Docstoc

Information Warfare Tutorial

Document Sample
Information Warfare Tutorial Powered By Docstoc
					9 January 2013

Information Warfare Tutorial



http://www.au.af.mil/au/awc/awcgate/iw-army/intro.htm

Return to Information Operations Center
This tutorial originally developed by Army War College,
It was last updated Feb 1998, but still has value as a primer.

Last Updated: 02/17/98, Downloaded: 09/07/98


Welcome to the
Information Warfare Tutorial

This tutorial is a condensation of material presented through an advanced course dedicated to the subject of
Information Warfare and offered by the US Army War College. NSA Visiting Professor, Mr. Robert F.
Minehart, Jr. has developed and is currently teaching the course which is offered as an elective. The material in
this tutorial represents an unclassified version of the advanced course and parallels the content being encoded
into a stand-alone, multi-media tutorial. The beta version of the stand-alone tutorial is ready for distribution
effective 15 January 1997. Public, corporate and government input will be sought during the beta period with
final call for input 15 May 1997. The final version including beta solicited input will be available by mid to
late summer 1997.

Although this version will not be replete with sounds, film clips, and images like the stand-alone version, it is
based on the same material as the multi-media version. It should serve well as a concise, summarized reference
for those who want the bare content.



The following is a table of contents for the tutorial modules:

      Executive Summary
      Module 1 - How Did We Get Here?
      Module 2 - The Threat.
      Module 3 - DoD Roles and Missions.
      Module 4 - Information Assurance.
      Module 5 - The Political Quagmire.
      Module 6 - IW Weapons.
      Module 7 - Loss of Sanctuary.
      Module 8 - The Military Perspective.
      Module 9 - Recommendations.
      Module 10 - Summary and Conclusions.
      References

DSB, Access the associated findings of the Defense Science Board. [link updated 22 Jan 00 by AWC]




Executive Summary

The Internet was born from a Department of Defense (DoD) requirement for a survivable communications
system, as a result cyberspace is now a reality. Individuals are discovering a political and social freedom never
before imagined, but new threats are on the horizon. Just as the threat of nuclear war once forced leadership to
develop national security policy focused on defending America, so will Information Warfare emerge as a threat
requiring our leadership to consider an Information Civil Defense.

A comparison between the Cold War period and today yields an interesting perspective. During the Cold War
the United States government leveraged over 90% of all telecommunications research. Today, the United
States government contributes to less than 10% of telecommunications research; as a result, our government
has much less influence on establishing industrial standards.

Information Warfare is a threat because it levels the international playing field (political, economic, and
military), i.e. most nations cannot challenge American policy using traditional force-on-force warfare.
Information Warfare is very cost effective and offers a non-attribution capability. Most importantly, the United
States is the most vulnerable of all nations to IW. DoD is critically dependent upon the public switched
infrastructure though it has no control over and little ability to influence security standards.

International espionage is being redirected from the individual with access to secret information toward
network administrators. Nations are determined to acquire America's customer base. Industrial espionage will
escalate into industrial sabotage. The Defense Information Security Agency (DISA) has proved that
government networks are vulnerable. There are strong indications that an entirely new management philosophy
is needed to counter 21st century spies.

Tomorrow's military will continue to stand ready to defend America against the two major regional conflict
(MRC) scenario; however, it can be forced to do so with fewer resources. Economizing can be pursued through
advanced Command and Control Warfare. Further, America's military will be more able to extend their global
reach utilizing an offensive information warfare strategy. Tomorrow's military will prepare the theater of
conflict by seizing control of all critical infrastructures utilized by the enemy. Tomorrow's enemy will only be
able to communicate, finance, or logistically relocate that which our leadership allows. Our adversary will be
blinded by a complete cyberfog.
Currently the Joint Chiefs of Staff have offensive and defensive groups addressing both issues. Mechanisms
are currently in place and being honed to ensure that each new strategic weapon is controlled within the
required release authority. However, from a defensive perspective, DoD is currently inhibited by limited
authority which prohibits involvement in securing the public and corporate sector of America's critical
infrastructure.

Government's authority for securing America must be expanded to protect our nation from groups that wish to
influence U.S. policy through infrastructure attacks. Our nation's leadership, both political and industrial, must
define a process by which government can prosecute such groups which seek to attack from outside the United
States. Likewise, our leadership must equip local and federal law enforcement with effective policy focused to
counter such attacks from within.

The threat posed to America's infrastructure via IW attacks is by its nature non-partisan. The threat is real and
is focused against all of America. As a result, our political leaders will come to closure on this issue quickly
once they are provided with adequate assessments of the threat and needs of the individual and industry. Our
policy makers can be drawn back to our fore-father's belief that individual's rights are granted by God and
secured by government. As a result, they will be challenged to determine the delicate balance between
individual and society's rights - this will represent the heart of the debate.

The focus for change must come from Congress, however all branches must contribute. The President must
direct the Executive Branch departments and agencies to provide critical information (data) for use by
Congress, Industry, and the public in forming the national debate. Likewise, the Supreme Court will, as it has
in the past, ensure that legislated policy does not encroach on the rights of Americans. Corporate America can
be called upon to provide a realistic view of industry's security needs. This view is currently not possible as
most of corporate America is either fearful of disclosing the extent of the threat, or is unaware of the intentions
of its adversaries. Finally, Congress must receive a balanced view from its constituents. The people must
educate themselves to the issues and voice their opinion.

There is value in looking at our nation's transition during times of great change, e.g., the industrial revolution,
the Great Depression, and the nuclear threat (Cold War). During each period free enterprise provided the
technical means to a solution. Likewise, during each transition, there was a new assessment of the balance of
rights.

Specific Lessons from History

      Legislative actions have historically supported economic and industrial growth.
      U.S. Courts have leaned toward the rights of the individual. The right to privacy has and will continue
       to be at the center of debate.
      The technical solutions to all of America's needs have come from the industrial sector.
      Divestitures such as AT&T's could benefit other critical infrastructures such as electric power.

Information Warfare Weapons fall into the following categories: Strategic National, Strategic Theater,
Operational, and Tactical. Each category has its own unique capabilities and thus requires different safety
mechanisms to prevent inadvertent release. The Commander In Chief (CINC) implements the directions of the
President. During the planning process the CINC can be the single person responsible for the overall campaign
and will select the weapons to be used, but just as in the case of nuclear weapons, IW weaponry will require a
higher level of coordination and authorization for release.

Many nations in competition with the United States, either in the political or economic realm, are actively
developing IW capabilities. Such nations hope to use these capabilities to gain an industrial edge by stealing
U.S. industrial secrets, and when possible, disrupt our nation's industrial base.

America has typically enjoyed a protected sanctuary provided by the two great oceans it borders. Not until
Pearl Harbor and the subsequent nuclear threat did America become aware of its loss of sanctuary. With the
fall of the Iron Curtain and the end of the Cold War, Americans have returned to believing a protected
sanctuary still exists. Cyberspace has no geographic boundaries. Further, nations are contracting the efforts of
cyber-terrorists to maintain non-attribution. America's sanctuary has been lost. Our nation is under a quiet,
systematically organized attack by many forces whose goal is to topple America's position as world leader.

Just as America's military transitioned into the industrial age and adopted the concept of mechanized war, so
will it adapt to the concept warfare in the information age. That said, the transition will not be easy. The Army
has and will always command the ground aspect of warfare. The information revolution will provide a
battlefield (situational) awareness unimaginable today, and precision guided weapons will allow a greater
stand-off distance from our adversary. The Navy (and Marine Corps) will continue to control the seas and
provide the heavy strategic reach capability America now enjoys. Global sensory networks will ensure the U.S.
Navy has the capability to track any form of naval enemy on a global basis. The Air Force and its command of
the skies will continue. The ability to precision strike a hostile nation's command and control, air defense, or
critical infrastructures can be just a push button away. Precision strike will place munitions on a target in ways
now considered impossible.




How Did We Get Here?
Module 1
The Lesson



The module learning objectives:

      To explore the concept of the Information Revolution by looking to the period of the 1950's to present.
      Present the user with enough information to answer the question, How did we get here? in the context
       of Information Warfare.
      To answer the questions: What is Information Warfare? And, why is it an issue?
The Beginning

We can recall images of the ancient courier with a message written on his scalp.

Most of us have seen movies where the medieval king applies the royal seal that verifies the message to be his
own.

Looking to the American Civil War, we can recall the use of signal towers on which communicators relayed
the commander's message via flags.

As time marches on, leaders need faster and more efficient means to communicate.

Both speed and distance were overcome by the use of electronic communications. Advances were made in the
speed by which information could flow, travel far distances, and be encoded.




                                The pace of communications development during the early 20th century was
nearly linear. Advances in one trade motivated advances in another. During WW II all aspects of
communication were utilized by both the military and civilian sectors. President Roosevelt, the Great
Communicator, used the air waves to rally the American people and government.



Introduction of the Atomic Age, 1945




                              The spark that started the information flame that is now burning was struck by
the atom bomb. This flame is known as the Information Revolution.

The concept of immediate and complete destruction induced leaders to reconsider every aspect of government
operations. America responded by preparing both the government and civilian infrastructure for the what-if
Scenario. The strike from the blue nuclear threat forced our government into an unprecedented level of inter-
agency cooperation. Communications technology played a major role in not only providing indicators and
warning of an impending threat, but also made effective command and control possible. As a result,
communications research and development became a pivotal technology in securing our nation. Now one could
argue that the emerging threat posed by the information revolution calls for our nation's leaders to pull together
and consider an Information Civil Defense policy, i.e., Information Assurance.

It is important to realize just how frightened America became during those years. You may recall the term duck
and cover?



Images of total destruction generated a national fear that supported the massive build-up of the defense
infrastructure.

THE TRUTH: Barring the instantaneous collapse of the Russian government, a contingency I do not foresee
under present circumstances, war is inevitable. When the leaders in the Kremlin are convinced that their
superiority in nuclear weapons and the means to deliver them are superior to ours by a proportion sufficient to
enable Russians to destroy Americans with acceptable damage in retaliation, they will not hesitate to use them.
Although the carnage will be horrible, civilization will not be wiped out -- Russian civilization, that is.
2. There can be no defense against atomic weapons; we are doomed to destruction and can only despair....
Kenneth D. Barrett, The Deception of Civil Defense, 1964, Independence Press, Inc.


The Network

After 1945, the communications user base grew by several orders of magnitude. Our nation's leadership needed
the capability to know within minutes of an impending Soviet attack.

Each of these national efforts had a voracious appetite for communications bandwidth.

Further, the traditional point-to-point communications concept became obsolete. The network concept was
born.



The birth of ARPANET from the original DARPA requirement soon evolved into the INTERNET most of us
use today. What started as a government initiative soon became essential to computer-equipped commercial
organizations; similar to the current adoption/transition of the Global Positioning System (GPS) by the civilian
sector is another example.

