Information warfare is the offensive and defensive use of information and information systems to deny, exploit, corrupt, or destroy, an adversary's information, information-based processes, information systems, and computer-based networks while protecting one's own. Such actions are designed to achieve advantages over military or business adversaries.

—Dr. Ivan Goldberg, Institute for Advanced Study of Information Warfare

14.1 INTRODUCTION.

Until recently, warfare was conducted by armed forces representing adversarial nations, or by revolutionary elements opposing their own governments. Today, although such conflicts still exist around the world, the ubiquitous nature of computers and associated technology has created new forces, new threats, new targets, and an accompanying need for new offensive and defensive weapons. Information warfare (IW), also known as e-warfare or cyberwar, is actually, or potentially, waged by all U.S. armed forces and by those of other nations, as well as by commercial enterprises, by activist groups, and even by individuals acting alone.

Conventional wars, whether large or small, are regularly reported by the news media. Information wars, however, are largely ignored except by those with a professional interest in the field. One reason for this is that conventional warfare is a matter of life or death; photos and eyewitness accounts are dramatic reminders of human cruelty and mortality. In contrast, IW has so far been conducted bloodlessly, with only economic and political consequences. However, it is becoming increasingly evident that IW may soon be conducted in ways that could equal or exceed the death and destruction associated with conventional weapons.

Conventional wars are fought by known combatants with clearly defined allies and antagonists, but IW often is waged by unknown entities with uncertain allegiances and goals. IW may be conducted on many fronts simultaneously, with wars fought within wars, and with both civilian and military targets devastated.

The motives for conventional warfare were almost always territorial, religious, political, or economic. These are still important, but to them must be added the psychological motivations of groups and individuals—groups far more widely distributed, and less easily overcome.

This chapter discusses information warfare in terms of the vulnerabilities of targets, participants' objectives, sources of threats and attacks, weapons used, and defenses against those weapons.

14.2 VULNERABILITIES.

Until recently, concerns over the security of the technological infrastructure in technologically advanced nations have been viewed with skepticism. However, by the mid-1990s, opinion leaders in government, industry, and the security field were coming to grips with widespread vulnerabilities in the critical infrastructure.

14.2.1 Critical Infrastructure.

In 1998, President Bill Clinton circulated Presidential Decision Directive 63, which outlined his administration's policy on critical infrastructure protection:

Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and the government…. They include, but are not limited to, telecommunications, energy, banking and finance, transportation, water systems and emergency services, both government and private.¹

Having defined the very broad, vital areas that require protection, the paper went on to describe succinctly their vulnerability:

The United States possesses both the world's strongest military and its largest national economy. Those two aspects of our power are mutually reinforcing and dependent. They are also increasingly reliant upon certain critical infrastructures and upon cyber-based information systems….

Because of our military strength, future enemies, whether nations, groups or individuals, may seek to harm us in non-traditional ways including attacks within the United States. Our economy is increasingly reliant upon interdependent and cyber-supported infrastructures and non-traditional attacks on our infrastructure and information systems may be capable of significantly harming both our military power and our economy.

A few examples of specific weaknesses were given by Jack L. Brock, Jr., director, Government wide and Defense Information Systems, United States General Accounting Office:

In May 1999 we reported that, as part of our tests of the National Aeronautics and Space Administration's (NASA) computer-based controls, we successfully penetrated several mission-critical systems. Having obtained access, we could have disrupted NASA's ongoing command and control operations and stolen, modified, or destroyed systems software and data.

In August 1999, we reported that serious weaknesses in Department of Defense (DOD) information security continue to provide both hackers and hundreds of thousands of authorized users the opportunity to modify, steal, inappropriately disclose, and destroy sensitive DOD data.²

Although these “attacks” were carried out one at a time, and without malicious intent, it is apparent that they, and many others, could have been launched simultaneously and with intent to inflict the maximum possible damage to the most sensitive elements of the national infrastructure.

In a memorandum to its chairman, describing a report of the Defense Science Board Task Force on Defensive Information Operations, Larry Wright stated that:

The threats to the DoD infrastructure are very real, non-traditional and highly diversified…. The vulnerabilities of these United States are greater then ever before, and we know that over twenty countries already have or are developing computer attack capabilities. Moreover, the Department of defense should consider existing viruses and “hacker” attacks to be real “Information Operations or Warfare,” what early aviation was to Air Power. In other words, we have not seen anything yet!³

The report concluded that “[i]t is the view of this task force that DoD cannot today defend itself from an Information Operations attack by a sophisticated nation state adversary.”

14.2.2 Off-the-Shelf Software.

One characteristic of almost all military and civilian infrastructures is that they share, with more than 100 million computers, a single ubiquitous operating system, and many of the same applications programs, such as word processors, spreadsheets, and database software. These commercial off-the-shelf (COTS) products are available around the world, to friend and foe alike, and they appear to be more intensively studied by malefactors than by their security-inadequate producers. Each of these products presents entry points at which one common vulnerability may be exploited to damage or destroy huge portions of the national infrastructure. Until, and unless, this software is rendered significantly more resistant to attack, all of its users remain at risk.

14.2.3 Dissenting Views.

Not every influential observer concurs in these possible scenarios. Dr. Thomas P. M. Barnett, aprofessor and senior decision researcher at the Decision Support Department, Center for Naval Warfare Studies, U.S. Naval War College, voices a fairly typical disagreement:

If absence makes the heart grow fonder, network-centric warfare is in for a lot of heartbreak, because I doubt we will ever encounter an enemy to match its grand assumptions regarding a revolution in military affairs. The United States currently spends more on its information technology than all but a couple of great powers spend on their entire militaries. In a world where rogue nations typically spend around $5 billion a year on defense, NCW is a path down which only the U.S. military can tread.⁴

14.2.4 Rebuttal.

It may be of some benefit to have spokespersons for this unworried viewpoint, but their opinions must be weighed against those, for example, of Scott Henderson, of the Navy-Marine Corps intranet, who said: “One of our critical capabilities will be how we are to defend our information and our information systems from an adversary's attack.”⁵ He stated that successful intrusions, or attacks, on navy computer systems increased from 89 in 2000 to 125 by mid-2001, an annualized increase of 80 percent. Those figures did not include successful attacks that went undetected or unsuccessful attempts that may have identified a weak point from which to launch future, and probably more successful, attacks.

A highly significant factor in IW that most of the dissenters miss is what has been called its asymmetric nature. The barriers to entry for attackers are very low; their weapons can be inexpensive, easily obtained, highly effective, easily automated, and used with negligible risk of personal harm. In contrast, defensive measures are extremely costly in time, money, and personnel, and they may be ineffective against even unsophisticated attackers using obsolete computers.

Considering the nature and extent of already successful attacks against major elements of U.S. military and civilian infrastructures, there appears to be no justification for discounting the views of those who believe that IW, in both its offensive and defensive roles, must be accorded the attention that surrounds any potentially cataclysmic force. This Handbook, especially Chapters 16, 17, 18, 20, and 21, contains many examples of viruses, worms, and other malware that have created massive disruptions in very large networks. The worst-case scenarios presented here should serve to awaken a measured response in those who may have been unaware or unconcerned.

14.3 GOALS AND OBJECTIVES.

Attacking forces, in information warfare, will always have a variety of strategic and tactical motives behind their actions; defensive forces generally have only one tactical goal—to blunt the enemy's attack and, if possible, to counterattack. Only after this is accomplished, and the nature of the attackers has been studied, can strategies for long-range operations be determined and effected.

14.3.1 Infrastructure.

Depending on the target, an attacker's goals may vary widely, but in almost every instance attackers want to damage, subvert, or destroy the infrastructure. In doing so, an attacker would hope to bring government, the economy, and military operations to a standstill—to instill fear, uncertainty, and doubt, and ultimately to induce widespread chaos that could cost many lives.

Although this view is entirely appropriate to wars between nations or to wars fought by terrorists, it is somewhat extreme for commercial warfare, whose main goal is competitive financial advantage.

14.3.2 Military.

Today, information warfare is a vital concern of area commanders under battlefield conditions. They must obtain complete, accurate, and timely information about their opponents' actions, intentions, weaknesses, andresources while denying the same to their adversaries. The ultimate objective for all of these activities is to support the military tactics that will maximize the enemy's body count, or at least to render its defenses ineffective, so that surrender becomes the only viable option. The other side of the coin, defensive tactics, are aimed at preventing enemies from accomplishing their objectives.

