260 likes | 299 Views
Information Warfare Theory of Information Warfare. Reading list. This lecture Denning Chapters 2 Denning, D. E. Stuxnet: What Has Changed? Future Internet 2012, 4 , 672-687 . ( .pdf ).
E N D
Reading list • This lecture • Denning Chapters 2 • Denning, D. E. Stuxnet: What Has Changed? Future Internet 2012, 4, 672-687. (.pdf)
Information Security: “The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional.” (U.S. federal standards) • Information assurance: Information security + defensive information warfare • Information Warfare: Only intentional attacks + offensive operations
Information Dominance Information Dominance - a condition that results from the use of offensive and defensive information operations to build a comprehensive knowledge advantage at a time, place, and on decision issues critical to mission success – from the IW Site, http://www.iwar.org.uk/iwar/resources/info-dominance/issue-paper.htm
Information Warfare • Information resources • Players • Offensive operations • Defensive operations WIN-LOSE NATURE OF OPERATIONS
Way of Thinking • S. R. Covey: 7 Habits of Highly Effective People • Habit 4: Think Win-Win • Character-based code for human interaction and competition • Win-lose zero-sum game, competing for limited resources • Win-win the ultimate winner? • How are these direction affecting our (cyber) future?
Value of Resources • Exchange value • Determined by market value • Quantifiable • Operational value • Determined by the benefits that can be derived from using the resource • May no be quantifiable • May not be the same value for each player (offensive and defensive players) • Actual (before) and potential (after) value • Give examples!
Players • Offense: motives, means, opportunity • Insiders, hackers, criminals, corporations, government, terrorists • Defense: protection • Federal Bureau of Investigation • U.S., Secret Service • Department of Treasury • Department of Defense • National Institute of Standards and technology ROLE OF GOVERNMENT
Offensive Information Warfare • Target: particular information resources – resources does not need to be owned or managed by the defense • Objective: increase the value of the resource for the offense and decrease it for the defense • Gain: financial, strategic, thrill, etc. • Loss (defense): financial, tactical, strategic, reputation, human loss, etc.
Cost of Information Warfare • Monetary expense • Personal time • Risk of getting caught • Punishment • Resources used • Measuring cost of cyber attacks
Offense • Increase availability of resource • Decrease integrity of resource • Decrease availability of resource for defense
Defense • Prevent availability of resource for offense • Ensure integrity • Ensure availability
Offense: Increased availability • Collection of secret: • Espionage (illegal) and intelligence (may be legal) • Piracy • Penetration (hacking) • Superimposition fraud • Identity theft • Perception management
Offense: Decrease Availability for Defense • Physical theft • Sabotage • Censorship
Offense: Decreased Integrity • Tampering • Penetration • Cover up • Virus, worm, malicious code • Perception management • Fabrication, forgeries, fraud, identity theft, social engineering
Defense • Prevention: keeps attacks from occurring • Deterrence: makes attack unattractive • Indications and warning: recognize attacks before it occurs • Detection: recognize attacks • Emergency preparedness: capability to recover from and response to attacks • Response: actions taken after the attack
IW Activities • Context of human actions and conflict • Domains: • Play: hackers vs. owners • Crime: perpetrators vs. victims • Individual rights: individuals vs. individuals/organizations/government • National security: national level activities
Play • Playing pranks • Actors: hackers/crackers/phreakers • Motivation: challenge, knowledge, thrill • Culture: social/educational • “global networks” • publications • forums • Law
Crime • Intellectual Property Crimes • IT targets: research and development, manufacturing and marketing plan, customer list, etc. • Attacker: insiders, formal insiders • 1996: Economic Espionage Act (U.S. Congress) • Fraud • Telemarketing scam, identity theft, bank fraud, telecommunication fraud, computer fraud and abuse • Fighting crime
Crime • Actors: • Employees • Temp. staff • Vendors • Suppliers • Consultants • Trade secrets • Identity theft • Law
Individual Rights • Privacy • Secondary use of information • Free speech • Harmful/disturbing speech • Theft and distribution of intellectual property • Censorship
National Security • Foreign Intelligence • Peace time: protecting national interests • Open channels, human spies, electronic surveillance, electronic hacking (?) • War time: support military operations • U.S. Intelligence Priorities: • Intelligence supporting military needs during operation • Intelligence about hostile countries • Intelligence about specific transnational threats • Central Intelligence Agency (CIA) • Primary targets in U.S.A.: high technology and defense-related industry
War and Military Conflict • IT support, e.g., sensors, weapons, surveillance, etc. • Psyops and perception management • Physical weapons (?) • Cyber space battle (?) • Unmanned devices (?)
Terrorism • Traditional: • Intelligence collection • Psyops and perception management • New forms: • Exploitation of computer technologies • Internet propaganda • Cyber attacks (electronic mail flooding, DOS, etc.) • Protection of national infrastructure