The concept of Information Warfare (IW) has caught the imagination of military throughout the world. The idea that cyber-terrorists could employ powerful computer viruses to paralyse computer networks, organisations and economies has raised fundamental questions about the future direction of defence strategies. There is however, an important difference in the approach being taken in Europe and the United States in this field. In the US, the IW threat is being personalised as an external enemy with strategic objectives (Saddam Hussein in league with the CHAOS computer club). In Europe, the threat is generalised. European thinking on IW tends to concentrate more on the vulnerabilities in the relationship between information centres within the defending nation. The threat of virus attack parallels the internal security weaknesses within organisations – and these are as much internal human and structual problems as they are problems relating to a single external enem. This deifference goes to the heart of developing a retional IW defence policy. The US has failed to take a broad view of the IW battlefield because it has failed to question the Prime Directive of netwrked communcations – a goal which promotes speed, bandwidth and real-time connectivity at the expense of security. By externalising the threat, the US cannot easily see the danger from within. These internal threats are heightened because of the current mania for re-engineering of companies – a process which radically alters the culture and structure of organisations. Companies have re-organised and delayered, abolished departments in favour of profit centres, created short term employment contracts, internal markets, and opportunities for outsourcing. The result is a re-definition of the employee that finds little room for loyalty. In this context, the real IW threat is nurtured by organisations that have sacrificed employee security on an alter of efficiency.