In the United States, the Joint Chiefs of Staff (for Army, Navy, Marine Corps, Coast Guard, and Air Force) have formulated the Joint Doctrine for Operations Security to be followed by all commanders of combatant commands in planning, preparation, and execution of joint operations. The publication states:

Operations Security (OPSEC) is a process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities, to: (a) identify those operations that can be observed by adversary intelligence systems; (b) determine what indicators adversary intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries; and (c) select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation.⁶

OPSEC is a process that could be applied to every element of civilian infrastructure, as well as to the military, although all sources of information commonly used by the military are not available to the civilian sector. Other military code words for intelligence activities are:

HUMINT (human intelligence) is the most widely used source of information, as it has always been for both the civilian and military sectors. HUMINT is often the only source capable of direct access to an opponent's plans and intentions. Some intelligence gathering is quite open, but covert or clandestine operations must be conducted in secrecy, so as to protect the sources of confidential information.
SIGINT (signals intelligence) is obtained from communications (COMINT), electronics (ELINT), and foreign instrumentation signals (FISINT).
COMINT (communications intelligence) is information intended for others and intercepted without leaving a trace.
ELINT (electronic intelligence) derives technical or geographic location data from an opponent's electromagnetic radiations, other than those that arise from communications or from nuclear detonations or radioactive sources. The primary ELINT sources are radars (radio detection and ranging).
FISINT (foreign instrumentation signals intelligence) is obtained from intercepting and analyzing metered performance parameters electronically transmitted from sources such as a ballistic missile.
MASINT (measurement and signatures intelligence) is scientific and technical in nature. Its purpose is to identify distinctive features associated with a source, emitter, or sender so as to facilitate subsequent identification or measurement. These features include wavelength, modulation, time dependencies, and other unique characteristics derived from technical sensors.
IMINT (imagery intelligence) is produced by photography, infrared sensors, lasers, radars, and electro-optical equipment. This equipment, operated from land, sea, air, or space platforms, provides strategic, tactical, and operational information.
TECHINT (technical information) is derived from the exploitation and analysis of captured or otherwise acquired foreign equipment.
OSINT (open source intelligence) is available to the general public from news media, unclassified government publications, public hearings, contracts, journals, seminars, and conferences. The World Wide Web has become an important tool of OSINT.

The Joint Doctrine for Operations Security lists several generic military activities with some of their associated critical information. It must be the objective of all information warfare to acquire this critical information about their opponents while denying such information to them.

Diplomatic negotiations include military capabilities, intelligence verification, and minimum negotiating positions.
Political-military crisis management includes target selection, timing considerations, and logistic capabilities and limitations.
Military intervention requires information about intentions, military capabilities, forces assigned and in reserve, targets, and logistic capabilities and constraints.
Counterterrorism involves forces, targets, timing, strategic locations, tactics, and ingress and egress methods.
Open hostilities information involves force composition and disposition, attrition and reinforcement, targets, timing, logistic constraints, and location of command and control (C²) nodes.
Mobilization requires information about an intent to mobilize before public announcement, impact on military industrial base, impact on civilian economy, and transportation capabilities and limitations.
Intelligence, reconnaissance, and surveillance information includes purpose and targets of collection, timing, capabilities of collection assets, and processing capabilities.

In addition to the Joint Chiefs' doctrines, the Department of Defense and each individual branch of service have been charged with the responsibility for establishing task forces, advisory groups, training and awareness programs, and virtual information networks to mobilize IW forces and to bring into being a strong defense against enemy attack.

Further evidence of the importance of military information and the vulnerabilities that exist at this time is contained in the 2001 report of the secretary of defense to the president and the Congress:

Information superiority is all about getting the right information to the right people at the right time in the right format while denying adversaries the same advantages. The United States enjoys a competitive advantage in many of the technical components of information superiority, but the U.S. also has vulnerabilities stemming from its increasing dependence on high technology. Experiences from Somalia to the Balkans have shown that low technology adversaries also can wage effective information campaigns, especially in urban environments.

In the Information Age, the opportunities and obstacles to achieving national security objectives often are informational in nature. Information superiority is a principal component of the transformation of the Department. The results of research, analyses, and experiments, reinforced by experiences in Kosovo, demonstrate that the availability of information and the ability to share it significantly enhances mission effectiveness and improves efficiencies. Benefits include: increased speed of command, a higher tempo of operations, greater lethality, less fratricide and collateral damage, increased survivability, streamlined combat support, and more effective force synchronization. Kosovo also highlighted the shortage of assets for intelligence, surveillance, and reconnaissance, as well as the need for more secure interoperability and information protection, especially within coalitions.

To ensure that the above prerequisites are in place, DoD is developing appropriate policy and oversight initiatives, actively pursuing opportunities to improve international cooperation in the areas of Command, Control, Communication, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) and space-related activities, partnering with industry, and working to anticipate and understand the implications of emerging information technologies.

The quality of DoD's infostructure will be a pacing item on the journey to the future. The ability to conceive of, experiment with, and implement new ways of doing business to harness the power of Information Age concepts and technologies depends upon what information can be collected, how it can be processed, and the extent to which it can be distributed. The ability to bring this capability to war will depend upon how well it can be secured and its reliability. DoD envisions an infostructure that is seamless with security built-in, one that can support the need for increased combined, joint, and coalition interoperability, leverages commercial technology, and accommodates evolution.⁷

Although not as well publicized as are the U.S. defensive efforts, equal attention, time, and resources are being expended on actual and possible offensive operations. Every objective, every tactic, and every recommendation just mentioned, and some too sensitive to discuss here, are subjects for study and implementation of offensive strategies and tactics aimed at enemies, present and future.

14.3.3 Government.

The objectives of government, at every level, must be to protect the lives and welfare of its constituencies. Any breakdown in an essential government function may produce marked unrest, rioting, vandalism, civil disobedience, and possibly much bloodshed.

Just as in the military, government must be able to defend itself against an information attack waged by any enemy of the established order. Although not every element of government is perceived by all to perform a useful function, there are agencies without which it would be virtually impossible to sustain a developed nation's day-to-day activities.

At the federal level, civil servants' salaries, Social Security payments, tax collections and disbursements, military expenditures, lawmaking, and a myriad of other functions and activities can be carried out only with the active and pervasive use of computers and computer networks. In the past, some of these computer operations have been penetrated by hackers, crackers, and political dissidents, but only one at a time. It does not require a science fiction writer to imagine what the effect would be if simultaneous attacks were successfully launched against major federal government agencies.

At state levels, although the effects would be more constrained geographically, a great deal of damage could be done to emergency response units, to police and judiciary functions, and to health and welfare services. All of these depend on computerized functions that are protected even less than those of federal agencies.

For municipalities and even smaller governments, zoning enforcements and other local functions can be suspended without serious consequences, but police radio and computer networks are easily penetrated, and their ability to maintain law and order compromised.

As demonstrated by many previous incidents, government functions at any level are susceptible to information warfare. Natural events, Murphy's law (what can go wrong will go wrong), poorly configured systems, flawed operating systems and application programs, together with inadequate security measures underlie the vulnerability of government systems.

14.3.4 Transportation.

Airplanes, trains, trucks, and ships are all likely targets for physical and information warfare. Because all of them are necessary to support the infrastructure by transporting personnel and materials, any disruption can cause severe problems. Because all of these transportation systems increasingly rely on sophisticated telecommunications and computing resources, they are subject to information warfare.

14.3.4.1 Aviation.

The most visible, and potentially the most vulnerable, component of the transportation infrastructure is the aviation industry. Unlike the fly-by-the-seat-of-your-pants technology of aviation's early days, today's airplanes and the systems that dispatch and control them in flight are almost totally dependent on electronic communications and instruments, both analog and digital.

To a great extent, almost every airplane depends on its global positioning system (GPS) to determine its position in space, its course, speed, bearing to an airfield, and other important functions. Airplanes generally are required to fly at certain altitudes, in specific corridors, avoiding restricted areas, bad weather, and other aircraft. These requirements are met by a combination of GPS, ground and airborne radar, internal instruments, and communications from ground controllers. In the original design of these types of equipment, little or no consideration was given to security; as a result, all of them are susceptible to information warfare attacks.

The accuracy and reliability of GPS and airborne radar, however, has led federal aviation authorities to consider implementing a system wherein ground controllers and published restrictions would no longer determine altitude, speed, clearance distances, and other flight parameters. Instead, pilots would have the option to choose any flight parameter that they believed to be safe. This new system is intended to increase the number of flights that can safely traverse the limited airspace. It is undoubtedly capable of doing so, but at the same time, it will greatly increase the dangers of flight should information warfare be waged against airplanes and the aviation infrastructure.