In 1960 DoD leveraged more than 90% of the telecommunications research. Today, DoD contributes less 10%.
This is an important point to consider as DARPA would not have been able to encourage the American
industrial base to adopt the computer-to-computer communication protocol (TCP\IP) without such influence.
For the past ten years, enhanced communications capabilities have been shrinking the world. The futurist,
Alvin Toffler refers to a Third Wave, information revolution which started in the mid 1980's and is guiding us
toward an information-based society. He claims that Information has power and that an information-based
evolution will significantly change our political, economic, industrial, and domestic systems.



The Public Trust (Then and Now)

Our nation has experienced another change since the early days of the Cold War - the erosion of public trust.
The American people expected their government to protect them from the Cold War threat. It was understood
that security meant secrecy. The WW II jingle loose lips sink ships was still in the minds of most Americans.
The Rosenberg trials and convictions publicly confirmed that the Soviet Bear was out and about.

However, events such as Watergate and the Pentagon Papers forced many Americans to question the activities
of their leadership. This growing concern motivated Congress to act in the mid 1970's. Reacting to a public call
for greater control and openness, Congress dramatically changed the way it processed legislation. Americans
could now examine their government's specific actions as role calls and voting activities were open to public
record.

It is important to recognize the magnitude of change in public trust over the past six decades. In the early days
of the cold war people would not have questioned our government's actions to provide security. The
classification of key technologies and export control was accepted. Cryptographical advances were considered
national treasures worth protecting.

Today Americans demand tight controls to prevent any abuse of power by government officials. Further, the
balance of individual privacy vs. national security has shifted toward the individual. Once a national
technology, cryptography is now considered an intellectual novelty for public use and discussion.

As our nation's policy makers develop information age legislation, the degree of public trust will greatly
influence their decisions. Policy makers will find it increasingly more difficult to tell the public that legislation
is motivated on a classified portrayal of threat. The people will demand an explanation. This will challenge
many departments and agencies to develop new methods of operation. Political inertia from behind
government's closed doors will resist the transition to new policy, but change is unavoidable. Departments and
agencies will learn to adopt a widely accepted academic term, publish or perish.



What is Information Warfare?

The term information warfare is misleading and is often shunned by high level policy makers. The concern is
that information warfare implies some sinister plot by government to control the information realm often called
cyberspace. This is not the case. Unfortunately, changing the term now may derail a movement within
government and industry focused on defending America in the new information age.

Our nation is becoming a network of networks (system of systems). For the past twenty years operations once
performed by humans are now handled by computers; consider the modernization of the auto assembly line.
Our nation's power grids, natural gas pipe lines, and transportation systems are all managed by computer
networks. Both Federal Express and United Parcel Service critically depend upon their computer networks to
get the package there on-time, as do our nation's railways and shipping industries. Consider what havoc a
hacker could create in those data bases. Looking deeper into our nation's dependence on computer networks we
find that our nation's industry designs and manufactures its products on Computer Aided Design/Computer
Aided Manufacturing (CAD/CAM) systems. For example, the Boeing Commercial Airplane Company
completely designed and manufactured the new 777 airliner in virtual space, i.e. a paperless design. Further,
the 777 is the first commercial airliner to use Fly-By-Wire technology - when the pilot moves the control yoke
he has no direct connection to the flight surfaces. He is simply sending signals to a computer that in turn sends
commands to powered actuators. Sensors on the various flight control surfaces send periodic data to the
computer as to their configuration. What would a computer virus do to one of these systems?

Until recently the aforementioned networks were protected by isolation, i.e. they were not connected to outside
data networks. However, as we enter the information revolution these networks will become part of the
networks-of-networks. The connection of these networks make their operation better as the systems are able to
communicate. However, the same interconnection introduces the possibility that an unauthorized intruder may
enter and corrupt the system.

Note: during the early days of the Cold War, DoD maintained dedicated, redundant, and survivable
communications. Today, 95% of DoD communications ride on the public switch network. America has
witnessed hackers who easily penetrated and manipulated the public switch network. Can our nation's
communications net withstand a coordinated attack from a hostile nation state? Should DoD be concerned for
the security of the public switched network?

America's economic, political, and industrial infrastructure are now open to attack via the net; this is the
essence of Information Warfare (IW). IW offers hostile entities the capability to exploit, disrupt, and/or destroy
our nation's ability to operate.

Why are hostile forces looking to information warfare?

   1. No other nation, political group, or crime cartel has the ability to challenge the U.S. in a traditional
      force-on-force engagement. Consider the early days of our Revolutionary War and the way British
      troops were trained to fight. They lined up in columns and marched head-on into battle. Our patriots
      challenged this conventional method of warfare and took cover. America's adversaries, like our
      revolutionary ancestors, are now posturing for a new form of warfare fought within the information
      sphere. This new type of warfare can make it possible for them to exert their will on America.
   2. War fighters have always considered an adversary's political, economic, and industrial infrastructure as
      strategic targets. The information revolution now offers them the ability to strike America by non-lethal
      means, many times, without attribution. The ability to exploit, disrupt, and or destroy our nation's
      infrastructure by attacking its computer based operation, makes information warfare a very cost
      effective weapon to our adversaries.
Summary

The challenges facing America's future are not unlike those of the early 1950's. The difference is that the
nuclear threat is replaced by a new threat. IW effects may weigh heavily on the future of our nation. Over the
next decade our nation will have to adopt some type of Information Policy, that establishes a means of
coordinating the defense of America's infrastructure. Likewise, DoD and the Intelligence Community need to
develop methods of providing critical technology and information to the public and commercial sectors.

Here are the important points of this module:

      Then: DoD leveraged the majority of research. Now: Commercial demands drive development.
      ARPANET's utility has evolved into a basic requirement.
      The public trust of government has been severely degraded.
      Information Warfare = a new way for hostile forces to exert their influence on America's economic,
       political, and industrial infrastructure.
      Why IW? America has virtually eliminated other nation state's ability to project classic force-on-force,
       i.e., our nation's military capabilities so dominate those of other nations, few can challenge America
       militarily; therefore, most nations of the world have effectively lost their element of military power
       when dealing with America policy.
      During the Cold War DoD maintained separate, dedicated, hardened communications. Today, 95% of
       DoD communications ride on the public switched network.




The Threat
Module 2
The Lesson



The module learning objectives:

      Identify the IW threats to DoD's information infrastructure and, in a broader sense, America's data
       networks.
      Address some of the sociological implications of an IW attack.



You must consider the various perspectives of IW threats:

   Perspective                       Concern
Corporate        Security, reliability
FBI              Criminal activity
Treasury\banking Security,non-reputability
DoD              Defense
Intelligence     Espionage - Input unavailable for beta version


What is DoD's concern?

After all, internal Continental United States (CONUS) policy is not it's concern...

Or is it?

There is a shared responsibility between managing DoD and commercial networks.



Why is DoD concerned?

DoD uses closed systems, router and firewall protection, and encryption in order to secure critical networks
and message traffic; however, these secured transmissions ride on the public switched network, which has been
proven to be vulnerable to IW attacks.

The enemy is turf blind. It does not worry about what is DoD or Public.



Information Warfare does not equal Computer Warfare.

Computer Warfare (CyberWar) is a subset of Information Warfare.

Many aspects of IW can be waged without the use of the computer. Take, for example, Somalia.



Threat Model

The following is a model that you can trace through for responding to IW threats.
Summary

Hopefully the case studies have illustrated that there are a variety of IW threats possible.

Here are the important points to this module:

      IW is not restricted to the technical world. Remember Somalia?
      In the past, links were the primary targets to exploit, while links and nodes were targets for denial and
       destruction. This is classic C2W.
      In the this new world, nodes and information are the primary targets for hackers and foreign intel.
      Now you have two new concerns: radical groups and commercial off the shelf software (COTS).




DoD Roles and Missions
Module 3
The Lesson


The module learning objective:

         To consider the question of who does what, who should be doing what, and what policy is in place that
          provides specific authority for both defensive and offensive IW.



Why is DoD involved in Information Warfare?

Consider the two perspectives:

   1. The offensive perspective. DoD must maintain the leading edge in warfighting capability.
   2. The defensive perspective. DoD must defend America (a shared role).



The DoD is critically dependent on information technology.

In the past:

DoD maintained a dedicated hardened communications capability.

Today:

Current technology offers better commercial communications services than past DoD systems. This coupled
with declining budgets, has driven DoD to the commercial sector for communications needs.

Result:

Currently, 95% of DoD communications ride on the public switched networks.

Concern:

DoD has no authority to provide guidance on securing the public net.



So, What is DoD's role?

   1. Develop new weaponry that will operate in the new information infrastructure.
   2. Coordinate DoD policy with national policy needs. This can be done through executive committees,
      congressional support, and commercial interface.
   3. Ensure efficient use and system interoperability (ASDC3I).
      4. DoD procurement - solving future challenges in acquisition and technology (e.g, commercial, off-the-
         shelf purchases (COTS)).



Here are some DoD agencies who have an important role in IW:

         Defense Advanced Research Projects Agency (DARPA) - previously known as ARPA, has
         traditionally coordinated leading edge technology development, and is now focusing on information
         security technology.
         Defense Information Systems Agency (DISA) - DISA takes the lead in securing DoD unclassified, but
         sensitive networks.
         National Security Agency (NSA) - has the responsibility for securing the nation's classified data
         networks as well as managing the nation's cryptographic (code-breaking) activities.


The Joint Chief of Staff

Within DoD, the IW division of effort resides with the Joint Chief of Staff.

J3 is responsible for offensive IW. It coordinates development and approval for release of all IW weaponry.
Whereas, J6K is responsible for defensive IW. Further, the J6K acts as the Information Assurance policy
coordinator and, focuses DoD's IW education in conjunction with the J7 and ASDC3I.

The split nature of the JCS will likely precipitate a change toward unification of both offensive and defensive
IW. Since historically, the military's primary role is warfighting, it would be reasonable to assume that the J3
and J6 will merge their IW mission under the J3 umbrella. Look for similar merging of offensive and defensive
missions throughout DoD organizations and agencies.



How does DoD ensure that public systems on which the military depends are secure?

The question of who will coordinate the processes of securing America's information infrastructure is still
unanswered, but it is unlikely that DoD will assume this role.

Information Warfare may be likened to waging Infrastructure Warfare. Whoever is responsible for managing
the infrastructure will probably assume some key responsibilities in securing America.



So, what is the DoD role at the national strategic level?

To lead from behind.

and
   1.   Provide sound advice on the exact nature of the threat.
   2.   Provide information (knowledge) gained by past experiences (i.e., what works and what does not).
   3.   Provide technical expertise when requested.
   4.   Form partnerships with state and local governments as well as with the commercial sector.



DoD's most important role

As a result of Watergate, Vietnam, and other associated events, public trust in the government has steadily
eroded over the past six decades. This erosion has also affected the DoD's image. Many Americans believe that
DoD is not in line with main stream culture, e.g., policies on gay's in the military and sexual harassment (Tail
Hook). It is a common belief that the Pentagon is looking for a new global threat now that the Cold War is
over; that the Information War is the new global threat used to acquire additional DoD funding. Reinforcing
these views is the recurring question what is big brother up to? Given that situation, it is clear that the public
will demand strong evidence before accepting an expansion of DoD's role into cyberspace.

This cannot be understated: DoD must take steps to re-establish the public trust and provide clear evidence that
the IW threat is real. The first steps are:

       Openness
       Education

Public trust is critical. Americans should not have ask What is my government up to?



Summary

This module contained two simple, yet important messages. DoD must accomplish these two tasks to
accomplish its IW mission:

       DoD is dependent on the civil infrastructure. DoD must share responsibility with the civil sector for
        defense of the national information infrastructure.
       Government department and agencies will have to develop a strategy for leading from behind.




Information Assurance
Module 4
The Lesson
The module learning objective:

      To define the concept of National Information Assurance and identify related national policy issues.



Before we continue with this module, let's review the previous 3 modules:

Module 1 Review

Then: Money was available through DoD sponsored research. Now: Commercial demands drive development.

The birth of ARPANET evolved into a basic requirement.

Then: Public trust of government was high. Now: Public trust of government is low.



Module 2 Review

IW is more than technical, i.e. Somalia.

In the past, network links were the primary targets for exploitation, and links and nodes were targets for denial
and destruction. Classic C2W.

In this new world, nodes and information are the primary targets for hackers and foreign intelligence.

There are now two new concerns: radical groups and commercial, off-the-shelf software (COTS).



Module 3 Review

DoD is now dependent on the civilian infrastructure.

DoD must share the responsibility with the civilian sector for defense of the national information
infrastructure.

The President, Congress, Supreme Court and the commercial sector will divide the baby.

Government departments and agencies will have to develop a strategy for leading from behind.



In this module we will address these major points on Information Assurance:
   1.   Who, what, when and why (roles perspective).
   2.   DoD's role (past attempts).
   3.   Risk management (nodes, links, and information).
   4.   Defense strategies: red team approach vs active defense.
   5.   Management challenges.



From the National Security Strategy, February 1995:

The threat of intrusions to our military and commercial information systems poses a significant risk to national
security and must be addressed.

That, by now, should be obvious. The real concern is:

Are we under attack right now? And if so, from whom?

Redefining and maintaining security is a national concern. DoD and the Intel community must design a method
that will provide critical threat and technical knowledge. They must also cooperate with the private sector.



Who Are The Real Players?

Some of the real players who will influence the political process and build the solutions:

       Sun Micro Systems
       Microsoft
       Motorola
       Intel
       IBM
       Apple
       And many others...

With DoD leading from behind!



Accreditation Shortfalls

Past DoD attempts in securing the information infrastructure mainly involved an accreditation process. This,
unfortunately, did not work well because of these shortfalls:

       Inconsistent accreditation decisions were made independently for interdependent systems. This resulted
        in non-uniform protections across common DoD infrastructure. Also, the weaknesses in one
        community undermined the security of others.
      Security assessments are costly, time-consuming processes.
      Security was not adequately addressed during the development and maintenance of the systems, which
       resulted in ineffective or inefficient security.
      Inefficient integration across DoD efforts resulted in duplication and approaches that did not meet
       common DoD needs.



Accreditation Consequences

The shortfalls of a DoD accreditation system led to the following consequences:

      Erratic protection for DoD information systems.
      Cost of protection too high.
      No means to cope with new technology.
      Once accredited, a false sense of security exists, that is until the next detected attack.



Defensive IW Implementation

Any proposed defensive IW implementation must encompass all of these areas:

      Doctrine
      Policy
      Organizational Infrastructure
      Assessments
      Technology
      Education & Training



Active Defense

If accreditation does not work, what about an active defense? This implementation also has shortfalls. Most
importantly, an active defense would violate U.S. criminal code on computer crime, e.g., 18 USC 1030
(a)(5)(A).

Consider also the following scenario: What if the hacker is using his/her parent's business computer or is using
an assigned computer at the Washington Post, Sony, or the Pentagon?

Using an active defense would damage not only the hacker's files, but also the files of the legitimate computer
owner/user. What if a computer being used by a hacker, doctor's son, belonged to your doctor and the files
destroyed by an active defense were your patient history files?

Other considerations:
      Both good guys and hackers use the Internet.
      Hackers use sniffers.
      Hackers loop & weave.
      Hot pursuit and active defense may not be options.



If Active Defense is not an Option...

There are recommended strategies to deal with hackers who enter your network. Once intrusion is detected,
you have several options:




                               Sometimes the best offense is a good defense...


IW Defensive Strategy

What works?

   1. Manage your security - set policy for what is allowed, and what behavior is prohibited.
   2. Banners that announce monitoring to be read by everyone logging onto your system.
   3. Red Teaming - Controlled "hacking" by security professionals who your organization has contracted
      for the identification of security risk.
   4. Risk management - plan for the attack.




The Political Quagmire
Module 5
The Lesson



The module learning objectives:

      To discuss opposing viewpoints (individual rights Vs law enforcement).
      To present specific recommendations.



Information Policy - The Political Quagmire

Do we need a national information policy?

If so, what forces will influence the process?

Can we look to history for clues?



A Historical Review

Was national policy challenged by the Industrial Revolution? If so, what did we learn? Did the Cold War
challenge national policy? What unique challenges does the Information Revolution pose?

It is reasonable to suggest that our society is becoming more dependent on information systems. In an effort to
better understand policy challenges of the emerging Information Age, it may be useful to consider our nation's
reaction as it transitioned into the industrial age. Such an analysis may yield similar policy concerns, i.e. state
Vs individual rights.



Policy Challenges of the Industrial Revolution: The Lochner Period

Looking to the U.S. Supreme Court and the period of 1905-1937 (Lochner Period), we see that our nation was
challenged by the industrial revolution in much the same way as the Information Revolution does today. In
1905 the Supreme Court considered the case of Lochner Vs New York, where the court struck down a New
York law that prohibited the number of hours a week bakers could be contracted to work. This profound legal
finding shifted the balance of rights toward free enterprise; thus, the term the Lochner Period. The essence and
impact of this period cannot be understated.
Policy Challenges of the Industrial Revolution: Before the Lochner Period

Before the Lochner Period (circa 1897) our nation subscribed to a policy of laissez-faire economics. In 1897,
laissez-faire became the operative policy as a result of the Allgeyer Vs Louisiana decision. Laissez-faire was
basically the principle of protecting business from unreasonable regulation, i.e. to advance the Industrial
Revolution. The important point is, America has and will continue to promote free enterprise. Free enterprise
developed our nation's industrial strength and positioned our country for its role as a world leader. Therefore, it
should come as no surprise that industry will continue to leverage considerable influence in any national
debate.



The Period 1934-1996

Looking to the period between 1934-1996 and telecommunications legislation, we see that economics drove
the political agenda. The national communication system (AT&T) was built upon the power infrastructure
provided by the Rural Electrification Act. However, as technology and competition developed our nation
witnessed the break-up of AT&T. AT&T's break-up was driven by industry as the market nature of our
economy prevailed. The most recent and potentially dramatic change came with the Telecommunications Act
of 1996, where competition is virtually open to all, and for the first time the operative word is information, and
not television, telephone, or anything else.



Cold War Policy Challenges

The threat of complete and total destruction challenged all sectors of our civil and government infrastructure.
For the first time in history a nation could completely, without notice, destroy another nation. In time, solutions
were developed to protect against this danger. Most of these solutions relied upon inter-working relationships
between not only nations, but between governments and their civilian sectors. The Information Revolution
poses a new threat against our political, economic, and industrial infrastructure. Once we worried about
national secrets; now we must be concerned with industrial secrets. Hostile forces will use the information
infrastructure to extract trade secrets critical to an industry's competitive edge.



The Issue of Privacy

Privacy is one of the most interesting of individual rights. The term itself does not appear within the
Constitution or the Bill of Rights and is often referred to as an implied right The balance of an individual's
right to privacy has shifted with time as our courts have interpreted our founding father's intention. Today
many argue that the right to privacy need not be specifically addressed by the Constitution as it is one of the
most basic of rights granted by the creator of which this government was formed to protect. Nonetheless, our
policy makers will be driven to accelerate the privacy debate as Americans come to realize the overwhelming
capabilities of modern computer systems to gather and analyze personal data and reveal personal information
many of whom do not want disclosed. What ever your personal or business perspective, this aspect of the
public debate will be key to future policies. It is imperative that all viewpoints be considered and an equitable
policy emerge; otherwise, our nation will experience a protracted period of legislation vs. court review which
will only serve to the benefit of our nation's adversaries. Consider issues of privacy in Cyberspace using the
following rule of thumb:

Currently two tests exist to determine if privacy has been violated:

1. Does the individual or company expect the information to be private, (subjective expectation of privacy)?
2. Is society willingl to grant that expectation?


The Threat of Perception Management

Third world nations are developing a tactic referred to as the Aideed Model. This model is named after the
Somalian War Lord whose unique strategy of turning a nation's information infrastructure against itself
through active perception management led to the defeat of the world's best equipped military. The Aideed
Model is particularly attractive as the budget for executing such an operation is typically smaller than that of an
intercity street gang. This, among other recent examples, prove that factions hostile to the interests of the
United States do not need to engage in traditional military force-on-force in order to exert their will upon a
superpower.



Historical Conclusion

From a policy perspective, our nation is undergoing a change not unlike the Industrial Revolution, with many
of the same issues reemerging for debate. This does offer a good perspective for policy makers as a
benchmark. However, unlike our transition into the industrial age, the current transition challenges our policy
makers much like the Cold War period in that solutions rely on cooperative efforts between government and
the civilian sector. Further complicating information policy is the possibility that our form of democracy may
be challenged as never before. That said, history suggests there are two great dilemmas. As in the past, two
themes help to identify critical policy issues: equality for all and the power of government Vs the individual.
Now, as in the past, the solution lies in a delicate balance between the people, government, and industry.



What Did We Learn From the Industrial Revolution?

The major points from our brief historical review are:

      Historically, national policy has supported industrial growth through free enterprise.
      Privacy has and continues to be a major issue.
      Just as in the past, national policy makers are faced with two great dilemmas:
           o Ensuring equal rights.
           o Separation of individual vs. national government rights.
What Did We Learn During the Cold War?

   1. Information Warfare threatens many of our national infrastructures (political, economic, and industrial),
      in much the same way nuclear weapons did during the Cold War. Nuclear weapons threatened loss of
      service through mass destruction whereas IW threatens through the net attack.
   2. In both cases, the solution depends on a government, industry, and civilian joint effort. Our nation's
      (information/infrastructure) civil defense relies on cooperation.



What is Unique About the Information Revolution?

   1. The impact of a connected America (an immediate human viewpoint sensor) on the national policy
      process.
   2. The ability of an adversary to manage the American perspective.
   3. Unlike nuclear or conventional weapons, it is often impossible to detect an Information Warfare attack
      until it is too late. Further, the adversary can hide within Cyberspace.
   4. Government has much less influence as compared to its influence during the Industrial Revolution and
      Cold War period. As a result, government must lead from behind by providing sound, accurate advice
      to the public and industry.



The Various Perspectives of Information Warfare

These are the various perspectives of IW:

      Personal
      Corporate
      Justice
      Treasury This perspective is the same as for the Dept. of Justice.
      DoD
      Commerce

      Intelligence - this data unavailable in the beta version.

Summary. The focus for change must come from Congress. The issues associated with defending
America in the age of information can only be equitably debated through this branch of government.
This is not to suggest that the President and the Judicial branch will not play a major role; they will.
Congress will have to take the lead in forging new policy as our nation enters the 21st century.

Role of the President: direct the Executive branch departments and agencies to provide critical information
(data) for use by Congress, Industry , and the public in forming the national debate. The Executive branch must
provide a clear representation of the Threat that IW poses to our nation's infrastructure. Further, the President
must ensure that any technical skills and associated knowledge resident in the U.S. Government is available to
industry and Congress for their use in formulating national information policy.

Role of the Supreme Court: The Supreme Court will, as it has in the past, ensure that legislated policy does not
encroach on the rights of Americans. Just as the Supreme Court played a major role in interpreting legislation
as America entered the Industrial Revolution, it will do so for the Information Revolution. However, history
has shown that such interpretations are molded over time as society's needs and perspectives change. For
example, the balance between economic rights and the needs of business.

Role of industry: Corporate America will be called upon to provide a realistic view of industry's security needs.
This view is currently not possible as most of corporate America is either fearful of disclosing the extent of the
threat, or is unaware of the intentions of its adversaries. To remedy this, the President must commit America's
intelligence community to directly providing relevant indications and warnings to industry. Congress must
engineer a policy where industry is required to report the number and nature of IW attacks against its
infrastructures. Such disclosures by industry must be protected to guard against the erosion of public
confidence.

Role of the individual: The Internet is growing exponentially. Within it there are many references to the
sanctuary of cyberspace. There have been declarations of cyber independence and calls for a hands-off by
governments. People of the world are experiencing for the first time what Americans have taken for granted:
Freedom of Speech. The ability to publicly voice one's opinion is bringing a passion to the Internet that is
indescribable. Non-Americans are naturally hesitant to embrace any government association with the Internet.
However it must be remembered that it was America, specifically the U.S. Department of Defense, that made
the Internet possible. According to the Declaration of Independence, America's government is formed by its
people to protect the rights granted by the Creator. This brings us to one of the most fundamental arguments of
society (State):when do the rights of the many outweigh the rights of the few? This issue has been argued since
the dawn of logical thought. Our policy makers (President and Congress) must receive a balanced view from
their constituents. Often our nation has applied the oil only to the squeaky wheel. The Congress must initiate
public community debates to help bring the message to Washington. When called individuals must educate
themselves to the issues and voice their opinion.

Lessons from the Past

Look to our nation's transition during times of great change, e.g., the industrial revolution, the Great
Depression, and the nuclear threat (Cold War). During each period the concept of free enterprise provided the
technical means to a solution. Likewise, each transition required a new assessment of the balance of rights.
Looking more recently to the second half of the 20th century, it can again be illustrated that free enterprise
enabled America to become the global leader in technology.

Specific Lessons from History

    1. Legislative actions have historically supported economic and industrial growth.
    2. The mean trend of U.S. Courts has been to lean toward the rights of the individual. The right to privacy
       has and will continue to be at the center of such debates.
    3. The technical solutions to all of America's needs have come from the industrial sector. History has
       shown that with the encouraging government policy the pace of development can be greatly
      accelerated, e.g., America's race for the moon in the 1960's.
   4. Look to the benefits of AT&T's divestiture. What other aspects of America's critical infrastructure
      could benefit from similar considerations, i.e., electric power distribution?
   5. Consider the recent cases involving free speech; for example the Philadelphia Court striking down
      legislation on indecency. What can be learned from this? Was Congress reactive or proactive? Were
      legislators responding to impulse demands of a minority? Congress must carefully consider the
      implications of oiling the squeaky wheel, as this may lead to action without thoughtful representation.




IW Weapons
Module 6
The Lesson



Notice: Due to the sensitive nature of this section, the weapons presented are ones proposed by open
source (non-government) authors. The examples offered should only be considered as concepts to
stimulate your thoughts on "what-if' possibilities.

THIS PRESENTATION NEITHER CONFIRMS NOR DENIES THE EXISTENCE OF SUCH WEAPONS!

The module learning objectives:

      Explain and define the types of weapons that can be used to conduct Information Warfare.
      To understand that each IW weapons could be used as a strategic national, theater strategic, operational,
       or tactical weapon.



IW weapons include the following:

                       Malicious software               Chipping
                       Back doors                       Electromagnetic pulse weapons
                       Destructive microbes             Van Eck radiation
                       Cryptology                       Spoofing/Authentication
                       Video morphing                   Psychological operations
                       Attacks on the banking system Disruption of air traffic control
                        Denial of service                 Stand-off and close-in sensors
                        Decision support


Malicious Software

Viruses, worms, and Trojan horses, falling under the category of malicious software, are perhaps the most
frequently talked about information warfare weapons in the popular media. Although these weapons have the
potential to cause great damage, there is no clear method for effectively targeting and controlling these
weapons. Once a virus is let loose, it is just as likely to infect friendly information systems as it is to infect
enemy information systems.



Chipping

Chipping is the practice of making electronics chips vulnerable to destruction by designing in weaknesses. For
example, certain chips may be manufactured to fail upon receiving a specific signal.Anyone using these chips
could then be instantly devastated. Unfortunately,the problem here, once again, is how to get the right people
to use the affected chips.



Back Doors

Back doors are designed to defeat security protections. For example,the designers of the Clipper encryption
chip could possibly have built in a secret back door so that they can easily decode messages encrypted with the
chip.



Electromagnetic Pulse

Electromagnetic pulse weapons could be used to knock out enemy electronics equipment. Suitcase sized
devices have been developed to do just that.



Destructive Microbes

Researchers are also working on developing microbes which eat electronics components so that, in the event of
conflict, these microbes could be introduced into an adversary's electronics equipment to cause failure.
Van Eck Radiation

Van Eck radiation is the radiation which all electronic devices emit. Specialized receivers can pick up this
radiation and tap a wealth of information. Fortunately, there are various safeguards against this type of attack.



Cryptology

Cryptology is a weapon of information warfare designed to encrypt and crack secure communications
respectively. Despite significant advances in cryptography, cryptanalysis will continue to be an important
weapon aided by equally significant advances in computing power.



Spoofing

Spoofing is an attempt to send a falsified message to someone. For example, I could dial up a university phone
registration system pretending to be someone I have a grudge against, and drop their classes. Since these
systems are automated, all I need to know in most cases is a person's Social Security number and birth date.



Video Morphing

Video morphing is a weapon that could be used in a manner similar to that in the movie Forrest Gump to make
an enemy leader appear to say things he or she didn't in fact say, undermining credibility.



Psychological Operations

Psychological operations (PSYOP) using all available information means to form a desired public perception.
PSYOP benefits from the ability to conduct market research and analysis of regional data. As a result,
customized messages and be generated for each targeted sector of society. PSYOP was very successfully in the
U.S. re-instatement of Haiti's president.



Attacks on the banking system, Disruption of air traffic control, Denial of service

Various possible operations with obvious effects include knocking out telephone switches, crashing stock
markets, attacking electronic routers for rail system, attacking bank accounts, disrupting air traffic control, and
denying service with, for instance, a ping attack. Note: the "ping attack" gets its name from old age sonar
techniques. Within a network, a computer can send systematic queries to all addresses and analyze the
associated return time, very similar to sonar. Net groups with similar times of return and be associated into a
hierarchical structure.



Stand-off and close-in sensors

For military applications, the use of stand-off and close-in sensors to gather data could be considered an
information warfare weapon.



Decision support

As in any decision process the more information available the higher the probability of arriving at a useful
solution. Likewise, computer decision support is also a key weapon in information warfare and especially in
defensive information warfare. Decision support can be used to detect attacks, identify the type of attack,
generate defensive options, evaluate options, and perform damage assessments. In a similar manner, an
adversaries decision support system can be delayed, or disrupted with erroneous data.



Summary

Information Warfare Weapons fall into three categories: Strategic National, Strategic Theater, Operational, and
Tactical. Each category has its own unique capabilities and thus requires different safety mechanisms to
prevent inadvertent release. Consider nuclear weapons. They too can be employed to support a tactical, theater
and/or strategic objective. However, nuclear weapons must ultimately be released for use by the President and
usually by recommendation of the National Security Council. IW weaponry is very similar, but there are
exceptions.

The Commander In Chief (CINC) will always implement the directions of the President. IW weaponry
supporting non-military elements of power or that fall into the category of national strategic will all require
NSC approval. However, operational control of IW weapons which support classic C2W has been delegated to
the CINC for implementation. Likewise, traditional theater level Electronic Warfare (EW) or PSYOP that is
enhanced by IW capabilities fall under CINC authority as well.

National Strategic IW weapons, will be released by the president upon recommendation of the NSC. For
example, a computer virus that would cripple a nation's monetary system or may seize control of international
satellites must be controlled by either the President (SECDEF if authority has been delegated). Justification: a
response in-kind would have a direct impact on the American homeland, i.e. the loss of sanctuary.

So who pulls the trigger? In general the command to launch an IW attack will at least be reviewed by the
National Security Council, possibly the President (weapon dependent), and ordered by the CINC. One must
remember that some strategic weapons will only be released on authority of the President. Note: during the
planning process the CINC will be the single person responsible for the overall campaign and will decide his or
her preferred weapons of choice, but just as in the case of nuclear weapons, IW weaponry will require a higher
lever of coordination and authorization for release.



Loss of Sanctuary
Module 7
The Lesson


The module learning objectives:

      Understand the concept of an Information (electronic) Pearl Harbor.
      Understand loss of sanctuary.



Historical Review




                                                        What was Pearl Harbor? A strike at the heart of
America.

Why Pearl Harbor? Japan wanted to eliminate the US's ability to project power in the Pacific.
How do countries today project power?

      Politically
      Economically
      Military option removed



Another Consideration

Why are Third World nations so desperately seeking weapons of mass destruction (WMD)?

Many nations do not have the resources to maintain a powerful military force. WMDs, such as nuclear,
biological, or chemical weapons present an economically viable alternative for security.

What was wrong with Japan's WWII strategy and recent efforts by Third World nations? Pearl Harbor ensured
a response from the United States. Japan wanted to erase the U.S. Pacific military threat. They, of course, did
not accomplish that. Iran, Iraq, Libya, and others want to reduce the effectiveness of American military
influence, but they know doing so explicitly and deliberately would result in war.



An Effective Information (electronic) Pearl Harbor

An Effective Information (electronic) Pearl Harbor So what would an effective Information Pearl Harbor look
like? Today, our critical infrastructures consist of the transportation, power, and industrial networks. These all
could be likely targets.

The U.S. may find it difficult to use military force in response to an Information Pearl Harbor-type attack. It is
difficult for the U.S. to retaliate using military action when the country did not suffer loss of life and cannot
even determine who to target.



                                Weapons Choice From a Non-US Perspective

                Force Deployed        Relative Expense              Anticipated Response
            Military deployment       Very high           In kind. US would dominate.
            Nuclear                   High                Possible in-kind. US would win.
            Chemical/biological       Medium              Definite military response. US would win.
            IW infrastructure attack Low                  US can't ID attacker. Can't retaliate.
Information Pearl Harbor Summary

   1. Many developing nations are seeking to level the field with respect to the basic elements of power.
   2. Most nations have started advancing their economic and political development, and thus are seeking to
      increase their international status.
   3. No nation on earth can afford to challenge the U.S. militarily. IW can level the field.
   4. The political, economic, and military reaction to an IW Pearl Harbor is an acceptable risk to an
      attacking nation.
   5. Therefore, it is reasonable to assume that the next Pearl Harbor will be against a critical aspect of
      America's infrastructure. Further, it is reasonable to suggest that this attack will be launched via
      cyberspace.




The Military Perspective
Module 8
The Lesson


The module learning objective:

      To examine Information Warfare from the military perspective.



The Military Perspective - War Fighting in the Information Age

Carl von Clausewitz reasoned that commitment to war merges from the confluence of three characteristics or
tendencies: the people, the military, and the government. He suggested that when these three components unify
around a common purpose to be achieved by force of arms, an interactive trinity emerges that produces the
national will to fight.

This suggests the following formulation:

National Will = Will of the People + Will of the Military + Will of the Government

This proposition has been supported in the emerging information age. For examples look at Somalia and Haiti.
Information had the power to break the will of the people.
The Military - Planning For Future Conflict

Our military must assume that future conflicts will be viewed real-time in the homes of every American. War
must be quick, decisive, and limit civilian casualties to few or none.

Furthermore, because of our system, the military and political leadership cannot lie or deny access to the
American press.

Does the Information Age offer any positive advances to the military?

Yes.

These include: immediate battlefield awareness, precision weapons, and most importantly, new non-lethal
weaponry. However, we must understand America's potential adversaries may have the same capabilities.
Therefore, many believe future conflicts will be waged on the information plane.



Why Will the Military Choose Information Warfare?

Consider infrastructure as a target; power plants, communications facilities, factories, petroleum pipelines,
transportation systems (air, sea, rail). All are either currently or will soon be operated and managed by
computers. Computers that receive critical sensing and requirement changes via the net. Therefore, by
attacking or taking control of the net an adversary controls the infrastructure.

A nation's air force may take out an air defense system using a computer virus in lieu of an iron bomb. It's
cheaper, quieter, and safer. And it is psychologically more effective!



Infrastructure

A nation's infrastructure can be exploited, disrupted, or destroyed by infiltrating the computer networks that
control such. Many ask will an army still be required to occupy a nation to impose its will? In total war, most
likely; however, in the emerging age of economic warfare occupation can be achieved by precipitation a
condition conducive to a leveraged buy-out, i.e., foreign corporations with the assistance of their government
will simply procure critical portions of an enemy's infrastructure. As a result, ultimate control can be achieved
through the corporate board room.

Remember, the trinity concept offered by Clausewitz: a nation's will is a combination of the people's,
military's, and government's will. The people will as always desire a non-military solution to challenges of
national interest. The information age offers many non-military options for exerting national will.

IW offers a new peace time application of warfare. A new type of infrastructure attack focused against a
nation's political, economic, and social infrastructure.



Economic Warfare - Taking Away a Nation's Ability to Produce and Trade for Needed Commodities

An old quote:

The greatest happiness is to vanquish your enemies, to chase them before you rob them of their wealth, to see
those dear to them bathed in tears, to clasp to your bosom their wives and daughters. Genghis Khan

Today, translated by America's competitors:

The greatest happiness is to crush your American competitor, to chase them before you, to rob them of their
market share, to clasp to your income statement their former sales revenues, and to hear the lamentations of
their stockholders. Asian Strategy


The Military Perspectives of Information Warfare

You can examine each service's perspective on IW:

      Army
      Air Force
      Navy




Recommendations
Module 9
The Lesson


The module learning objective:

      To examine recommendations for a national policy on Information Warfare.



Directions
Congress is being pulled in all directions by these groups:

       Supreme Court
       Industry
       Individual citizens
       Defense
       Foreign interests
       Law enforcement
       Special interest groups

Although a political solution has not been identified, it does exist. The path toward the answer can be
significantly narrowed. The historical evolution of our constitutional rights provides the reliable road map. Our
country's Constitution, legislative enactment, executive orders, and Supreme Court rulings form the boundaries
within which future policies.

Congressional leaders will be challenged to set upon the path to deriving legislation that secures our nation's
critical infrastructures. In doing so our nation's leaders will have to pay close attention to the following
influences. Otherwise, the legislative process will become bogged down in debate or litigation and much
needed legislation will ultimately be delayed.

       First, fourth and fourteenth amendments
       Individual citizens
       Special interest groups
       Law enforcement
       Defense
       Lochner lesson
       Industry
       Foreign interests
       Supreme Court rulings



Finding the Path

Finding the path consists of:

   1.   Identifying the problem (threat) and opportunity.
   2.   Determining a process (committee structure).
   3.   Gathering information (who has interest and what are those interests?).
   4.   Forming a strategy (review of draft legislation).
   5.   Implementing the strategy.



The Next Step
The IW threat has been identified and the process of reporting such is on-going. The next step, Determining a
Process, has been done by the formation of a presidential bipartisan committee (commission) on securing our
Nation's critical infrastructures.

This committee will focus on protecting those infrastructures critical to national defense and preserving the
American way of life; however, in doing so issues that resonate at the core of each American's individual right
to freedom will have to be considered. Groups which support various positions during these debates will have
to carefully formulate their strategy to insure that the needs of their constituents are addressed.



What is the Problem (an example in problem solving)?

This may sound elementary, but one of the most difficult aspects of problem solving is correctly identifying the
problem, or determining what really needs to be fixed. Interestingly, the threat of an informational attack itself
is not the central issue. Depending upon the specific target infrastructure the central issue may be one of
several: knowing the event has occurred, motivations of the attackers, the loss of service, or the attacker's
ultimate goal (which could be the second or third order effect).

The following example is offered as a mental exercise to help illustrate that identifying the central issue is not
always easy and that often solutions are sought that do not solve the actual problem.

The Scenario

The setting is a college class room.

On the first day of a freshman engineering class thirty students have filled the room, confident that they have
the ability to become world-class engineers. The instructor introduces himself and displays the following sign
for the student's consideration:




The instructor asked two questions, with the first being What is the problem? After about twenty minutes, the
students were ready to present their analysis. The students finally decided that the following was the problem:
the bridge freezes before the road surface.

The second question was, What is the best solution? There was little consensus. The students devised clever
solutions to the problem. Here are some of their creative solutions:

      An automatic salt dispenser that operates during freezing conditions.
      Keep bridges dry with an inexpensive covering.
      Heat the bridge during the winter months.

The Result

So, two questions were asked: What is the problem? and What is the solution? Obviously, the students did not
get either question correct. As the students continued to work on this assignment, the voice of a young lady
emerged from the back of the room.

The sign is the solution, she said.

The instructor then asked, What is the problem?

She replied that the problem is not the bridge freezing. It is the fact that a driver who is not paying attention
and traveling on a surface with good traction suddenly reaches an area where the road surface is icy. The
problem is the unsuspecting driver, not the freezing bridge.

Therefore, the sign is the solution as it makes the driver aware of a potential hazard. She was right!



Example Summary

The example was given to illustrate how easy it is to arrive at a solution to the wrong problem and miss the
issue. Look at the recent Indecency Law passed by Congress and struck down by a Philadelphia Court as
unconstitutional. The law sought to stop the posting of pornographers from being accessed by minors via the
Internet. Did the engineers of this legislation lose focus of the real problem? As a young person, did you ever
see pornography? Is the material the problem, its mode of publication, or its manufacturer?

As our nation enters the age of information many different issues will come into play: privacy, free speech, law
enforcement, etc. Our congressional leaders (more importantly their staff members performing the analyses)
will have to remain constantly aware that it is easy to diverge from the core issue, which is the national
security threat posed by IW. The IW threat will raise many issues for congressional review. Not all of these
issues deal with national security. Congress and executive agencies must continue to keep the national debate
focused upon securing America. Only then can our nation adequately deal with the more social aspects of the
emerging information age.

Here is a recommended rule of thumb. If you are suggesting a solution ask yourself, Why would I want to do
that? Continue asking yourself until you arrive at a basic, repeating conclusion. Considering our students in the
example and their initial solutions. Would they have come to closure more quickly had they asked the simple
question, why? Would Congress have passed the recent Indecency Law had they done the same?
Summary and Conclusions
Module 10
The Lesson


The module learning objective:

      To summarize and draw conclusions from the previous lessons.



Module 1 Summary - How Did We Get Here?

   1. The Internet was born from a DoD requirement for a survivable communications system. As a result
      the Global Information Infrastructure (GII) which utilizes the Internet protocol is evolving into a robust
      information sphere where individuals are discovering a political and social freedom never before
      available. There is an evolving new indestructible cyberspace where individuals are free from race,
      color, age, or sexual bias; only one's ideas matter. Our planet is undergoing an information revolution.
      Module 1 illustrates what many call the nuclear model. This reference suggest that just as the threat of
      nuclear war forced America to develop new national policy focused on defending America from a new
      threat, so does the emergence of an Information Warfare threat establish a need for an Information Civil
      Defense. Such an IW Civil Defense would consolidate national policy to protect America's critical
      infrastructures (communications, power, financial, transportation) from attacks launched via the net.
   2. A comparison between now and then: The Internet concept (ARPANET) was born from a Cold War
      requirement when the United States government leveraged over 90% of all telecommunications
      research. As a result, the Internet protocol (TCP/IP) was accepted by industry and academia. Today, the
      Internet offers a viable market place rich for corporate and public investment. With the end of the Cold
      War, the United States government now contributes less than 10% of telecommunications research
      funds.
   3. Once capable of supporting an independent communications network, the Department of Defense
      enjoyed the security of a dedicated and redundant network. However, faced with diminishing defense
      budgets and a rapidly expanding commercial telecommunications infrastructure, DoD is now
      economically forced to rely on the Public Switched Network, a network that has been demonstrated to
      be vulnerable to information attack. For the first time in history, DoD is critically dependent upon an
      infrastructure that it does not control or influence. This begs the question, "Who will be responsible for
      securing America's critical infrastructures?" And for the first time, DoD and the intelligence
      community must grapple with the concept of leading from behind, where contributions to the national
      debate are to provide accurate, sound advice on what constitutes the Threat, and which entities are
      positioning themselves to take advantage of America's critical infrastructures.
Module 2 Summary - The Threat

   1. Why is Information Warfare a threat? IW levels the international playing field (political, economic, and
      military), i.e., most nations cannot challenge American policy using traditional force-on-force.
      Information Warfare is very cost effective, and offers a non-attribution capability that can be
      completely hidden during development and deployment. Finally, the United States, whose policy is
      often the target of attack by emerging or rogue states, is the most vulnerable to IW.
   2. DoD analysis suggests that when 95% of government networks were subjected to informational attacks,
      less then 5% were detected. Further, of the 5% detected, very few are successful in closing the hole to
      future attacks.
   3. The groups posing the threat to America's critical infrastructure are:

                               Threat                                  Threat Level
        Individual Hackers                                      Low lever threat (nuisance)
        Coordinated hacking (Instructor/tutor)                  Low/Med level of threat
        Funded, coordinated (focused, employed)                 High level
        State sponsored, focused (Intel provided, spec tasking) Extremely High

   4.
      A new management philosophy is needed.
   5. Old Business - New Focus (Spies of the 21st century). As security products become available to the
      public and commercial sector the focus of international espionage will be redirected from the individual
      with access to desired information toward the network system administrator. Just as any industry seeks
      the most bang for the buck, so will foreign case officers seek to target the system administrators of key
      computer systems. This threat transcends the traditional focus and will expose virtually every aspect of
      American society. In the past corporations needed only to enforce strict security upon those facilities
      handling classified government material. The spies of tomorrow will target institutions such as banking
      (ATM, investment), transportation (Federal Express, UPS, rail, trucking) and industry (chemical,
      power, computer, etc.).
   6. The new business of spying. As the world enters the information age, international economic
      competition will become more fierce. Nations will set as a national priority the goal of acquiring
      America's customer base. Industrial espionage will escalate into industrial sabotage. For example, a
      foreign power may recruit a critical software or hardware engineer in an effort to implant destructive
      code that can be remotely triggered. The focus of such an attack may be as simple as to force a general
      product recall, and the timing of the execution could coincide with a critically weak period for the
      company. Thus a simple failure that forces a product recall may precipitate a disastrous fall of stock
      prices and takeover of the company. (Industry will need to re-think its current security practices and be
      more aware of the threat posed by grieving and/or disgruntled employees)



Module 3 Summary - DoD Roles and Missions

   1. America's military is in the process of aligning itself as the Cold War threat diminishes. Tomorrow's
      military will continue to stand ready to defend America if faced with the traditional two major regional
      conflicts scenario; however, it will be forced to do so with fewer resources. Economizing will be sought
      through advanced Command and Control Warfare. Further, America's military will be more likely to
      operate with a global reach utilizing new strategic offensive information warfare. Tomorrow's military
      will prepare the theater of conflict by seizing control of all critical infrastructures utilized by the enemy.
      Tomorrow's enemy will only be able to communicate, finance, or logistically relocate that which our
      leadership allows. Our adversary will be blinded by a complete cyberfog of war.
   2. Just as these new weapons for peace are being developed, so are the controlling mechanisms. Currently
      the Joint Chiefs of Staff has both an offensive and defensive group addressing these very issues.
      Mechanisms are currently in place and being honed to ensure that each new strategic weapon is
      controlled within the required authority for release.
   3. From the defensive perspective, DoD is currently inhibited as its mandated authority prohibits
      involvement in securing the public and corporate sector of America's critical infrastructure. This offers
      the greatest challenge to future military leaders, as they have little influence in securing a vulnerable
      America which is open to an Information Pearl Harbor. Just as America pulled together a nation
      threatened by a cold war, our nation's leaders must define America's Information (infrastructure) Civil
      Defense.



Module 4 Summary - Information Assurance

To expand the DoD perspective of securing America from groups that wish to influence U.S. policy throughout
infrastructure attacks, our nation's leadership, both political and industrial, must define a process by which
America can be secured. The National Information Infrastructure will be used by tomorrow's enemies to gain
access and attempt to control or influence our nation's critical infrastructures. Policy makers will be faced with
the challenge of respecting and balancing the basic rights of Americans. For example, a balance between the
right to privacy vs. law enforcement represents one of many issues which will be hotly debated. However,
there is one positive aspect; the threat posed to America's infrastructure via IW attacks is by its nature non-
partisan. The threat is real and is focused against all of America. As a result, our political leaders will come to
closure on this issue much more quickly. This contrasts sharply with the health care debates of the early 90's
which ended with few positive results.

The key to Information Infrastructure security is clearly defined by our forefathers:

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator
with certain unalienable Rights, that among these are Life, Liberty, and the pursuit of Happiness. That to
secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the
governed. That whenever any Form of Government becomes destructive of these ends, it is the Right of the
People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and
organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.

Our forefathers believed that individual rights were granted by God and secured by government. Our nation's
leaders will be challenged to find the right balance - this represents the heart of the debate in securing America.
Module 5 Summary - The Political Quagmire

The focus for change must come from Congress. The issues associated with defending America in the age of
information can only be equitably debated through this branch of government. This is not to suggest that the
President and the Judicial branch will not play a major role; they will... Congress will have to take the lead in
forging new policy as our nation enters the 21st century.

Role of the President: Lead from behind by directing the Executive branch departments and agencies to
provide critical information (data) for use by Congress, Industry, and the public in forming the national debate.
The Executive branch must provide a clear representation of the Threat that IW poses to our nation's
infrastructure. Further, the President must ensure that any technical skills and associated knowledge resident in
the U.S. Government is available to industry and Congress for their use in formulating national information
policy.

Role of the Supreme Court: The Supreme Court will, as it has in the past, ensure that legislated policy does
not encroach on the rights of Americans. Just as the Supreme Court played a major role in interpreting
legislation as America entered the Industrial Revolution, it will do so for the Information Revolution.
However, history has shown that such interpretations are molded over time as society's needs and perspectives
change. For example, the balance between economic rights and the needs of business.

Role of industry: Corporate America will be called upon to provide a realistic view of industry's security
needs. This view is currently not possible as most of corporate America is either fearful of disclosing the extent
of the threat, or is unaware of the intentions of its adversaries. To remedy this, the President must commit
America's intelligence community to directly providing relevant indications and warnings to industry.
Congress must engineer a policy where industry is required to report the number and nature of IW attacks
against its infrastructures. Such disclosures by industry must be protected to guard against erosion of the public
confidence. Today many nations desire U.S. military products, tomorrow they will want American security
products that protect critical infrastructure. If our nation's policy makers pass legislation that encourages the
will of American industry, the "Made in America" label will appear on security systems world wide.

Role of the individual: The Internet is growing exponentially. Within it there are many references to the
sanctuary of cyberspace. There have been declarations of cyber-independence and calls for a hands-off by
governments. People of the world are experiencing for the first time what Americans have taken for granted:
Freedom of Speech. The ability to publicly voice one's opinion is bringing a passion to the Internet that is
indescribable. Non-Americans are naturally hesitant to embrace any government association with the Internet.
However it must be remembered that it was America, specifically the U.S. Department of Defense, that made
the Internet possible. According to the Declaration of Independence, America's government is formed by its
people to protect the rights granted by the Creator. This brings us to one of the most fundamental arguments of
society (State): when do the rights of the many outweigh the rights of the few? This issue has been argued
since the dawn of logical thought. Our policy makers (Congress and the President) must receive a balanced
view from their constituents. Often our nation has applied the oil only to the squeaky wheel. The Congress
must initiate public community debates to help bring the message to Washington. When called individuals
must educate themselves to the issues and voice their opinion.
Lessons from the Past

Look to our nation's transition during times of great change, e.g., the industrial revolution, the Great
Depression, and the nuclear threat (Cold War). During each period the concept of free enterprise provided the
technical means to a solution. Likewise, each transition, required a new assessment of the balance of rights.
Looking more recently to the second half of the 20th century, it can again be illustrated that free enterprise
enabled America to become the global leader in technology. The voices of our forefathers offer guidance; if
only we would listen.

Specific Lessons from History

    1. Legislative actions have historically supported economic and industrial growth.
    2. The mean trend of U.S. Courts has been to lean toward the rights of the individual. The right to privacy
       has and will continue to be at the center of such debates.
    3. The technical solutions to all of America's needs have come from the industrial sector. History has
       shown that with the encouraging government policy the pace of development can be greatly
       accelerated, e.g., America's race for the moon in the 1960's.
    4. Look to the benefits of AT&T's divestiture. What other aspects of America's critical infrastructure
       could benefit from similar considerations, i.e., electric power distribution?
    5. Consider the recent cases involving free speech; for example the Philadelphia Court striking down
       legislation on indecency. What can be learned from this? Was Congress reactive or proactive? Were
       legislators responding to impulse demands of a minority? Congress must carefully consider the
       implications of oiling the squeaky wheel, as this may lead to action without thoughtful representation.



Module 6 Summary - IW Weapons

Information Warfare Weapons fall into three categories: Strategic, Theater, and Tactical. Each category has its
own unique capabilities and thus requires different safety mechanisms to prevent inadvertent release. Consider
nuclear weapons. They too can be employed to support a tactical, theater and/or strategic objective. However,
nuclear weapons must ultimately be released for use by the President and usually by recommendation of the
National Security Council. IW weaponry is very similar, but there are exceptions.

The Commander In Chief (CINC) will always implement the directions of the President. In such a capacity
certain IW weapons can be left to the discretion of the CINC for implementation. Likewise, traditional theater
level Electronic Warfare (EW) or PSYOP that is enhanced by IW capabilities fall under CINC authority.

Strategic IW weapons however, will most likely be reserved for release by the highest level. For example, a
computer virus that would cripple a nation's monetary system or may seize control of international satellites
must be controlled by either the President (SECDEF if authority has been delegated). Justification: a response
in-kind would have a direct impact on the American homeland, i.e., the loss of sanctuary.

So who pulls the trigger? In general the command to launch an IW attack will at least be reviewed by the
National Security Council, possibly the President (weapon dependent), and ordered by the CINC. One must
remember that some strategic weapons will only be released on authority of the President. Note: during the
planning process the CINC will be the single person responsible for the overall campaign and will decide his or
her weapons of choice, but just as in the case of nuclear weapons, IW weaponry will require a higher lever of
coordination and authorization for release.



Module 7 Summary - Loss of Sanctuary

America has the strongest, most capable military in the world. This fact challenges many nation's objectives
which conflict with American policy. No nation has the capability to challenge the United States using
traditional force-on-force. Further, the acquisition of weapons of mass destruction by such nations is also
considered futile, as America's response would be direct and massive. This leaves many developing nations
with few options in countering America's military force. That was until the introduction of Information
Warfare.

Many nations in competition with the United States, either in the political or economic realm, are actively
developing IW capabilities. They hope to use these capabilities to gain an industrial edge by stealing U.S.
industrial secrets, and when possible disrupt America's industrial base.

America possesses many infrastructures: power, transportation, economic. But there are others not normally
considered. Our nation possesses a knowledge infrastructure where critical scientific information is freely
shared between academia, government, and industry. This infrastructure, like others, is open to attack by IW
weapons.

America has typically enjoyed a protected sanctuary provided by the two great oceans. Not until Pearl Harbor
and the subsequent nuclear threat did America become aware of it's loss of sanctuary. With the fall of the Iron
Curtain and the end of the Cold War, Americans have returned to believing in a new protected sanctuary. This
is far from the truth. Daily, America's critical infrastructures are being probed and investigated by foreign
powers. Our nation's industries currently lack the capability to adequately detect the implantation of IW
weapons into our infrastructure.

Many nations are looking for ways to attack our financial networks to gain economic advantage. Likewise our
industrial base is under attack. Cyberspace has no geographic boundaries. Nations are contracting the efforts of
cyber-terrorists to maintain non-attribution. It is possible that some nations we traditionally consider allies and
friendly are set on a path of economically and industrially conquering America.

America's sanctuary has been lost. Our nation is under a quiet, sometimes organized attack by many forces
whose goal is to topple America's global position.



Module 8 Summary - The Military Perspective

The military perspective on the beta version of this tutorial was composed from various unclassified briefings
and presentations. Each service has been distributed the beta version with the intent of providing input into the
final version due in October 1996. As you explore the military perspective please remember that military
offensive aspects of IW cannot be discussed openly. Nonetheless these efforts are ongoing!

Just as America's military transitioned into the industrial age and adopted the concept of mechanized war, so
will it adapt to warfare in the information age. That said, the transition will not be easy. Just as military leaders
resisted accepting a mechanized calvary and concept of an Air Force there will be great hesitation to adopt IW.
By its nature any military must adhere to tradition and order. How else can a person be commanded into
combat? But tradition typically stalls advancement of new technologies. America's military will become
tomorrow's information warriors, and when future military leaders look to this period they will again wonder
why acceptance of such an natural concept was hard to comprehend.

The Army has and will always command the ground aspect of warfare. The information revolution will
provide a battlefield (situational) awareness unimaginable today. The fog of war will be greatly reduced if not
totally eliminated. Likewise, offensive IW will render our nation's enemies dispersed and informationally
isolated. The enemy's fog will be extended to a complete blindness. All aspects of today's Army will be
enhanced by the information revolution.

The Navy and Marine Corps will continue to control the seas and provide the heavy strategic reach capability
America now enjoys. Global sensory networks will ensure the Navy has the capability to track any form of
naval enemy on a global basis. New information technologies will extend the track and reaction time of many
naval weaponry for both hard and soft kills.

The Air Force and its command of the skies will continue. Tomorrow's air defense weaponry and electronic
warfare will be unrecognizable to today's military leaders. The ability to precisely strike a hostile nation's
command and control, air defense, or critical infrastructures will be just a push-button away. If a hard kill is
required, the enhancement of IW will ensure the safety of our service personal and reduce the amount of
physical force necessary. Precision strike will place munitions on a target in ways now considered impossible.



Module 9 Summary - Recommendations

The nation is ready to debate the issue of Information Warfare and begin to decide that delicate balance
between protecting the individual rights and national security. For the past three years we have come a long
way. First the term Information Warfare was discussed, i.e., what does it mean. Then groups began to discuss
organization structure and identify needed policy. Today, insiders understand IW and its threat to America's
infrastructure. It is now time to mode the debate to the people and industry and answer the question, how do
we protect America's Critical Infrastructure form Information Warfare.

The following Executive Order was issues by President Clinton on July 15, 1996. It focuses the necessary
ingredients for the national debate:

WASHINGTON, July 15, 1996

Executive Order

Certain national infrastructures are so vital that their incapacity or
destruction would have a debilitating impact on the defense or economic
security of the United States.

These critical infrastructures include

 telecommunications,
 electrical power systems,
 gas and oil storage and transportation,
 banking and finance,
 transportation,
 water supply systems,
 emergency services (including medical, police, fire, and rescue), and
 continuity of government.


Threats to these critical infrastructures fall into two categories:

1. physical threats to tangible property ("physical threats"),

2. and threats of electronic, radio-frequency, or computer-based attacks
on the information or communications components that control critical
infrastructures ("cyber threats").

Because many of these critical infrastructures are owned and operated by
the private sector, it is essential that the government and private
sector work together to develop a strategy for protecting them and
assuring their continued operation.

     NOW, THEREFORE, by the authority vested in me as President by the
Constitution and the laws of the United States of America, it is hereby
ordered as follows:

Section 1. Establishment. There is hereby established the President's
Commission on Critical Infrastructure Protection ("Commission").

        (a) Chair. A qualified individual from outside the Federal
Government shall be appointed by the President to serve as Chair of the
Commission. The Commission Chair shall be employed on a full-time basis.

        (b) Members. The head of each of the following executive branch
departments and agencies shall nominate not more than two full-time
members of the Commission:

        (i)      Department of the Treasury;
        (ii)     Department of Justice;
        (iii)    Department of Defense;
        (iv)     Department of Commerce;
        (v)      Department of Transportation;
        (vi)     Department of Energy;
        (vii)    Central Intelligence Agency;
        (viii)   Federal Emergency Management Agency;
        (ix)     Federal Bureau of Investigation;
        (x)      National Security Agency.

One of the nominees of each agency may be an individual from outside the
Federal Government who shall be employed by the agency on a full-time
basis. Each nominee must be approved by the Steering Committee.
Sec. 2. The Principals Committee. The Commission shall report to the
President through a Principals Committee ("Principals Committee"), which
shall review any reports or recommendations before submission to the
President. The Principals Committee shall comprise the:

        (i)     Secretary of the Treasury;
        (ii)    Secretary of Defense;
        (iii)   Attorney General;
        (iv)    Secretary of Commerce;
        (v)     Secretary of Transportation;
        (vi)   Secretary of Energy;
        (vii)   Director of Central Intelligence;
        (viii) Director of the Office of Management and Budget;
        (ix)    Director of the Federal Emergency Management
                Agency;
        (x)     Assistant to the President for National
                Security Affairs;
        (xi)    Assistant to the Vice President for National
                Security Affairs.

Sec. 3. The Steering Committee of the President's Commission on
Critical Infrastructure Protection. A Steering Committee ("Steering
Committee") shall oversee the work of the Commission on behalf of the
Principals Committee. The Steering Committee shall comprise four
members appointed by the President. One of the members shall be the
Chair of the Commission and one shall be an employee of the Executive
Office of the President. The Steering Committee will receive regular
reports on the progress of the Commission's work and approve the
submission of reports to the Principals Committee.

Sec. 4. Mission. The Commission shall:

        (a) within 30 days of this order, produce a statement of its
mission objectives, which will elaborate the general objectives set
forth in this order, and a detailed schedule for addressing each mission
objective, for approval by the Steering Committee;

        (b) identify and consult with: (i) elements of the public and
private sectors that conduct, support, or contribute to infrastructure
assurance; (ii) owners and operators of the critical infrastructures;
and (iii) other elements of the public and private sectors, including
the Congress, that have an interest in critical infrastructure assurance
issues and that may have differing perspectives on these issues;

        (c) assess the scope and nature of the vulnerabilities of, and
threats to, critical infrastructures;

        (d) determine what legal and policy issues are raised by efforts
to protect critical infrastructures and assess how these issues should
be addressed;

        (e) recommend a comprehensive national policy and implementation
strategy for protecting critical infrastructures from physical and cyber
threats and assuring their continued operation;
        (f) propose any statutory or regulatory changes necessary to
effect its recommendations; and

        (g) produce reports and recommendations to the Steering
Committee as they become available; it shall not limit itself to
producing one final report.

Sec. 5. Advisory Committee to the President's Commission on Critical
Infrastructure Protection.

        (a) The Commission shall receive advice from an advisory
committee ("Advisory Committee") composed of no more than ten
individuals appointed by the President from the private sector who are
knowledgeable about critical infrastructures. The Advisory Committee
shall advise the Commission on the subjects of the Commission's mission
in whatever manner the Advisory Committee, the Commission Chair, and the
Steering Committee deem appropriate.

        (b) A Chair shall be designated by the President from among the
members of the Advisory Committee.

        (c) The Advisory Committee shall be established in compliance
with the Federal Advisory Committee Act, as amended (5 U.S.C. App.).
The Department of Defense shall perform the functions of the President
under the Federal Advisory Committee Act for the Advisory Committee,
except that of reporting to the Congress, in accordance with the
guidelines and procedures established by the Administrator of General
Services.

Sec. 6. Administration.

        (a) All executive departments and agencies shall cooperate with
the Commission and provide such assistance, information, and advice to
the Commission as it may request, to the extent permitted by law.

        (b) The Commission and the Advisory Committee may hold open and
closed hearings, conduct inquiries, and establish subcommittees, as
necessary.

        (c) Members of the Advisory Committee shall serve without
compensation for their work on the Advisory Committee. While engaged in
the work of the Advisory Committee, members may be allowed travel
expenses, including per diem in lieu of subsistence, as authorized by law
for persons serving intermittently in the government service.

        (d) To the extent permitted by law, and subject to the
availability of appropriations, the Department of Defense shall provide
the Commission and the Advisory Committee with administrative services,
staff, other support services, and such funds as may be necessary for
the performance of its functions and shall reimburse the executive
branch components that provide representatives to the Commission for the
compensation of those representatives.

        (e) In order to augment the expertise of the Commission, the
Department of Defense may, at the Commission's request, contract for the
services of nongovernmental consultants who may prepare analyses,
reports, background papers, and other materials for consideration by the
Commission. In addition, at the Commission's request, executive
departments and agencies shall request that existing Federal advisory
committees consider and provide advice on issues of critical
infrastructure protection, to the extent permitted by law.

        (f) The Commission, the Principals Committee, the Steering
Committee, and the Advisory Committee shall terminate 1 year from the
date of this order, unless extended by the President prior to that date.

Sec. 7.   Interim Coordinating Mission.

        (a) While the Commission is conducting its analysis and until
the President has an opportunity to consider and act on its
recommendations, there is a need to increase    coordination of existing
infrastructure protection efforts in order to better address, and
prevent, crises that would have a debilitating regional or national
impact. There is hereby established an Infrastructure Protection Task
Force ("IPTF") within the Department of Justice, chaired by the Federal
Bureau of Investigation, to undertake this interim coordinating mission.

        (b) The IPTF will not supplant any existing programs or
organizations.

          (c) The Steering Committee shall oversee the work of the IPTF.

        (d) The IPTF shall include at least one full-time member each
from the Federal Bureau of Investigation, the Department of Defense, and
the National Security Agency. It shall also receive part-time
assistance from other executive branch departments and agencies. Members
shall be designated by their departments or agencies on the basis of
their expertise in the protection of critical   infrastructures. IPTF
members' compensation shall be paid by their parent agency or
department.

        (e) The IPTF's function is to identify and coordinate existing
expertise, inside and outside of the Federal Government, to:

                (i) provide, or facilitate and coordinate the provision
of, expert guidance to critical infrastructures to detect, prevent,
halt, or confine an attack and to recover and restore service;

                (ii) issue threat and warning notices in the event
advance information is obtained about a threat;

                 (iii) provide training and education on methods of
reducing vulnerabilities and responding to attacks on critical
infrastructures;

                (iv) conduct after-action analysis to determine possible
future threats, targets, or methods of attack; and

                (v) coordinate with the pertinent law enforcement
authorities during or after an attack to facilitate any resulting
criminal investigation.
        (f) All executive departments and agencies shall cooperate with
the IPTF and provide such assistance, information, and advice as the
IPTF may request, to the extent permitted by law.

        (g) All executive departments and agencies shall share with the
IPTF information about threats and warning of attacks, and about actual
attacks on critical infrastructures, to the extent permitted by law.

        (h) The IPTF shall terminate no later than 180 days after the
termination of the Commission, unless extended by the President prior to
that date.

   Sec. 8.     General.

        (a) This order is not intended to change any existing statutes
or Executive orders.

        (b) This order is not intended to create any right, benefit,
trust, or responsibility, substantive or procedural, enforceable at law
or equity by a party against the United States, its agencies, its
officers, or any person.

WILLIAM J. CLINTON        THE WHITE HOUSE, July 15, 1996.




References

The following list of references are from an excellent paper written by Daniel E. Magsig titled Information
Warfare: In the Information Age. Thanks to Daniel for all the effort in compiling this list with abstracts:

[1] Alberts, David S., and Richard E. Haynes. "Information Warfare
Workshop: Decision Support Working Group Report." First International
Symposium on Command and Control Research and Technology (June 1995):
569-76.

Discusses information warfare decision support, and offensive and defensive
information warfare issues. Highlights pervasive nature of information
warfare. Recommends one consistent, widely disseminated policy on
information warfare, full integration of information warfare into military
operations, emphasis on defensive information warfare, and attention to
psychological and coalition warfare issues.


[2] Alberts, David S., and Richard E. Haynes. "The Realm of Information
Dominance: Beyond Information War." First International Symposium on
Command and Control Research and Technology (June 1995): 560-65.

Examines the concept of information dominance. Suggests a data,
information, understanding, knowledge, and wisdom typology of information.
Defines information space across arenas, levels, and natures of interaction
between entities. Highlights danger of focusing too narrowly on commonly
discussed elements of information warfare.


[3] Arquilla, John, and David Ronfeldt. "Cyberwar is Coming!" Comparative
Strategy 12 (April-June 1993): 141-65.

Classic paper introduces terms "cyberwar" and "netwar". Argues mass and
mobility will no longer decide the outcome of conflict. Instead,
decentralized, networked forces with superior command, control, and
information systems will disperse the fog of war while enshrouding the
enemy in it. Provides excellent example of twelfth and thirteenth century
Mongol armies successfully employing such doctrine.


[4] Arquilla, John. "The Strategic Implications of Information Dominance."
Strategic Review (Summer 1994): 24-30.

Focuses on the importance of information dominance over traditional
attritional and maneuver techniques. Introduces control warfare and
advocates a systems approach to identifying and attacking an adversary's
"center of gravity". Identifies the links between systemic elements as key
targets.


[5] Campen, Alan D., ed. The First Information War: The Story of
Communications, Computers, and Intelligence Systems in the Persian Gulf
War. (Fairfax, VA: AFCEA International Press, 1992.)

Often cited reference on the role of information, communications, command,
control, and electronic warfare in the Persian Gulf War.


[6] Campen, Alan D. "Information Warfare is Rife with Promise, Peril."
Signal 48 (November 1993): 19-20.

Argues military leaders must understand the nature of change in warfare
inherent in information based warfare. The right changes will act as
effective force multipliers. The wrong changes, or failure to change, will
leave the United States dangerously exposed. Discusses specific military
issues.


[7] Campen, Alan D. "Vulnerability of Info Systems Demands Immediate
Action: Reliance by Military on Commercial Communications Infrastructure
Poses Significant Peril to United States." National Defense (November
1995): 26-7.

Focuses on military reliance on commercial communications and market driven
security policy. Argues for stronger government role in assuring the
security of the National Information Infrastructure.


[8] Clausewitz, Carl von. On War. (New York: Viking Penguin, 1988.)

Classic text on warfare that has dominated military thinking for over a
century. Clausewitz regards information as generally unreliable in war.
This can be explained by his focus on operational and tactical level
issues, and his pre-Industrial Age frame of reference. Unfortunately,
Clausewitz so dominates military thinking that his bias against information
and intelligence has in some cases undermined acceptance of the precepts
information warfare.


[9] Dubik, James M., and Gordon R. Sullivan. "War in the Information Age."
AUSA Institute of Land Warfare, Landpower Essay Series 94-4 (May 1994): 16
pages.

Parallels the changes needed in today's Information Age military with the
changes that were necessary in the Industrial Age military at the turn of
the century. Specifically, the network as the model replaces the machine as
the model; near-simultaneous, continuous, short-run production replaces
paced, sequential, continuous, long run production; and, mass-customized
products, precisely targeted, with near-instantaneous distribution replaces
mass output.


[10] Franks, Frederick M., Jr. "Winning the Information War" Vital Speeches
of the Day 60 (May 15, 1994): 453-8.

Discusses the shift from hierarchical organizations to networked
organizations necessary in information based warfare. Traces the evolution
of command, control, communications, and intelligence through major wars.
Emphasizes the need for rapid, reliable sharing of information across units
and at different levels instead of traditional stove-piped intelligence
activities.


[11] Grier, Peter. "Information Warfare." Air Force Magazine (March 1995):
34-7.

Provides overview of information warfare from the U.S. military
perspective. Pulls together information from many sources highlighting key
topics.


[12] Handel, Michael I. Sun Tzu and Clausewitz Compared. (Carlisle
Barracks, Pennsylvania: U.S. Army War College, 1991.)

Compares the two most highly regarded classic texts on warfare. Section on
deception, surprise, intelligence, and command and control speaks to issues
related to information warfare.


[13] Jensen, Owen E. "Information Warfare: Principles of Third-Wave War."
Airpower Journal (Winter 1994): 35-43.

Summarizes War and Anti-War [31] and proposes eight principles of
information warfare grouped into four categories summarized as: "(1)
thicken the fog of war for our enemy, (2) lift the fog of war for ourselves
to create a transparent battlefield, (3) ensure that our enemies can't turn
these tables on us, and (4) always fight the information war with full
intensity."


[14] Johnson, Stuart E., and Martin C. Libicki, eds. Dominant Battlespace
Knowledge: The Winning Edge. (Washington, D.C.: National Defense University
Press, 1995.)

Introduces the concept of dominant battlespace knowledge which is the
ability to collect real-time battlefield information, understand that
information, and turn that knowledge into a decisive battlespace advantage.
Discusses necessary doctrinal changes.


[15] Lawrence, R. E., and A. J. Ross. "Equities: Dissemination vs.
Protection: Information Warfare Workshop Results." First International
Symposium on Command and Control Research and Technology (June 1995):
566-8.

Recommends action to raise public awareness of the threat of information
warfare. Recognizes vulnerabilities to national information infrastructure.
Argues information needs to be shared instead of overprotected, on the
premise that some adversaries, notably hackers, have achieved their
relative effectiveness largely through the practice of information sharing.


[16] Libicki, Martin C. What is Information Warfare? (Washington, D.C.:
National Defense University Press, 1995.)

Proposes seven distinct forms of information warfare: command and control
warfare, intelligence based warfare, electronic warfare, psychological
warfare, "hacker" warfare, economic information warfare, and cyberwarfare.
Posits that the concept of information dominance is hollow.


[17] Libicki, Martin C. The Mesh and the Net: Speculations on Armed
Conflict in a Time of Free Silicon. (Washington, D.C.: National Defense
University Press, 1995.)

Analyzes the "revolution in information technology." Argues that technology
begets doctrine and doctrine begets organization, implying a possible need
for organizational changes in the military. Examines a proposed
"Information Corps".


[18] Libicki, Martin C., and James A. Hazlett. "Do We Need an Information
Corps?" Joint Forces Quarterly 1 (Autumn 1993): 88-97.

Examines the debate as to whether a separate Information Corps should be
created. The benefits would be common doctrine, inherent standardization,
and increased innovation. The downside would be a lack of integration with
other forces.


[19] Libicki, Martin C. "Dominant Battlefield Awareness and its
Consequences." First International Symposium on Command and Control
Research and Technology (June 1995): 550-9.
Introduces the concept of dominant battlefield awareness. Predicts the
ability to achieve perfect knowledge of a 200 mile square battlefield by
the year 2008. Discusses the technological requirements for achieving
dominant battlefield awareness. Examines the pros and cons of related
issues.


[20] Lucky, Robert W. Silicon Dreams: Information, Man, and Machine. (New
York, NY: St. Martin's Press, 1989.)

Discusses in layman's terms the concept of information, information theory,
and information processing. Provides even coverage of philosophical and
technical issues. Touches on almost every important aspect of information.


[21] Mann, Edward. "Desert Storm: The First Information War?" Airpower
Journal (Winter 1994): 4-14.

Takes the theory of information warfare and ties it together with specific
examples from the Persian Gulf War. Discusses many key concepts in concise,
readable terms.


[22] Nielson, Robert E., and Charles B. Gaisson. "Information - The
Ultimate Weapon." First International Symposium on Command and Control
Research and Technology (June 1995): 545-549.

Examines the differences between war in the Industrial Age and war in the
Information Age. Focuses in on the decision environment and the old and new
paradigms for decision making. Argues for greater technological support for
decision making to reduce need for fallible intuition.


[23] Peterson, A. Padgett. "Tactical Computers Vulnerable to Malicious
Software Attacks." Signal 48 (November 1993): 74-5.

Highlights the role of tactical computers in warfare, examining their
vulnerability to viruses. Discusses the history of viruses, how they work,
what they are capable of, and theoretical reasons why no perfect defense
can be established. Examines practical measures that can be taken with
tactical computers to reduce the threat.


[24] Ryan, Donald E., Jr. "Implications of Information Based Warfare."
Joint Forces Quarterly (Autumn-Winter 1994-5): 114-6.

Discusses the need to re-examine doctrine in light of advances in
technology. Draws analogies between traditional Industrial Age warfare
doctrinal elements and proposed future doctrine.


[25] