IDS Event Visualization
IDS Event Visualization

Air Force Historical Foundation

Langley Cyber Attack – Timeline & Significance

Please refer to the Google Scholar Citation Flow for a working draft based on scholarly research paper citation analysis.

    1. Bass, T, and Watt, G.,Simple Framework for Filtering Queued SMTP Mail (Cyberwar Countermeasures), Proceedings of IEEE MILCOM ’97, Nov. 1997, Download PDF Version

Influential – 20 Google Scholar Citations – Last Updated 20 March 2017

Significance – First published paper on the Langley Cyber Attack. Presented our original Black Hole Strategy which was adopted by USAF for future cyber attack and also presented our crude rules-based email bomb filter which (cyber countermeasure) was cited by scholars a few years later as the first documented “crude spam filter” predating the very sophisticated ones used today. According to Retired Captain Tim Fish, who was a key member of the LCA Tiger Team, Tim Bass formulated the strategy that was eventually dubbed the “Black Hole Strategy” by Glenn Watt. The motivation for this strategy was Bass’ response to Airman Chris Soubiah’s desire to counterattack the attacker directly; but Tim created the strategy to deny (“black hole”) all information and provide no (zero) feedback to attackers based on his experience in the same types of hacker confrontations before.


  • Bass, T., Freyre, A., Gruber, D., and Watt, G., E-Mail Bombs and Countermeasures: Cyber Attacks on Availability and Brand Integrity,
    IEEE Network Magazine, Vol. 12, No. 2, pp. 10-17, March/April 1998, Flash Intro, Abstract, Download PDF Version,


Influential – 45 Google Scholar Citations – Last Updated 20 March 2017

Significance –This paper on the Langley Cyber Attack made the cover of the prestigious IEEE Network Magazine. We were later privately told this paper was also considered for one of the IEEE Network “paper of the year awards”, but we did not make the final cut to the top. This paper is a much more “polished version” of the 1997 MILCOM paper and the peer-review was much more rigorous, hence the publication was delayed by the numerous reviews.


  • Bass, T., Intrusion Detection Systems & Multisensor Data Fusion, Communications of the ACM, pp. 99-105, Vol. 43, No. 4, April 2000 (accepted for publication February 26, 1999), PDF Version


Strongly Influential (Groundbreaking Thought Leadership) – 811 Google Scholar Citations – Last Updated 20 March 2017

Significance – This paper was the result of Bass’ interest in combining all the various logfiles and other related Langley Cyber Attack information into actionable command and control intelligence. Bases on the lessons learned from the Langley Cyber Attack, Tim Bass researched the state of the art of information fusion and was very impressed by the work of DOD researchers who had developed the Joint Directors of Laboratories (JDL) multi-sensor data fusion model. Inspired by this prior C2/C4 sensor fusion work for missile detection systems, Bass has been credited as the first person to apply the concepts of multi-sensor data fusion to cyber security intrusion detection and cyber situational awareness. This paper has been referred to as the starting point for many computer security researchers to develop new models for the future on network security situational awareness (NSSA) and next-generation intrusion detection systems. Although Bass did not present a working operational model, he is none-the-less credited for creating the concept and initial architecture based on the JDL. This paper is perhaps the most significant direct result of Bass’ experience and leadership countermeasures during the Langley Cyber Attack.


  • Bass, T., Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems, Invited Paper, 1999 IRIS National Symposium on Sensor and Data Fusion, The Johns Hopkins University Applied Physics Laboratory, 24-27 May 1999.


Very Influential – 198 Google Scholar Citations – Last Updated 20 March 2017

Significance – This paper is similar to Bass’ ACM paper Intrusion Detection Systems & Multisensor Data Fusion, however it was written for experts in sensor and data fusion. The two papers are very similar but written for different audiences.


  • Bass, T. and Gruber, D., A Glimpse Into the Future of ID, ;login: The USENIX Association Magazine, September 1999, PDF Version (57 KB)


Influential – 49 Google Scholar Citations – Last Updated 20 March 2017

Significance – In this paper, Tim Bass and Dave Gruber were credited for applying the concepts air traffic control and “traditional command and control” to cyberspace situation awareness. The reason for this discussion was, according to USAF Captain (R) Tim Fish, was what the computer and networking team members needed to talk in the language the USAF “warfighter” was comfortable and familiar. Tim Fish mentioned that these discussions involved many people including Tim Bass, Dave Gruber, Robert Graney, Tim Fish, Dale Meyerrose and others.



Influential – 18 Google Scholar Citations – Last Updated 20 March 2017

Significance – This paper by Bass further develops the ideas in A Glimpse Into the Future of ID by Bass and Gruber but the paper is written for a less technical audience. References to this paper can be found in USAF solicitations for new research in various cyberspace research areas.



Influential – 61 Google Scholar Citations – Last Updated 20 March 2016

Significance – This paper is not directly related to the Langley Cyber Attack discussions.

Note: Pruned a number published papers which are not remarkable nor significant with regards to the Langley Cyber Attack. – Last Updated 20 March 2016.