14.3.4.2 Railroads.

Less so than airplanes, but not to a negligible degree, trains are possible targets of IW. Train movements; switch settings, communications between engineers, trainmen, and control centers are all carried on by insecure radio communications and wired lines. Attacks against any or all of these can prevent the railroads from carrying out their important functions, possibly by causing disastrous wrecks.

14.3.4.3 Trucking.

The great majority of domestic goods shipments are carried by tractor-trailer trucks. Foodstuffs, especially, depend on this relatively fast, reliable means of transportation. If even a short disruption were to be caused by IW, untold quantities of foodstuffs would rot in the fields, as would additional stockpiles awaiting distribution from central warehouses. Data for scheduling, routing, locating trucks, setting times and locations of pickup and delivery, and performing maintenance could be prevented from reaching their destinations.

14.3.4.4 Shipping.

Ships are indispensable means for transporting vast quantities of materials over long distances. Navigational data, such as position, speed, course to steer, and estimated time of arrival, are a few of the parameters determined by computers and GPS on virtually every ship afloat. Conventional radar, and communications by VHF and high-frequency radio are in common use, with satellite communications becoming more prevalent, despite an early start that met with technical and economic difficulties.

Radar and communications jamming are old established weapons of IW, as is interception of critical information. Little attention has been paid to security in designing or operating this equipment, and that places ships at great risk, as does the threat of physical attacks.

14.3.4.5 Other Transportation Vulnerabilities.

Recognizing the importance of transportation to a nation's infrastructure, IW attackers could create wide-ranging disruptions if they were to intercept and successfully prevent receipt of critical information within the transportation industry. Recently, as a leader in new technology, the Port Authority of New York and New Jersey has begun converting to a wireless infrastructure at its many airports, train stations, bus terminals, tunnels, bridges, and shipping facilities. It requires no stretch of the imagination to predict what a determined attacker might accomplish in damaging or destroying such an infrastructure. The danger is especially great in light of the general lack of security from which wireless transmissions suffer.

Ironically, the last paragraph was first written just one week before the World Trade Center (WTC) was destroyed by terrorist action. The Port Authority's offices in the WTC were completely destroyed, and more than 70 of its employees were officially listed as deceased or missing. Although that catastrophe points up the need for greater physical security, it also demonstrates how the Internet can be used in emergency situations. The Port Authority site, www.panynj.gov, was used to convey operational messages to the public as well as information for tenants, employees and prospective employees, vendors, suppliers, contractors, and the media.

14.3.5 Commerce.

In 1924, in an address to the American Society of Newspaper Editors, President Calvin Coolidge said: “After all, the chief business of the American people is business. They are profoundly concerned with producing, buying, selling, investing, and prospering in the world. I am strongly of the opinion that the great majority of people will always find these are moving impulses of our life ….”⁸

Now, more than 75 years later, these statements are no less true. Producing, buying, selling, and investing are the commercial means by which U.S. citizens and guest workers can hope to achieve prosperity. Although not recognized earlier, infrastructure is the glue that ties these functions together and permits them to operate efficiently and economically.

If these bonds were to be broken, American business would come to a virtual standstill; it is that reality which makes the commercial infrastructure so inviting a target. Without complete, accurate, and current information, no investors would put their money at risk, and no transactions would take place among producers, buyers, and sellers.

In a populace lacking food, utilities, prescription drugs, money, and other necessities, civil disorder would be widespread. With the breakdown of commerce and the citizenry's unwillingness or inability to perform their customary functions, government at every level might cease to operate. This, in turn, would make military defensive actions highly problematic, and an enemy that combined IW with conventional force attacks would be difficult to resist.

On a less catastrophic level, there have been several cases of deliberate stock manipulation by means of insertion of false information into various news channels; an enemy could cause significant disruption in the stock market by forcing a few key stocks into unwarranted declines. In addition, the widespread use of automated trading tools that respond to significant drops in specific shares or in particular aggregate stock indexes could precipitate major economic problems in the developed world.

14.3.6 Financial Disruptions.

Money is the lifeblood of every developed nation. For an economy to be healthy, its money supply, like the body's blood supply, must be strong, healthy, and free flowing. For an IW attacker, disruptions in the enemy's money supply and in its free flow are important objectives. Likely targets in the financial infrastructure include payment systems, investment mechanisms, and banking facilities.

14.3.6.1 Payment Systems.

Every government employee, every member of the armed forces, every office worker, factory hand, service worker, engineer, and retired person—in fact, almost every individual in the United States—depends on regular receipt of funds necessary for survival. Paychecks, dividends, welfare and unemployment benefits, commissions, payments for products, and fees for services comprise most of the hundreds of millions of daily checks, direct deposits, and wire transfers without which most people would be unable to purchase their essential needs—assuming that products and services were available to meet those needs.

The great majority of payroll systems are computerized. Many of them, including those of the federal and state governments, depend on a few centralized computer payroll services. Even if those services were not damaged by infrastructure attacks, the banks on which payroll funds are drawn might be. This would halt, or at least impede, the cutting of physical checks, the direct deposits, cash withdrawals, wire transfers, and any other means by which payments are made. Such a situation has never occurred within the United States except in small local areas and for only brief periods of time. No one can predict what the consequences would be for a widespread attack, and surely no one would want to find out.

For more on banking payment systems, see Section 14.3.6.3.

14.3.6.2 Investment Mechanisms.

Various stock, bond, and commodity exchanges provide the principal means by which individual, institutional, and corporate entities easily and expeditiously can invest in financial instruments and commodity goods.

With few exceptions, each exchange has all of its computers and communications located within a single facility, with connections to tens of thousands of terminals worldwide. Disruption in these systems would not have as disastrous an effect as would a payment system disruption, but it would not be long before a breakdown in investment mechanisms would produce a commercial meltdown.

Because of the vast sums of money involved, exchange systems largely have been hardened against intrusion, and some have remote, redundant facilities, but there have been instances where hardware and software problems as well as physical exploits have brought down an exchange infrastructure.

14.3.6.3 Banking.

The banking industry is the foundation of the modern financial system and, by extension, both American and foreign capitalist economies. At some point, every important financial transaction is conducted through the banking system. As such it is vital to economic health. With the advent of information warfare, the electronic, interdependent nature of banking—and finance in general—combined with its critical nature, makes the banking system a likely target for a strategic attack against a country. This is a new viewpoint for an industry focused on crime, traditional financial crises, and the more recent phenomenon of low-level hacking. It is critical, however, that we master this viewpoint and adapt our banking industry to it, for the threats information warfare poses are different from traditional bank security threats and will increase as the age of information warfare develops. Focused correctly, a well-prepared attack could cause chaos throughout the international system.⁹

The ubiquitous banking system is as highly automated and as security conscious as any element of the world's infrastructure. With ATMs, online banking, fundstransfer networks, and check clearing, banks are integral to virtually every commercial transaction.

As an example of the scope of banking operations involving money transfers, FEDWIRE, operated by the Federal Reserve Board, serves approximately 7,500 depository institutions, providing transfers that are immediate, final, and irrevocable. It processed 108 million transactions in the year 2000, with a total value in excess of $379 trillion. In 2005, the average daily volume was over 528,000 transactions, valued at more than $2.1 trillion.¹⁰

The Clearing House Interbank Payment System (CHIPS) processes transfers for more than 1,500 financial institutions. Each day, in 2007, CHIPS transferred an average of more than $2.1 trillion, in approximately 370,000 transactions.¹¹

The Society for Worldwide Interbank Funds Transfer (SWIFT) has over 8,000 users in 193 countries. In 2007, it exchanged over 3.5 billion messages.¹² Information about dollar value is not made public, but the amounts are known to be huge. If any of these systems could be attacked successfully, the consequences for the financial well-being of many nations would be disastrous. Despite intensive efforts to safeguard the networks, attacks could be launched against the central computers, the computers of each user, and the networks that connect them.

14.3.7 Medical Security.

In hospitals, as in group and private medical practice, the primary functions are carried out in a decentralized mode, making large-scale attacks impracticable. However, ancillary functions, such as sending invoices to the government, to health maintenance organizations, and to individuals, for services provided, and placing orders for drugs and supplies, all require interconnections with centralized computers.

Although the medical profession is often slow to adopt new infrastructure elements, network-connected computers have been mandated at least for payments, and they are becoming increasingly popular for maintaining patient data, for research, and for other functions. There have been reports that hospital systems have been penetrated, with prescriptions switched and HIV-negative patients advised that their test results were positive.

So far, only isolated incidents of sadistic cruelty have been reported, but they indicate that the vulnerabilities may be more than is apparent on the surface. Chapter 71 of this Handbook treats medical information security in detail.

14.3.8 Law Enforcement.

The objectives of law enforcement are to facilitate the apprehension of criminals and wrongdoers. To accomplish this, facilities in common use include computers in every squad car connected to precinct headquarters and networks that interconnect local, state, federal, and international databases. In spite of these cooperative efforts, much remains to be done, especially in international operations. The laws of different governments are often not in alignment. A typical case, and one of great and tragic consequences, is that of Osama bin Laden. Although he is wanted for heinous crimes against the United States, he has been sheltered and supported by governments unfriendly to the United States. Politics and religion have become embedded in law enforcement; unless these elements can be eliminated or resolved, enforcement of laws across international boundaries will remain, at least in part, an unachievable goal.

With local law enforcement, it is clear that jamming, or noise interference on emergency channels, or denial of computer services would greatly exacerbate the effects of physical attacks. At worst, a state of panic and chaos might ensue.

14.3.9 International and Corporate Espionage.

Espionage has been a recognized military activity since at least the biblical story of Joshua, one of 12 spies sent to explore the land of Canaan.¹³ However, its application to civilian commerce dates only from the Industrial Revolution. Since then, industries and indeed nations have prospered to the extent that they could devise and retain trade secrets. In the United States, the unauthorized appropriation of military secrets has been legally proscribed since the country's inception, with penalties as severe as death, during wartime.

Only recently have economic espionage and the theft of trade secrets become the subjects of law, with severe penalties whether the law is broken within or outside of the United States or even via the Internet.

The Economic Espionage Act of 1996 was signed into law by President Clinton on October 11, 1996. Section 1832 provides that:

(A) Whoever, with intent to convert a trade secret, that is related to or included in a product that is produced for or placed in interstate or foreign commerce, to the economic benefit of anyone other than the owner thereof, and intending or knowing that the offense will injure any owner of that trade secret, knowingly—

(1) Steals, or without authorization appropriates, takes, carries away, or conceals, or by fraud, artifice, or deception obtains such information;
(2) Without authorization copies, duplicates, sketches, draws, photographs, downloads, uploads, alters, destroys, photocopies, replicates, transmits, delivers, sends, mails, communicates, or conveys such information;
(3) Receives, buys, or possesses such information, knowing the same to have been stolen or appropriated, obtained, or converted without authorization;
(4) Attempts to commit any offense described in any of paragraphs (1) through (3); or
(5) Conspires with one or more other persons to commit any offense described in any of paragraphs (1) through (3), and one or more of such persons do any act to effect the object of the conspiracy,

Shall, except as provided in subsection (b), be fined under this title or imprisoned not more than 10 years, or both. (b) Any organization that commits any offense described in subsection (a) shall be fined not more than $5,000,000.¹⁴

Although the foregoing lists all of the actions that are proscribed, it is not specific as to which assets are to be protected as trade secrets. For this, see the Defense Security Service paper, “What Are We Protecting?”¹⁵ There, the five basic categories of People, Activities/Operations, Information, Facilities, and Equipment/Materials are expanded into 42 specific assets, with the admonition that every company official must clearly identify to employees what classified or proprietary information requires protection. Only if the owner has taken reasonable measures to keep such information secret, and the information derives actual or potential economic value from not being generally known to or readily obtainable through proper means, will the courts view it as a trade secret.

For further information on intellectual property, including trade secrets, see Chapters 11 and 42 in this Handbook.

14.3.10 Communications.

Communications are the means by which all elements of a civilization are tied together. Any significant destruction of communications media would disrupt the most important segments of society. Without adequate communications, transactions and services would come to a complete halt. In the United States, communications have been disrupted frequently, but fortunately, the infrastructure has been so vast and so diverse that the consequences have rarely been more than temporary. Even after the WTC disaster of September 11, 2001, when Verizon's downtown telephone facilities centers were heavily damaged, service was restored within four days to the New York Stock Exchange and to other important users in the area.

Contrary to popular belief, the Internet is so widely used and concentrated in so few backbone points that a coordinated attack actually could destroy its functioning. For many years, backup facilities have included redundant computers and all of their associated peripherals, often in remote locations. Too often, however, alternate communications facilities are not provided. Unless this is rectified, the same disaster that brings down one installation could disable all.

14.3.11 Destabilization of Economic Infrastructure.

A major difference between wealthy, developed nations and poor, undeveloped countries lies in the strength of their economic infrastructures. The existence of strong capital markets, stable banking and lending facilities, and efficient payment processes, all tied together by fast, technically advanced communications capabilities, is essential to healthy, growing economies.

At opposite ends of this spectrum lie Afghanistan and the United States. The perpetrators of the attacks on the World Trade center and the Pentagon, identified as Osama bin Laden and his Al-Qaeda organization, operating out of Afghanistan, chose as their targets the symbols and the operating centers of America's military operations and of its economic infrastructure.

It seems certain at this time that the United States and the entire world is being impelled into a serious recession. With hundreds of thousands thrown out of work and with investment capital drying up, the entire economic infrastructure of the world has suffered a great blow. How and when it will recover is a subject of speculation, but of one thing there can be no doubt: Every effort must be bent toward preventing another attack. Security can no longer be the duty of a few technical people; it has become everyone's responsibility.

14.4 SOURCES OF THREATS AND ATTACKS.

The actual and potential originators of information warfare are numerous and powerful. One need not be paranoid to feel that an attack may come from any direction. This section lists sources that have already proven their capabilities for conducting cyberwar.

14.4.1 Nation-States.

U.S. military preparations for cyberwar have been described in Section 14.3.2. This section details some of the measures that another great power—China—is effecting toward the same ends. Most of the material is from a paper entitled “Like Adding Wings to the Tiger: Chinese Information War Theory and Practice.”¹⁶

14.4.1.1 China and Information Warfare.

Although China is a nuclear power, it does not yet have the arsenal necessary to threaten a superpower like the United States. However, it can do so with its IW forces; adding wings to the tiger makes it more combat worthy. Nor is Chinese IW entirely theoretical. On August 3, 2000, the Washington Times reported that hackers suspected of working for a Chinese government institute took large amounts of unclassified but sensitive information from a Los Alamos computer system. A spokesman stated that “an enormous amount of Chinese activity hitting our green, open sites” occurs continuously.¹⁷

According to an article in the Chinese Armed Forces newspaper, the Liberation Army Daily, their first attack objectives will be the computer networking systems that link a country's political, economic, and military installations, as well as their general society.¹⁸ A further objective will be to control the enemy's decision-making capability in order to hinder coordinated actions.

Expanding on Mao Zedung's theory of a People's War, IW can be “carried out by hundreds of millions of people using open-type modern information system.”¹⁹ In this war, combatants can be soldiers or teenagers, or anyone who has a computer as a weapon.²⁰ Ironically, China, with its long-standing fear of outside information as a possible spur to counterrevolutionary action, now views arming large numbers of intelligent people with computers and access to the Internet as a necessary survival measure. It remains to be seen just how many personal computers will be made available and how China will ensure that they will be used only as the government intends.

14.4.1.2 Strategies.

The People's Liberation Army (PLA) with 1.5 million reserve troops has been carrying out IW exercises on a wide scale. One such exercise, in Xian Province, concentrated on conducting information reconnaissance, changing network data, releasing information bombs, dumping information garbage, disseminating propaganda, applying information deception, releasing clone information, organizing information defense, and establishing spy stations.²¹ The antecedents of these tactics can be found in a book of unknown authorship, first mentioned about 1,500 years ago, entitled The Secret Art of War: The 36 Stratagems. Strategy 25 advises:

Replace the Beams with Rotten Timbers. Disrupt the enemy's formations, interfere with their methods of operations, change the rules which they are used to following, and go contrary to their standard training. In this way you remove the supporting pillar, the common link that makes a group of men an effective fighting force.²²

The 36 stratagems deserve close study; many of them are obviously in use even today by China and others. For example, strategy 3 says:

Kill with a Borrowed Sword. When you do not have the means to attack your enemy directly, then attack using the strength of another.

Lacking the weapons to attack the United States directly, the perpetrators of the WTC attack used the airliners belonging to their targets.

Strategy 5 says:

Loot a Burning House. When a country is beset by internal conflicts, when disease and famine ravage the population, when corruption and crime are rampant, then it will be unable to deal with an outside threat. This is the time to attack.

Some of the strategies might well be employed by the United States. For example, strategy 33 advises:

The Strategy of Sowing Discord. Undermine your enemy's ability to fight by secretly causing discord between him and his friends, allies, advisors, family, commanders, soldiers, and population. While he is preoccupied settling internal disputes his ability to attack or defend, is compromised.

To accomplish this, IW may prove to be an effective weapon.

14.4.1.3 Training.

Several high-level academies and universities have been established to conduct IW instruction for the PLA. In addition, training is planned for large numbers of individuals to include:

Basic theory, including computer basics and application, communications network technology, the information highway, and digitized units
Electronic countermeasures, radar technology
IW rules and regulations
IW strategy and tactics
Theater and strategic IW
Information systems, including gathering, handling, disseminating, and using information
Combat command, monitoring, decision making, and control systems
Information weapons, including concepts, principles of soft and hard destruction, and how to apply these weapons
Simulated IW, protection of information systems, computer virus attacks and counterattacks, and jamming and counterjamming of communications networks²³

It is doubtful that all of these training objectives have been accomplished, but there seems to be a major commitment to do so, and sooner rather than later.

China and the United States are only two of the nations that are openly preparing for, and actually engaged in, information warfare. It is obvious that many others are similarly involved and that these measures, combined with conventional weapons or weapons of mass destruction, have the potential to elevate warfare to a destructive level never before possible and hardly conceivable.

14.4.2 Cyberterrorists

“Cyberterrorism” means intentional use or threat of use, without legally recognized authority, of violence, disruption, or interference against cyber systems, when it is likely that such use would result in death or injury of a person or persons, substantial damage to physical property, civil disorder, or significant economic harm.²⁴

Cyberterrorists, those who engage in cyberterrorism, generally are able to carry out the same sort of cyberwar as nation-states; in fact, they may be state-sponsored. The major difference is that terrorist attacks are usually hit-and-run, where nations are capable of sustained and continuous operations. Although conventional warfare always was carried out in an overt fashion, it is the nature of IW that it can be engaged in without a declaration of war and without any clear indication of who the attacker actually is. In fact, it may not be recognized that a war is being conducted; it may seem only that a series of unfortunate, unconnected natural failures of computers and communications are disrupting an economy.

Terrorists, especially when state-sponsored, would be very likely to conceal their IW activities in this manner, so as to avoid the retribution that would inevitably follow. However, some terrorists would publicly take credit for their actions, in order to bolster their apparent strength and to gather added support from like-minded individuals and organizations.

The seriousness of terrorist threats after 9/11 resulted in Executive Order 13228 of October 8, 2001, establishing the Office of Homeland Security and the Homeland Security Council.²⁵ The mission of the Office was to “develop and coordinate the implementation of a comprehensive national strategy to secure the United States from terrorist threats or attacks.” Its function was “to coordinate the executive branch's efforts to detect, prepare for, prevent, protect against, respond to, and recover from terrorist attacks within the United States.”

The Department of Homeland Security was mandated by Congress on January 24, 2003, and was fully formed on March 1, 2003. Celebrating its fifth anniversary on that date in 2008, the department employs 208,000 people dedicated to fulfilling its mission.

On February 15, 2005, Michael Chertoff was sworn in as the second secretary. His five goals:

Protect our Nation from Dangerous People
Protect our Nation from Dangerous Goods
Protect Critical Infrastructure
Strengthen our Nation's Preparedness and Emergency Response Capabilities
Strengthen and Unify Operations and Management²⁶

On April 30, 2008, Secretary Chertoff, recognizing new realities, said:

the technology of the 21st Century is changing so rapidly that many of our rules and procedures, which were built at a time that we had a certain kind of communication system and a certain kind of analog set of processes, that legal structure seems woefully inadequate to a digital age when the movement of communications is not rooted in any one place and when it's very difficult to take the concepts which made a lot of sense in the days of the rotary telephone and apply them in the world of voice over internet protocols.²⁷

The challenges faced by the Department of Homeland Security are multitudinous and complex. Whether it proves effective in reducing or eliminating terrorism within the United States will depend on solving the problems of overlapping authorities, inertia, incompatible databases, turf wars, funding, management, the predictability of terrorist actions, and a host of political and technological issues.

14.4.3 Corporations.

The threats aimed at or directed by corporations are far less deadly than those of the military or of terrorists, but they are no less pervasive. Thefts of data, denial of service, viruses, and natural disasters traditionally have been at the heart of individual corporate security concerns. These concerns have not abated, but to them have been added fears that attacks on large segments of the information infrastructure are more likely to create damage than is an attack against any single enterprise. To guard against this, every installation should operate behind strong firewalls and effective access controls.

In the wake of the September 11 attacks, Richard Clarke, who had been National Coordinator for Security, Infrastructure Protection and Counterterrorism since May 1998, was appointed to a new post. As special advisor to the president for cyberspace security, Mr. Clarke warned that terrorists are out to hurt our economy and that they can use viruses in massive, coordinated attacks against corporate IT systems. He recommends, at a minimum, that disaster recovery plans include near-online, off-site backup facilities and redundant communications paths.

14.4.4 Activists.

The line between terrorists and activists is often thin and indistinct. Throughout the world, many organizations and individuals feel very strongly about globalization, territorial claims, environmental concerns, abortion, human rights, poverty, and other seemingly intractable issues. These organizations, and like-minded individuals, operate along a spectrum that extends from the completely intellectual and peaceable at one end, to the radical, confrontational, and militant at the other. For example, activists have sabotaged World Wide Web sites to express opposition to the World Trade Organization, support for Kashmiri independence, and distaste for Japanese revisionist history about atrocities in World War II.²⁸

Given this wide range of motivations and actions, proactive steps and active responses must be carefully measured so as to be consistent with the nature of specific activist threats. The countermeasures may range anywhere from simple public relations announcements to shuttered and barricaded facilities, with strong cyberwar defenses in place.

14.4.5 Criminals.

Although all of the earlier-mentioned sources of threat may have political or ideological motives, there is a large class of security risks whose sole motivation is personal financial gain. Their illegal activities include manipulating stock prices, stealing services, fraudulently transferring funds to their own accounts, and using stolen or invented credit card numbers; they also trade in stolen customer lists, product designs, marketing plans, and other proprietary information, which they offer to sell to competitors or back to their original owners. Although the materials may have been stolen for personal gain, their ultimate use may be as weapons in cyberwar, such as transnational commercial competition.

Chapters 12, 13, and 15 to 20 in this Handbook describe in detail many criminal threats and the measures that may be taken to thwart them.

14.4.6 Hobbyists.

The term “hackers” originally was applied to those individuals with expert programming capabilities who derived satisfaction from delving into the internal structures and functions of software. The goal was to increase their own level of sophisticated technical knowledge and to share this learning with others; their motives were never malevolent.

To this day, there are many students of computer science and pure hobbyists with these same objectives, who would never intentionally attack a computer or its software. However, there now appear to be as many, or possibly more, persons whose intent is to damage or destroy computer systems for what appears to be malicious pleasure. Rather than sharing knowledge for academic reasons, these individuals do so in order to acquire bragging rights and a reputation among their cohorts. When a single hobbyist or a group with malicious intent attack any Internet site, they are engaging in cyberwar.

Most of the original hackers resent the use of this appellation to describe malicious system penetrators; instead, they would like the malefactors to be known as crackers. Especially they resent the fact that many crackers have little or no technical knowledge. Those, known as script kiddies, can do no more than initiate a program given to them by others, but they are inordinately pleased by the amount of damage they can do.

For a fuller discussion of hackers, see Chapter 12.

14.5 WEAPONS OF CYBERWAR.

The weapons used in information warfare have existed for many years, but newer and more malevolent versions are produced with increasing frequency. For this reason, system security cannot be considered as static, but rather as part of an ongoing process that must be continuously monitored and strengthened. This section briefly describes the most common and most dangerous IW weapons, with references to other chapters where more detailed information is available.

14.5.1 Denial of Service and Distributed Denial of Service.

Denial of service (DoS) and distributed denial of service (DDoS) are means by which computers, network servers, and telecommunications circuits can be partially or completely prevented from performing their designated functions. Any computer element that has been designed for a specific maximum capacity, if flooded by messages or data inputs that greatly exceed that number, can be slowed or even brought to a complete halt.

A DoS attack is carried out by a single computer that has been programmed to overwhelm the target system's capacity, usually by generating, automatically, a very large number of messages. A DDoS attack is implemented by planting a small program on hundreds or thousands of unaware computers. At a signal from the attacker, all of the agents (sometimes called zombies or daemons) are caused to send many messages simultaneously, thus flooding the victim's system or preempting all of its bandwidth capacity.

On April 26, 2007, a page-one article in the New York Times reported on what some Estonian authorities described as the first war in cyberspace. It was precipitated by the removal from a park in Tallinn of a bronze memorial to the Soviet soldiers of World War II. It was believed, but not proven, that the Russian government, or individual activists, had used DDoS attacks to bring down computers propagating the Web sites of the Estonian president, prime minister, and Parliament as well as of banks and newspapers. The attacks were finally brought under control with the help of experts from NATO, the European Union, the United States, Finland, Germany, Slovenia, and Israel. Details of many DoS and DDos attacks, and the recommended defenses are contained in Chapter 18 of this Handbook.

14.5.2 Malicious Code.

Malicious code includes viruses, worms, and Trojan horses, as described in Chapter 16. Mobile code, such as Java, ActiveX, and VBScript, was developed to increase the functionality of Web sites, but all three, as described in Chapter 17, also can be used maliciously.

There have been innumerable instances where malicious code has been used to damage or deface Web sites, both civilian and military. Apparently, all of these exploits have been perpetrated by single individuals or by very small groups of unaffiliated crackers. However, in the event of actual cyberwar, it seems certain that large groups of coordinated, technically knowledgeable attackers will attempt to wreak havoc on their opponents' infrastructures through the use of malicious code.

Just as U.S. military and governmental agencies, and most of their allies, are engaged in large-scale operations to develop defensive capabilities, it is essential that all commercial enterprises exert major efforts to do the same. Initiatives have begun to form close working relationships between government and the private sector. Also, industry groups have begun advocating relaxation of those laws that prohibit close cooperation between competitors. This will be necessary before information can be shared as required to strengthen the infrastructure. Similarly, groups are requesting that shared information be protected from those who would use the Freedom of Information Act to force disclosure.

Every prudent organization will support these initiatives and will work with appropriate government agencies and industry groups to ensure its own survival and the welfare of the country itself.

14.5.3 Cryptography.

Military operations, since the earliest recorded times, have utilized cryptography to prevent critical information from falling into enemy hands. Today, information is a vastly more important resource than ever before, and the need for cryptography has increased almost beyond measure. Not only the military, but indeed every financial institution, every competitive commercial enterprise, and even many individuals feel impelled to safeguard their own vital information. At the same time, access to the secret information of enemies and opponents would provide inestimable advantages.

Recognizing this, powerful supercomputers, directed by mathematicians, theoretical scientists, and cryptographers, are being applied to improving the processes of encryption and decryption. The most notable achievement in the recent past was the British construction of a computerized device to break the German Enigma code. The information thus obtained has been widely credited with a significant role in the outcome of World War II.

The development of effective mechanisms for spreading computations over millions of personal computers has greatly reduced the time required for brute force cracking of specific encrypted messages; for example, messages encrypted using the 56-bit Digital Encryption Standard (DES) were decrypted in four months using 10,000 computers in 1997, 56 hours using 1,500 special-purpose processors in 1998, and 22 hours using 100,000 processors in 1999.²⁹

A major issue, yet to be resolved, is the strength of cryptographic tools that may be sold domestically or exported overseas. The contending forces include producers of cryptographic tools who believe that if the strength of their product is in any way restricted, they will lose their markets to producers in other countries with more liberal policies. Similarly, proponents of privacy rights believe that unbreakable cryptographic tools should be freely available.

The countervailing view is that virtually unbreakable cryptographic tools shipped overseas will inevitably find their way into the hands of unfriendly governments, which may use them in conducting cyberwars against us. Domestically, law enforcement agencies believe that they should have “back-door” entry into all cryptographic algorithms, so that they may prevent crimes as wide-ranging as embezzlement, drug trafficking, and terrorism.

As domestic crimes and terrorist attacks grow in number and intensity, it seems certain that at least a few civil liberties, including privacy rights, may be infringed. The hope is that an optimum balance will be struck between the need for security and the core values of our democracy.

For more on privacy in cyberspace, see Chapter 69 in this Handbook.

14.5.4 Psychological Operations.

Psychological operations (PSYOP) may be defined as planned psychological activities directed to enemy, friendly, and neutral audiences in order to influence their emotions, motives, attitudes, objective reasoning, and behaviors in ways favorable to the originator. The target audiences include governments, organizations, groups, and individuals, both military and civilian.

One of the most potent weapons in information warfare, PSYOP attempts to:

Reduce morale and combat efficiency within the enemy's ranks
Promote mass dissension within, and defections from, enemy combat units and/or revolutionary cadres
Support our own and allied forces cover and deception operations
Promote cooperation, unity, and morale within one's own and allied units, as well as within friendly resistance forces behind enemy lines³⁰

The information that accomplishes these ends is conveyed via any media: by printed material such as pamphlets, posters, newspapers, books, and magazines, and by radio, television, personal contact, public address systems, and of increasing importance, through the Internet.

A classic example of successful PSYOP application was the deception practiced prior to the Allied invasion of the European mainland. Through clever “leaks,” false information reached Germany that General Patton, America's most celebrated combat commander, was to lead an army group across the English Channel at Pas de Calais. As a consequence, German defensive forces were concentrated in that area. For weeks after the Normandy invasion was mounted, Hitler was convinced that it was just a feint, and he refused to permit the forces at Calais to be redeployed. Had this PSYOP failed, and had more of Germany's defensive forces been concentrated in Normandy, the Allied landing forces might well have been thrown back into the sea.

Although generally considered not to involve a PSYOP action, the September 11 attacks and the subsequent spread of anthrax spores made clear that a physical action can have the greatest and most far-reaching psychological effects. Beyond mourning the death of almost 3,000 innocent civilians, the new sense of vulnerability, and powerlessness caused great psychological trauma, throughout the nation and much of the western world. The full consequences to the travel, entertainment, and hospitality industries, as well as to every segment of the world economy, are likely to be both disastrous and long-lasting.

A major, integrated, expert PSYOP mission to restore morale and encourage behavior can halt or reverse a downward spiral, but worldwide recessions and acts of nature, such as cyclones, hurricanes, and earthquakes, can do more than PSYOP actions to demoralize a nation.

14.5.5 Physical Attacks.

Prior to September 11, 2001, physical attacks, as a part of cyberwar, were generally considered in the same light as attacks against any military objective, and defensive measures were instituted accordingly. In the civilian sector, starting with student attacks against academic computers in the 1960s and 1970s, there have been occasional reported physical attacks against information processing resources. Although access controls have been almost universally in place, their enforcement often has been less than strict.

Another indication of the susceptibility of the information infrastructure to physical attack is the prevalence of “backhoe attacks” in which construction crews accidentally slice through high-capacity optic cables used for telecommunications and as part of the Internet backbones.³¹ The signs indicating where not to dig can serve as markers for those targeting single points of failure.

A related vulnerability is undersea telecommunications cables, which are unprotected against accidental—or deliberate—damage from ship anchors and from other objects or tools. Breaks in these cables can interrupt the Internet and telephone networks on a global scale.³²

The destruction of the WTC and a portion of the Pentagon have brought the possibility of additional physical attacks very much into the forefront of cyberwar thinking, for both the military and the civilian infrastructures. Car bombings and packaged bombs had become almost commonplace, especially in the Mideast. Successful attacks had been launched against U.S. embassies and troop barracks, as well as against Israel, England, Spain, and France. To guard against such actions, perimeter defenses were widened, and in some areas personal searches at strategic points were instituted.

These defenses have proven to be of limited value, and suicide bombers seem to be increasing in numbers and in the effectiveness of their weapons. The use of commercial aircraft, fully loaded with fuel, as manned, guided missiles was apparently never considered prior to 11 September. After that date, there has been widespread recognition that protective measures must be taken that will prevent a recurrence of those tragic events. Airport security has become a direct federal responsibility, under a new Transportation Security Administration in the Department of Transportation. On November 11, 2001, President Bush signed a bill that requires all airport baggage screeners to be U.S. citizens and to undergo criminal background checks, before becoming federal employees. At many airports, security is provided by private contractors. The protective measures in common use are considered to be pointless, inconvenient, and ineffective by many travelers. Although even minimal safeguards against known weapons are being debated, there appears to be little thinking directed toward other types of attacks that might even now be in the planning stage.

14.5.6 Biological and Chemical Weapons and Weapons of Mass Destruction.

Although the use of these weapons can affect every element of society, they have a particular potency in destroying the infrastructure of a targeted nation. The WTC attacks have had long-lasting psychological effects, but the results of the anthrax dissemination may be even more deeply traumatic. Already, the presence of anthrax spores has interfered with the functioning of the Congress, the Supreme Court, the U.S. Postal Service, hospitals, and other institutions. Although the furor over these attacks, as well as their incidence, has dissipated, there may be even more such attacks in the future. Unless any future culprit is apprehended quickly, and countermeasures taken immediately, damage to the infrastructure could be extensive.

14.5.7 Weapons Inadvertently Provided.

There are many widespread vulnerabilities to computer systems that are not created as weapons, but whose presence makes the targets of cyberwar highly vulnerable. Poor software designs and inadequate quality control create opportunities for attackers to damage or destroy information, and the information systems themselves. Chapters 38 to 40 of this Handbook are especially useful in identifying and eliminating these sources of security vulnerabilities.

14.6 DEFENSES.

A variety of defenses may be employed both to prevent attacks and to mitigate their effects. Because each of these defenses may have only limited utility, it is evident that new and more effective defenses must be developed.

14.6.1 Legal Defenses.

As a defense against IW attacks or as a framework for apprehending and prosecuting attackers, the international legal system has been generally ineffective. The reasons for this include:

Information warfare is not prohibited under the United Nations (UN) Charter, unless it directly results in death or property damage.
Laws that are not recognized and enforced lose their power to compel actions.
There is little or no police power to enforce those few laws that do exist.
The issue of sovereignty as it relates to transborder communications is unresolved.
Neither the United States nor any other major power has pressed for international laws to govern information warfare. This may be attributed to the fact that such laws, while desirable for defense, would impair the nation's own offensive operations.
Many nations do not recognize cyberwar attacks as criminal actions.
In many lands, political considerations determine judicial outcomes.
Few countries support extradition of their citizens even when indicted for terrorist or criminal activities.
Terrorists, drug cartels, the international mafia, and even individual hackers have every reason to circumvent the law, and usually possess the resources that enable them to do so.
Identifying attackers may be difficult or even impossible.
New technologies arrive at a rate much faster than appropriate legislation.

Further acting to constrain law as a deterrent is the fact that there has been no universal acceptance of definitions for IW-relevant terminology: Attacks, acts of war, aggression, hostilities, combatants, crimes, criminals—all remain vague concepts. Until such terms, as applied to IW, are clearly defined, there can be no legal strictures against them.

The difference between acceptable and unacceptable targets is obscured by the dualuse, civilian and military, characteristics of infosystems and infrastructures. Similarly, it is difficult to condemn denial of service, when peacetime boycotts and economic sanctions are widely applied to further economic or political ends.

Clearly, legal defenses against cyberwar are inadequate at this time. Whether the United States will pursue effective international legislation remains doubtful, until the question of building adequate defenses, without hobbling offensive operations, is resolved.

14.6.2 Forceful Defenses.

If IW attacks are accepted as acts of war, the use of retaliatory military force would be highly likely. The strategic and tactical decisions that would follow are well beyond the scope of this chapter, but six considerations are relevant.

The United States is growing reluctant to engage in combat without the sanction of the United Nations and without the concurrence of major allies. If the provocation is limited to an IW attack, it may be difficult to build a coalition or even to avoid UN condemnation.
The identity of the attacker may be unclear. Even after the September 11 attacks, the United States had no enemy that admitted culpability. As a consequence, the United States could not declare war on any nation or state but could only declare a war on “terrorism.”
The attacker may be misidentified. Through the use of “spoofing” and routing an attack through unaware nations, the anonymous culprit may escape detection, while blame falls on an innocent victim.
There may be difficulty in determining whether a particular event is an act of information warfare or simply the result of errors, accidents, or malfunctions.
The attackers may not be a foreign government, against whom war can be declared, but a criminal organization, a disaffected group, activists, commercial competitors, or even individuals bent on mischief.
The United Nations, and international sentiment in general, requires that military force only be used in response to armed attack and, further, that the response be proportional to the attack that provoked it.

In light of these considerations, it seems unlikely that information warfare, unless it results in catastrophic injuries and deaths, will be met by a forceful reaction.

14.6.3 Technical Defenses.

The technical defenses against IW are many and varied. Almost the entire contents of this volume are applicable to safeguarding against cyberwar attacks. These same measures can prove equally effective in defending against IW, criminals, activists, competitors, and hackers.

14.6.4 In-Kind Counterattacks.

A cyberwar defense that has been used often is an in-kind counterattack, where flaming is met by flaming, DDoS by DDoS, site defacement by site defacement, and propaganda by propaganda. Recent examples include exchanges between Israelis and Arabs, Kashmiris and Indians, Serbs and Albanians, Indians and Pakistanis, Taiwanese and Chinese, and Chinese andAmericans.

Although there may be personal satisfaction in originating or responding to such attacks, the net effect is usually a draw, and, therefore, in-kind attacks generally have been short-lived. In the future, such attacks may no longer be the output of only a few individuals, but may be mounted by large numbers of similarly minded cyberwarriors, organized into coordinated groups, with sophisticated tools and with covert or overt state sponsorship.

In that event, the asymmetric nature of the adversaries' infrastructures would be telling. Clearly, if the Taliban, for example, were to mount another full-scale cyber-terrorist attack against the United States, with the help of their supporters throughout the world, the effects could be devastating. Although the United States might mount a highly sophisticated in-kind response, it probably would have no effect on the Taliban's organization, its economy, its military effectiveness, or its ability to carry out suicide missions, biological warfare, or other physical attacks. A great and powerful nation may lack the ability to destroy a small, primitive, almost nonexistent infrastructure.

14.6.5 Cooperative Efforts.

Although the United States has been moderately successful in building coalitions in support of military operations, it has shown little inclination to build an international consensus dealing with information warfare. This may be so because of the legal difficulties outlined in Section 14.6.1 or because any prohibitions against offensive cyberwar will limit United States options. Nevertheless, whether by treaty, convention, agreement, or UN directive, technical people, diplomats, and statesmen of all well-intentioned countries should work together to define unacceptable and harmful actions and to devise means for detecting, identifying, and punishing those who transgress.

14.6.6 Summary.

The potential for information warfare to damage or destroy the infrastructure of any nation, any corporation, or, in fact, any civilian, governmental, or military entity is unquestionable. Until now, the only incidents have been isolated and sporadic, but the possibility of sustained, coordinated, simultaneous attacks is strong. If these attacks are combined with physical, chemical, or biological warfare, the effects are certain to be devastating.

Although the types of potential attackers, and the probable weapons they will use, are well known, the available defenses do not at this time offer any great assurance that they will be effective. The United States and many of its allies are engaged in great efforts to remedy this situation, but formidable obstacles are yet to be overcome. The military is generally better prepared than the civilian sector, but much of the military's infrastructure is woven into and dependent on transportation, communications, utilities, food production and distribution, and other vital necessities that are owned by private enterprises.

Recent terrorist attacks and the probability of future offensives should serve as an immediate impetus to devote whatever resources are needed to combat the threats to our way of life and, in fact, to our very existence.

14.7 FURTHER READING

Armistead, E. L. Information Operations: Warfare and the Hard Reality of Soft Power. Dulles, VA: Potomac Books, 2004.

Armistead, E. L. Information Warfare: Separating Hype from Reality. Dulles, VA: Potomac Books, 2007.

Arquilla, J., and D. Ronfeldt, eds. In Athena's Camp: Preparing for Conflict in the Information Age. Washington, DC: RAND Corporation, 1997. Available free in parts as PDF files from http://rand.org/pubs/monograph_reports/MR880/.

Campen, A. D., and D. H. Dearth, eds. Cyberwar 3.0: Human Factors in Information Operations and Future Conflict. Fairfax, VA: AFCEA International Press, 2000.

Cohen, F. World War 3: We Are Losing It and Most of Us Didn't Even Know We Were Fighting in It—Information Warfare Basics. Livermore, CA: Fred Cohen & Associates, 2006.

Denning, D. E. Information Warfare and Security. Reading, MA: Addison-Wesley, 1998.

Erbschloe, M., and J. Vacca. Information Warfare. New York: McGraw-Hill, 2001.

Gollman, D. Computer Security. New York: John Wiley & Sons, 1999.

Greenberg, L., S. E. Goodman, and K. J. Soo Hoo. Information Warfare and International Law. Washington, DC: National Defense University Press, 1998.

Henry, R., and C. E. Peartree, eds. The Information Revolution and International Security. Washington, DC: Center for Strategic and International Studies, 1998.

Kahn, D. The Codebreakers. New York: Scribner, 1996.

Lesser, I. O., B. Hoffman, J. Arquilla, D. Ronfeldt, and M. Zanini. Countering the New Terrorism. Santa Monica, CA: RAND Project Air Force, 1999. Available free in parts as PDF files from http://rand.org/pubs/monograph_reports/MR989/.

Macdonald, S. Propaganda and Information Warfare in the Twenty-First Century: Altered Images and Deception Operations. New York: Routledge, 2007.

Marsh, R. T., chair. Critical Foundations: Protecting America's Infrastructures. The Report of the President's Commission on Critical Infrastructure Protection, 1997; www.ihs.gov/misc/links_gateway/download.cfm?doc_id=327&app_dir_id=4&doc_file=PCCIP_Report.pdf or http://tinyurl.com/6x9aq5.

Parker, D. Fighting Computer Crime: A New Framework for Protecting Information. New York: John Wiley & Sons, 1998.

Price, A., and C. A. Horner War in the Fourth Dimension: U.S. Electronic Warfare, from the Vietnam War to the Present. London, UK: Greenhill Books/Lionel Leventhal, 2001.

Rattray, G. J. Strategic Warfare in Cyberspace. Cambridge, MA: MIT Press, 2001.

Schwartau, W. Information Warfare: Chaos on the Electronic Superhighway, 2nd ed. New York: Thunder's Mouth Press/Perseus Publishing Group, 1996.

Zalmay, K., and J. P. White, eds. Strategic Appraisal: The Changing Role of Information in Warfare. New York: McGraw-Hill, 1999.

14.8 NOTES

1. W. J. Clinton, “Critical Infrastructure Protection.” Presidential Decision Directive 63, May 22, 1998;www.fas.org/irp/offdocs/pdd/pdd-63.htm.

2. J. L. Brock, “Critical Infrastructure Protection: Fundamental Improvements Needed to Assure Security of Federal Operations.” GAO/T-AIMD-00-7. Testimony before the Subcommittee on Technology, Terrorism and Government Information, Committee on the Judiciary, U.S. Senate, October 6, 1999; www.gao.gov/archive/2000/ai00007t.pdf.

3. L. Wright, “Protecting the Homeland: Report of the Defense Science Board Task Force on Defensive Information Operations 2000 Summer Study, Vol. II.” Office of the Undersecretary of Defense for Acquisition, Technology, and Logistics (March 2001); www.acq.osd.mil/dsb/reports/dio.pdf.

4. T. P. M. Barnett, “The Seven Deadly Sins of Network-Centric Warfare,” United States Naval Institute Proceedings 125, No. 1 (January 1999): 36–39; www.milnet.com/milnet/infowar/usni-7-sins.htm.

5. G. G. Gilmore, “Navy-Marine Corps Intranet Girds for Cyber-Attacks,” Armed Forces Press Service, July 6, 2001; www.defenselink.mil/news/newsarticle.aspx?id=44745.

6. Joint Chiefs of Staff, “Joint Doctrine for Information Operations.” Joint Publication 3-13, 2006; www.dtic.mil/doctrine/jel/new_pubs/jp3_13.pdf.

7. W. S. Cohen, Annual Report to the President and the Congress: Secretary of Defense, 2001; www.dod.mil/execsec/adr2001/index.html, Chapter 8: “Information Superiority and Space,” www.dod.mil/execsec/adr2001/Chapter08.pdf.

8. See: www.calvin-coolidge.org/html/b.html.

9. S. M. Parker, “Information and Finance: A Strategic Target,” 1997. CommSec. P. http://all.net/books/iw/iwarstuff/www.commsec.com/security/infowarfare.htm

10. Federal Reserve Board, “Fedwire Funds Transfer System: Assessment of Compliance with the Core Principles for Systematically Important Payment Systems,” revised December 2006, p. 9; www.federalreserve.gov/paymentsystems/coreprinciples/coreprinciples.pdf.

11. Clearing House Interbank Payments System, www.chips.org.

12. SWIFT Annual Report, 2007; www.swift.com/index.cfm?item_id=67110

13. Numbers 13:16, 17.

14. Public Law 104-294, “Economic Espionage Act of 1996”; www4.law.cornell.edu/usc-cgi/get_external.cgi?type=pubL&target=104-294 or http://tinyurl.com/6fpl9c.

15. “Counterintelligence: What Are We Protecting?” Defense Security Service, 1998; www.dss.mil/portal/ShowBinary/BEA%20Repository/new_dss_intemet/isp/count_intell/what_protecting.html or http://tinyurl.com/5fwafb.

16. T. L. Thomas, “Like Adding Wings to the Tiger: Chinese Information War Theory and Practice,” Foreign Military Studies Office, Fort Leavenworth, KS, 2000; www.iwar.org.uk/iwar/resources/china/iw/chinaiw.htm.

17. B. Gertz, “Hackers Linked to China Stole Documents from Los Alamos,” Washington Times, August 3, 2000, p. 1.

18. Shen Weiguang, “Checking Information Warfare Epoch Mission of Intellectual Military,” Jiefangjun Bao, February 2, 1999, p. 6, as translated and downloaded from the Foreign Broadcast Information System (FBIS) Web site on February 17, 1999; www.opensource.gov (registration restricted to U.S. federal, state and local government employees and contractors).

19. Wei Jencheng, “New Form of People's Warfare,” Jiefangjun Bao, June 11, 1996, p. 6, as translated and reported in FBIS-CHI-96-159, August 16, 1996.

20. Shen Weiguang (1995). “Focus of Contemporary World Military Revolution—Introduction to Research in IW,” Jiefangjun Bao (November 7, 1995) p. 6, as translated and reported in FBIS-CHI-95-239, December 13, 1995, pp. 22–27.

21. Qianjin Bao, December 10, 1999, provided by William Belk via e-mail to Timothy L. Thomas. According to Mr. Thomas, Mr. Belk is the head of a skilled U.S. reservist group that studies China.

22. Quotation from S. H. Verstappen, The Thirty-Six Strategies of Ancient China (Books and Periodicals, 2000). As described at www.chinastrategies.com/home36.htm.

23. Zhang Zhenzhong and Chang Jianguo, “Train Talented People at Different Levels for Information Warfare,” Jiefangjun Bao, February 2, 1999, as translated and downloaded from FBIS Web site on February 10, 1999.

24. A. D. Sofaer et al., “A Proposal for an International Convention on Cyber Crime and Terrorism,” 2000; www.iwar.org.uk/law/resources/cybercrime/stanford/cisacdraft.htm.

25. G. W. Bush, Executive Order Establishing Office of Homeland Security, 2001; www.whitehouse.gov/news/releases/2001/10/20011008-2.html.

26. U.S. Department of Homeland Security, “The Secretary's Five Goals,” 2008; www.dhs.gov/xabout/gc_1207339653379.shtm.

27. M. Chertoff, “Remarks by Secretary Michael Chertoff and President of the Supreme Court of Israel Dorit Beinisch to the Heritage Foundation's Civil Rights and the War on Terror: Dilemmas and Challenges Event,” April 30, 2008; www.dhs.gov/xnews/speeches/sp_1209741455799.shtm.

28. B. I. Koerner, “To Heck with Hactivism: Do Politically Motivated Hackers Really Think They're Promoting Global Change by Defacing Web sites?” Salon.com, July 20, 2000; http://archive.salon.com/tech/feature/2000/07/20/hacktivism/

29. M. Curtin and J. Dolske “A Brute-Force Search of DES Keyspace,” 1998; www.interhack.net/pubs/des-key-crack/; “Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design—How Federal Agencies Subvert Privacy: Frequently Asked Questions (FAQ) About the Electronic Frontier Foundation's “DES Cracker” Machine,” Electronic Frontier Foundation, 1998; http://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/19980716_eff_des.faq or http://tinyurl.com/68thws; and “RSA Code-Breaking Contest Again Won by Distributed.Net and Electronic Frontier Foundation (EFF): DES Challenge III Broken in Record 22 Hours,” Electronic Frontier Foundation, 1999; http://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19990119_deschallenge3.html or http://tinyurl.com/5n3gqf.

30. E. Rouse, “Psychological Operations/Warfare,” date unknown; www.psywarrior.com/psyhist.html.

31. K. Poulson, “The Backhoe: A Real Cyberthreat,” WIRED, January 19, 2006; www.wired.com/science/discoveries/news/2006/01/70040; also CGA “CGA DIRT Analysis and Recommendations for Calendar Year 2005,” Common Ground Alliance Damage Information Reporting Tool, 2005; www.commongroundalliance.com/TemplateRedirect.cfm?Template=/ContentManagement/ContentDisplay.cfm&ContentFileID=3269 or http://tinyurl.com/43obmo.

32. K. Kratovac, “Ship's Anchor Caused Cut in Internet Cable: Unusual Cuts Led to Disruptions in Services, Slowed Down Businesses,” MSNBC Technology and Science/Internet, February 8, 2008; www.msnbc.msn.com/id/23068571/.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for CHAPTER 14: INFORMATION WARFARE

Create new playlist

Sign In

Sign Up

CHAPTER 14

INFORMATION WARFARE