The
Ever Shifting Paradigm: Information
Warfare
By
Eric Main
Within the last decade a new concept has emerged and been discussed and debated amongst strategists and researchers. This concept has been given the broad general name of Information Warfare. The debate has continued to increase in size and complexity as the world moves forward and information and information technology become more and more accessible and available. Even in ancient times the side who could gather and utilize the most information gained huge advantage over any adversary who could not do the same when engaging in conflict. As the means of gathering data increase does not the import of its utilisation? Those that successfully incorporate the concepts of information warfare will in the end find themselves more successful then those that do not. This reality seems to be the driving force behind a quiet revolution that is shifting thinking away from today’s resource driven philosophies and towards information dominant philosophies. He who controls the ones and zeros may find themselves more important then those that have the most resources or people.
Dr. Ivan Goldberg defined Information Warfare as the following, "Information warfare is the offensive and defensive use of information and information systems to deny, exploit, corrupt, or destroy, an adversary's information, information-based processes, information systems, and computer-based networks while protecting one's own. Such actions are designed to achieve advantages over military or
business adversaries." [1] This definition is accurate and nicely sums up the whole concept of Information Warfare, but in use it is a bit unwieldy since it casts such a large net and many diverse topics fall under this definition. All aspects of Information Warfare and more specifically fall under the domain of one or more of the following categories: command-and-control warfare, intelligence-based warfare, electronic warfare, psychological warfare, "hacker" warfare, economic information warfare, cyberwarfare. [2] Command-and-Control warfare is attacks against an adversaries control centres. This can be related to attacking the brain of an operation. It denies the adversary the co-ordination and effectiveness derived by having a central decision making structure. Intelligence-based warfare involved gaining the most accurate and up to date information about and adversary so that it may be used or exploited. An example of this type of warfare would be radar data fed to an attack system. Electronic warfare attempts to degrade the physical basis for transferring information or cause information to be transmitted in a form that is practically useless except for the intended user. In the first case an example would be corrupting someone’s communication signals causing errors in the transmission and in the second case encrypting your transmissions so that, even if intercepted, they would be useless to your adversary. Psychological warfare is that which causes any effect that attempts to unsettle the mind of a person and is a very broad definition in itself. It could take the form of attempting to upset a nation, individual people or even cultures, in effect anyone who has any bearing on the conflict. “Hacker” warfare refers to attacking an adversaries computer network. Conflict that falls under this category is as varied as the number of different types of computer networks in existence. They can run the gauntlet of gaining illegal access to denial of services. Economic information warfare deals with the interruption of an adversaries access to data. An example would be one nation blockading another’s information from passing over bandwidth in it’s territory. The last category is cyberwarfare. This category contains all the types of conflict that are encapsulated in the technology. Examples of this can be seen in Gibson’s cyberpunk book Neuromanser or the movie Jonny Neumonic where users battled inside the hardware as physical manifestations. Realistically, this category is the most futuristic and has the least current applications.
A large and
current use of information warfare concepts occurred during the Gulf War. Alliance forces attacked from the air many
Iraqi command centres. Without these
command centres in place the common Iraqi soldier had little motivation to
resist Alliance infantry when they finally moved into the country. This is an example of command and control
warfare. Another example falls into the
category of a psychological attack. The
US compromised the security of Radio Iraq and on one morning the common soldier
awakened to the sound of the Star Spangled banner. This attack was concerned with lowering enemy morale. An economic information attack occurred when
the Alliance blockaded Iraqi financial data.
All transactions on the financial market by Iraq was blocked by blocking
signal from entering or leaving. Currency
could not be traded. Information
warfare does not have to occur between nations. Individual groups can also engage. Terrorists and non-political entities can just as easily attack
nations. On March 28th,
computer systems at Rome Air
Development Centre, Griffiss Air Force Base in New York discovered a
"sniffer" program covertly installed on one of their systems. Investigation discovered that two illegal
users electronically gained access to the system and gained access to all the
information in the system and subsequently all the systems in the base. Investigators traced the attackers back to a
16 year old boy in the United Kingdom and another unknown user. [3] The unknown user recruited the boy making
sure to mask his identity. There is
nothing to trace back to him. Besides
even groups engaging in Information warfare against nations or other groups,
businesses also use information warfare techniques. Businesses use
the Internet to publish information and services. They use strategy over keywords in search-engines, with relevance
to number of hits and excluding competitors.
They use the Internet to spread objective and “scientific”
information. They put restrictions on
own employees’ abilities to communicate on the Internet. They put up and maintain
FAQs. They use the Internet to spread
subjective and “unscientific” information.
They can make use of the reservation of domain names. [4] The number of ways that any entity may
engage another in information warfare conflict is only limited by the
imagination of both parties.
With the explosion in the world’s information technology infrastructure over the past decade, it has become increasingly easy to engage in information warfare in an attempt to gain advantage in any conflict. On the other side of the coin entities have also become more vulnerable to attack. The Internet is a driving force behind this expansion. Once it was a small network connecting a number of universities and is now a vast complicated web connecting thousands and thousands of computers. The size of the network involved, the complexity of it and the fact that the method of attack is only really limited by the imagination of the conceiver all make defending against information warfare a huge task. Some of the concepts clearly fall under categories that are the domain of nations and governments, but since the problem is so huge no government can be expected to defend the entity of the informational infrastructure. This leaves the rest up to the private sector. Some of the problems can be solved in hardware, but the majority can only be taken care of with software. This places the problem squarely in the domain of the Software Engineer. Through conscience and scientific methods tools and design methodologies can be created that can become standards to protect against informational warfare. There needs to be comparable and verifiable processes and an engineering discipline devoted to the design and implementation of secure information systems. This would make the management of the complex systems involved easier and maintainable. In the end, I believe that those that first use strict software engineering principles behind the implementation of their information systems will be the ones that gain initial advantage over those ones and zeros.
1) Institute For The Advance Study Of Information Warfare (IASIW) (2001-03-23). Information Warfare, I-War, IW, C4I, Cyberwar [WWWdocument]. URL:http://www.psycom.net/iwar.1.html
2) Libicki, Martin. (2001-03-23). What is Information Warfare? [WWWdocument]. URL:http://www.ndu.edu/inss/actpubs/act003/a003ch00.html
3) Lewis, Brian C. (2001-03-23). Information Warfare [WWWdocument]. URL:http://www.fas.org/irp/eprint/snyder/infowarfare.htm
4) Simovits, Mikael. (2001-03-23). Business Intelligence and Information Warfare on the Internet [PDFdocument]. URL:http://www.simovits.com/archive/biiw97.pdf