift" was popularized by the late Thomas Kuhn in a classic book, The Structure of Scientific Revolutions. My Microsoft Word dictionary says that one of the definitions of "paradigm" is "a generally accepted model of how ideas relate to one another, forming a conceptual framework within which scientific research is carried out." And a paradigm shift occurs when the existing framework requires so many exceptions and special cases, and when it fails to address so many important problems, that it literally collapses under its own weight and is replaced by a new, simpler, more persuasive paradigm.

It's reassuring to know that, in the aftermath of September 11th, the paradigms of the physical sciences, which we all learned in high school and college, still seem intact; even though I feel disoriented and confused much of the time these days, I know that the law of gravity still holds. Indeed, even though most of us were so astounded by the real-time experience of watching the World Trade Center collapse that we whispered, in awe and terror, "This can't be happening!", the architects and engineers who replayed those awful videos over and over again have convinced themselves that the buildings did obey the laws of physics and thermodynamics—and that, in many ways, they did exactly what they were intended to do, when subjected to a sudden and catastrophically violent shock.

But in addition to paradigms of physics and astronomy and mechanical engineering, there are also business paradigms and political paradigms and social paradigms that we've become accustomed to. And those political/social paradigms have a great deal of influence on the plans, strategies, and—without meaning to overuse the word completely—the paradigms of the information-technology (IT) profession to which I've devoted my career. Those paradigms have indeed shifted; and while we may need to wait for several more months or years before our politicians and philosophers can understand and articulate the quantity and quality of the social/political paradigm shift, we should start doing our own thinking about the IT ramifications.

For example: Many of us were gratified by the success of the ad hoc communication networks that were stitched together by desperate family members and business colleagues in the hours immediately following the WTC attack; they were grass-roots, bottom-up, and emergent (as opposed to pre-planned, and hierarchically managed) in nature. Independently of what corporations and their IT departments might plan, by way of an effective post-9-11 environment, I firmly believe that individual citizens and corporate employees will put more and more faith in these ad hoc networks in the coming months, as they continue to cope with the sluggish, ambiguous, contradictory, and sometimes untrustworthy flow of information from "official" channels.

If things like this were only taking place at the individual level, it might not be worth writing about. But it's not just individuals, and not just corporate IT departments, who might be thinking about such issues: the military is taking it seriously, too. In an article by Leslie Walker entitled "Uncle Sam Wants Napster!" (Washington Post, Nov. 8, 2001), we learn that the Pentagon is looking at peer-to-peer (P2P) file-sharing and collaboration tools like Napster and Groove—not because they want to download pirated music, but because the classic top-down, hierarchically-developed communication systems often turn out to be incompatible (e.g., Navy communication systems can't talk to Army communication systems), and too cumbersome to cope with the chaotic, fast-moving world of terrorist warfare.

If this is relevant for the military community, could it be relevant for corporate IT environments too? And even if corporate executives think it isn't, is it possible that their front-line workers—the sales reps, and field-service technicians, and work-at-home telecommuters—might disagree? Is it possible that the urgent, time-critical need to communicate will cause them to completely abandon and ignore their company's high-security, firewall-protected email systems, and resort instead to SMS-messaging on their cell phones, and AOL instant messaging on their Palm Pilots? Even if it's against company policy, is it possible—perhaps even likely—that they'll do it anyway? And if they're going to do it anyway, because they believe they absolutely have to, does it make sense for companies to design their systems to support ad hoc, emergent, P2P communications in the first place? Apparently, the U.S. Defense Department thinks it's worth considering; perhaps other companies should, too.

In addition to thinking about communication networks, there are numerous other paradigm shifts that IT organizations will have to accommodate in the coming years. For example, within a week after September 11th, IT industry journals reported that Ford Motor Company was seriously rethinking the lean inventory system that its IT organization worked so hard to enable;2 after all, the likelihood of chaotic disruptions necessitates a more resilient supply chain, with more "buffers" and more inventory. In the weeks since then, I've heard about numerous other companies which are also re-thinking their inventory systems, and re-thinking the assumptions upon which their entire supply chain is based.

Similarly, the whole notion of globalization is being called into question: If tensions increase and various parts of the world become more hostile and isolationist in nature, it might be far too risky to present a homogeneous corporate image in a hundred different countries. But if there is a strong move, within today's multinational companies, towards autonomy and heterogeneity, what does that imply for the integrated Enterprise Resource Planning (ERP) systems that our IT organizations have been grappling with for the past decade?

Interestingly, some of these paradigm shifts were already underway before September 11th; after all, terrorism was already a fact of life, and many corporations were already concerned about security. And beyond the obvious and direct threat posed by terrorism, more and more companies have been realizing that change—competitive change, regulatory change, technological change, market-preference change, etc.—is occurring at an ever-increasing speed, and in ever more disruptive forms. To cite just one non-terrorism example, consider Napster: Without any warning or fanfare, one individual college dropout was able to create an Internet-based music-sharing technology that threatened to wreak havoc upon the mammoth music industry.

