1 / 42

INFORMATION WARFARE Part 3: Theory

INFORMATION WARFARE Part 3: Theory. Advanced Course in Engineering 2005 Cyber Security Boot Camp Air Force Research Laboratory Information Directorate, Rome, NY M. E. Kabay, PhD, CISSP

shaine-ashley
Download Presentation

INFORMATION WARFARE Part 3: Theory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INFORMATION WARFAREPart 3: Theory Advanced Course in Engineering2005 Cyber Security Boot Camp Air Force Research Laboratory Information Directorate, Rome, NY M. E. Kabay, PhD, CISSP Assoc. Prof. Information AssuranceProgram Direction, MSIADivision of Business & Management, Norwich UniversityNorthfield, Vermont mailto:mkabay@norwich.edu V: 802.479.7937

  2. Topics • 08:00-08:15 Introductions & Overview • 08:15-09:00 Fundamental Concepts • 09:05-11:55 Case Histories • 13:15-15:15 INFOWAR Theory • 15:30-16:00 Project Assignments

  3. Topics • What is INFOWAR? • Schwartau’s Levels of INFOWAR • Examples of IW levels • Military Approaches to IW

  4. What is INFOWAR? • Use of or attacks on information and information infrastructure to achieve strategic objectives • Tools in hostilities among • Nations • Trans-national groups (companies, NGOs, associations, interest groups, terrorists) • Corporate entities (corporations, companies, government agencies) • Individuals

  5. Dorothy Denning’s Nutshell • Information Warfare and Security (1999). ACM Press (ISBN 0-201-43303-6). • Offensive information warfare operations alter availability and integrity of information resources • Benefit of offense & detriment to defense • Offense acquires greater access to info • Defense loses all or partial access to info • Integrity of information diminished

  6. Denning’s Theory of INFOWAR • Information resources include people & tools • Containers • Transporters • Sensors • Recorders • Processors • Value of resource differs • Over time • To different people

  7. Psyops in Cyberspace • Digital “photographs” may not be photographs • Audio “recordings” may not be recordings • Log files may be fiction • Opinion polls may be nonsense • Election results may be fixed • Conspiracy theories may be true • References may be nonexistent • Facts may be illusory (see article “Junk Science”) • History may be recreation

  8. Schwartau’s Levels of INFOWAR • I: Against individuals • Theft, impersonation • Extortion, blackmail • Defamation, racism • II: Against organizations • Industrial espionage • Sabotage • Competitive & stock manipulation • III: Against nations • Disinformation, destabilization • Infrastructure destabilization • Economic collapse

  9. HUMINT INTEL COINTEL SIGINT COMINT ELINT FISINT MASINT IMINT TECHNINT OSINT Human intelligence Intelligence Counterintelligence Signals intelligence Communications Electronic Foreign Instrumentation Measurement & signals Imagery Technical information Open source intelligence Military Approaches to IW

  10. Information Warfare: Chaos on the Electronic Superhighway (1996.05) Winn Schwartau, The Security Awareness Co. • Overview • Military Model Must Reflect Changes in Warfare • What Is War?

  11. Schwartau’s View (1996.05) Overview • National economies increasingly virtual • Most money no longer tangible • Espionage increasing for economic benefits • 14% increase in espionage according to FBI • Must resolve problem of defending against powerful technology not limited to military use • Should define defensive posture against potential enemies’ capabilities, not perceived motivations

  12. Schwartau’s View (1996.05) Military Model & Changes in Warfare • Military systems are not necessarily the prime targets of attack • Psyops increasingly important: manipulation of perceived reality using the gullibility of the mass media • Attacks on software: increasing the failure rates of systems even when people are trying to reduce errors • Denial of service increasing: airports, phone systems, banks

  13. Schwartau’s View (1996.05) What Is War? • Physical attacks are no longer the only basis for defining acts of war • What will military and civil response be to concerted attack on civilian / industrial infrastructure? • taking down the banks • interfering with air-traffic control • damaging productivity of major industries • …and if this is war, what is the response?

  14. Schwartau’s View (1996.05) Destruction vs Reducing Competitiveness • Question: in a free-market world, not necessary to destroy enemy; need merely render less competitive • Response from Schwartau: • US govt must defend country, yet military limited to physical warfare • Classifying EW threats is foolish; should educate civilian sector • Should define conditions for termination of hostilities

  15. Schwartau’s View (1996.05) How do we know who is attacking? • Anonymity pervasive throughout cyberspace • Stealth attacks natural consequence of Internet architecture • Agents can be hired without knowing their handlers • Conventional intelligence services must wake up to electronic threats • See Information Warfare 1st Edition online http://www.thesecurityawarenesscompany.com/chez/IW1-1.pdf

  16. RAND on INFOWAR (1999.01) Strategic Information Warfare Rising— The RAND Corporation • mid-1998 (reported in press 1999.01) • Debate within the Pentagon • wisdom of offensive information warfare • cyberattacks on critical infrastructure worse for US • 4 basic scenarios • U.S. supremacy in offense and defensive strategic IW • strategic IW elites — no first use • global defensive dominance — arms control • market-based diversity — defend well, recover fast

  17. INFOWAR @ AAAS (1999.02) American Association for Advancement Science (AAAS) panelists • government • private industry • INFOWAR real threat • Need better cooperation among law enforcement officials around world • catch culprits responsible for attacks • Changes international law • extradiction suspects • Sceptics (e.g., Kevin Poulson) scoffed • no electricity by now if IW threat so bad

  18. Kosovo Cyberwar (1999.03) Attacks on US government & military agencies began 1999.03 • Serbian hackers • Retaliation for war against Serbs • As NATO bombing began in Serbia • "Black Hand" hacker group • "Serbian Angel" hackers • White house Web site defaced • Red letters"Hackerz wuz Here“

  19. European Basketball Contest (1999)

  20. Kosovo Cyberwar 1999.03 • Kosovo conflict generated flurry hacking • “First Internet War” • “First CyberWar” • “Web War I.” • Serbs & Albanians + supporters attacked each others' Web sites & NATO • “If you're looking for truth visit WWW.B92.NET” • “SAMURAI RULLEZ!”

  21. Kosovo Cyberwar (1999.03) Serbian viral attacks? • mi2g security group • London England • Notorious for sensationalist headlines • Pro-Serbian cyberwarriors sending virus-laden e-mail to NATO • businesses • hospitals • government agencies • Concerted effort • disrupt Kosovo air-war

  22. Asymmetric INFOWAR (1999.04) Countering New Terrorism by I.O. Lesser B. Hoffman J. Arquilla D.F. Ronfeldt M. Zanini & B.M. Jenkins • New terrorism more diverse • sources • motivations • tactics • More lethal global reach • Asymmetric strategy • less-capable adversaries • political violence

  23. INFOWAR @ DoD: (1999.09) • Marvin Langston • Deputy Assistant Secretary Defense (C3I) • Office Secretary Defense's Deputy Chief Information Officer • National Defense University group September • Pentagon needs put more effort into defensive & offensive information technology • DoD's dependence commercial off-the-shelf software (COTS) • impossible achieve information superiority • DoD must invest much more research development for particular technological needs

  24. INFOWAR? Nonsense, says Christy (1999.09) • US has never been target of information warfare • James Christy • Defense-wide Information Assurance Program (DIAP) • Cybercriminals not cyberwarriors • Fundamental difficulties responding • military has expertise computer crime but • cannot help law enforcement agencies without presidential directive

  25. INFOWAR? Nonsense. (cont’d) • Civilian sector ignorant of computer crime countermeasures • Can’t tell cyberattacks under way • most victims keep information secret • don’t help law enforcement investigators • Precise attribution & blame extremely difficult in cyberspace — anonymity • Public favors privacy over cybercrime prevention & law enforcement — ignorance • Jurisdiction over cyberspace crimes confused — competing geographical claims

  26. INFOWAR in Oz? (1999.10) • Foreign (US?) military site attacked Stocik Exchange late 1998? • Richard Humphrey • Managing Director Australian Stock Exchange • implied attacking site was in USA • “Foreign government” denied any possibility such attack from military site • Urged changes to Australian laws • make it easier to try hackers • present laws require criminal hackers be apprehended in act of hacking

  27. INFOWAR / China (1999.11) • Importance of INFOWAR grows in PRC • Chinese military newspaper Jiefangjun Bao • authors Leng Binglin, Wang Ylin, Zhao Wenxiang • For maximum war role, must integrate INFOWAR with other combat actions • Cybersuperiority necessary but not sufficient for military victory today

  28. INFOWAR / China (2000.02) Taiwan Research Institute • Gird itself against information warfare • People's Republic China • Elements IW: • disruption critical infrastructure • disruption military C3I ops • misinformation campaigns • damage economic activity • lower morale on island before initiating conventional warfare

  29. INFOWARGAMES (1999.11) Institute for Security Intelligence's Center for Technology Terrorism & Jane's Publications • War-game simulation (did not really hack) • IRS primary target • False information, denial of service • Hack into IRS audit system • Send out millions audit & tax-due notices • Tap into immigration control (Dept State) to issue visas to known terrorists • Create fake documents — IRS investigating personal lives members Congress • Leak fakes to media + send fake compromising photographs

  30. Critical Infrastructure Protection (1999.11) Information Technology Association of America (ITAA) Statement of Principles • Importance protecting national information infrastructure • Private industry: primary authority • Lowest possible government regulation in critical infrastructure protection • Call for distinctions among cyber-mischief, cybercrime, cyberwar • Appropriate law enforcement agencies take charge specific cases • minimal jurisdictional confusion • assurance clear legal basis for prosecution

  31. German Government Plans Net Defenses • German plans for early-warning of hacker attacks (2001.05) • Build Computer Emergency Response Teams throughout country • Increased cooperation should permit rapid response to hacker attacks

  32. Republic of Korea warns of Cyber Attacks • ROK Ministry of Information and Communication issues warnings (2001.05) • Concern about US & (PRC) Chinese hackers using Korea as staging ground for INFOWAR • KISA launched special task force against US and Chinese attacks • Instructed Korean Internet-site operators to report unusual traffic at any time

  33. US Warns of Military Response to Cyberattacks • Richard Clarke tells Senate Judiciary Committee of plans for retaliation (2002.02) • White House Technology Advisor says that cyberattack would be met “in any appropriate way: through covert action, through military action, any one of the tools available to the president.”* • In 2003.02, President Bush signed an order authorizing development of guidelines on unilateral or retaliatory cyberattacks against foreign computers and networks *Question: HOW DO YOU KNOW FOR SURE WHO IS ATTACKING YOU?

  34. STRATCOM focuses on Cyberwar • U.S. Strategic Command (Stratcom) will focus on computer network attack (2003.02) • Stratcom now in charge of global command, control, communications, computer, intelligence, surveillance and reconnaissance (C4ISR) capabilities • “All pieces of the enemy's system of systems that are valid military targets [are] on the table as we go about war planning.” • “…Unimportant whether we take out a computer center with a bomb or a denial-of-service program. If it's critical to the enemy and we go to war, it will be in our sights.”

  35. Cyberwar Games for US Military Cadets • West Point Cyber Defense Exercise pits military students against NSA experts (2004.04) • 4-day exercise in April 2004 • NSA Red Team (“Red Cell”) attacked networks • No hackback • No sabotage • USMMA (Merchant Marine Academy) team won contest by maintaining services and recovering faster from attacks

  36. Cyberattack Implications Studied • Cyberterror impact, defense under scrutiny (2004.08) • Coordinated cyberattack against U.S. could • topple parts of Internet, • silence communications and commerce, • paralyze federal agencies and businesses • disrupt $M in financial transactions, • hang up air traffic control systems, • deny access to emergency 911 services, • shut down water supplies and • interrupt power supplies to millions of homes • More than 2 dozen countries have “asymmetrical warfare” strategies

  37. North Korea Ready for Cyberwar? • North Korea ready to launch cyber war (2004.10) North Korea has trained more than 500 computer hackers capable of launching cyber warfare against the United States, South Korea's defense ministry says. In a report to the National Assembly's National Defense Committee, the ministry said that hackers from North Korea were among the best in the world. --Agence France Presse

  38. Cyberterrorism by 2006? • Cyberterrorism a possibility in two years (2004.10) Cyberterrorism could become a reality in 2006, a leading UK information security expert has said. Speaking at the SC Magazine Conference in London on Thursday, October 21, director of information security for Royal Mail David Lacey said that that the world would witness cyberterrorism within two years. Lacey said, “there is a lot of consistency in research that shows many of the real risks won't come to a crescendo until then. We know a lot about some of the trends coming. Real terrorists have not had the capability to carry out threats. But that will change as the stakes get higher.“ --ZDNet (UK)

  39. New Cyberwar Command Center • Cyber warriors anticipate center (2005-02) Personnel in the military's new cyberdefense organization hope to operate a new command center by late spring. The facility will include new hardware and software to help workers of the Joint Task Force-Global Network Operations (JTF-GNO) operate, manage and defend the military's 10 computer networks. "It will be a state-of-the-art facility," said Army Brig. Gen. Dennis Via, deputy commander of the JTF-GNO. He spoke Wednesday, February 23 at the Department of Defense Global Information Grid Enterprise Services conference held by the Association for Enterprise Integration, an industry trade group. The opening of the new command center coincides with JTF-GNO becoming fully operational. --Federal Computer Week

  40. Chinese Cyberwar From South America? • U.S. officials warn of Chinese intelligence and cyberwarfare roles in Latin America (2005.04) U.S. officials … warned about Chinese intentions to establish an intelligence and cyberwarfare beachhead in the [S. America]. Roger Noriega, assistant secretary of state for Latin America, and Rogelio Pardo−Maurer, the top Defense Department official for the Western Hemisphere, testified before a House panel [and] said China's interests in Latin America were mostly on the economic side, but warned that Beijing could also have an intelligence agenda as it increased trade with Latin America. Pardo−Maurer said that “we need to be alert to rapidly advancing Chinese capabilities, particularly in the fields of intelligence, communications and cyberwarfare, and their possible application in the region.” --Miami Herald

  41. DISCUSSION

  42. Class Resumes at15:30:11

More Related