Napster and the September 11th terrorists share a characteristic that corporations and government agencies are likely to see more and more often in the future: disruptive threats caused by "stateless actors," whose technology makes them disproportionately powerful. In the past, nations expected to face threats from other nations; corporations expected competition from other corporations. But now, if the official reports are accurate,3 a handful of individuals, armed with box-cutters and funded with less than a million dollars in "seed money," has managed to wreck four commercial airplanes and cause over a hundred billion dollars in physical destruction. And one college student, whose only objective seems to have been the achievement of a "cool" technology for sharing music with his friends, nearly brought the recording industry to its knees. This is indeed a new world.

As it turns out, Napster has probably been put out of business by the legal counter-attack posed by the recording industry; but the battle may go on for years into the future, as rebellious teenagers use Gnutella, LimeWire, and a dozen other derivative technologies to circumvent the "legitimate" practice of buying CDs and tape cassettes in stores for their listening pleasure. As for the World Trade Center attack: The President, the Secretary of Defense, the Secretary of State, and numerous other high officials have told us that we are engaged in a war that will go on for years, and possibly decades. The established order of things has been upset by new paradigms, and we're being told that we should expect them to continue being upset for years into the future.

There is one other aspect of the paradigm shift that is exemplified in a particularly stark fashion by the World Trade Center attack, but also by the Napster phenomenon and many of the other disruptive changes we're facing today: The war is no longer "over there," it's here. In the past, our military forces expected attacks upon the United States to emanate from other parts of the world—e.g., in the form of Russian ICBM missiles flying over the North Pole to attack us via Canada, or by enemy submarines popping up in the middle of the Atlantic and Pacific Oceans and lobbing missiles at our cities. Meanwhile, our publishers typically expected their copyright threats to emanate from China, or Russia, or Third-World countries where copyright laws were ignored, or flouted openly. But Napster was created by an American student at Boston University; and the World Trade Center, along with the Pentagon, was attacked by commercial U.S. airlines piloted by individuals living in the U.S. on student/tourist visas.

IT will be one of the likely battlefields of the future

The battlefield between Napster and the recording industry was the courtroom; and, as this book is being written, the battlefield in the war against terrorism exists largely in Afghanistan. But in a larger sense, information technology (IT) is the battlefield upon which many of the conflicts are likely to be fought in the next several years.

Some of these conflicts will be obvious and direct, in terms of their association with IT; "cyber-warfare" is the catch-all term that's being used to describe various forms of hacking, viruses, physical attacks on computer centers or the Internet backbone, etc. In some cases, the attack may not be on the computers per se, but on the ability of computer systems to support such critical functions as telephone switching centers, stock-market trading systems, air-traffic control, etc.

It's also important to realize that IT is involved indirectly in almost every other aspect of hostility we're likely to face in the coming years—including the "hostile competition" that private-sector organizations face, even without the terrorism associated with September 11th. One of the stumbling blocks in implementing a more comprehensive air-travel security system, for example, is the lack of adequate information systems to identify potential terrorists before they get on the airplane. And one of the concerns that the health-care community has, in the face of potential anthrax/smallpox attacks, is that it lacks the kind of real-time tracking systems that UPS and Federal Express use to monitor the movement of packages through their organizations.

On a somewhat more subtle, philosophical level, information technology determines the degree to which we live in an "open" versus a "closed" society. It may seem overly melodramatic to suggest that the September 11th attack launched a war between the "open" society of the United States and the "closed" society of the fundamentalist Taliban movement. But it definitely is true that a large dimension of the American response to that attack has been a reassessment of the very openness that allowed terrorists to enter the country and board civilian airlines with little or no trouble. Now we find ourselves discussing and debating such questions as: what information does the government have a right to know about citizens and visitors to this country? What information is it obliged to disclose, when it monitors and eavesdrops upon citizens and visitors, and when it arrests them for suspected terrorist activities? What information are citizens allowed to access and publish on the Internet? What rights do we have to encrypt the private messages we wish to send our personal friends and business colleagues? What obligations do our banks, our hospitals, our tax-collection agencies, and numerous other private-sector and public-sector organizations have to maintain the security and privacy of personal information they collect about us?

Obviously, questions like these are not going to be answered exclusively by IT professionals or computer companies like IBM and Microsoft. On the other hand, IT professionals are likely to have a more realistic assessment of the feasibility and practicality of various privacy and security policies and regulations being contemplated by government authorities. Furthermore, government and the legal profession tend to be reactive rather than proactive; and their time-frame for reacting to problems and opportunities is measured in months or years. Meanwhile, the private sector—and, in particular, the high-tech startup companies in places like Silicon Valley—is proactive, opportunistic, and fast-moving. If you're concerned about issues of privacy and security, you'd better start talking about it with IT professionals now, because companies like Microsoft and Sun and Apple are likely to do something tomorrow to exploit whatever opportunities they see available.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020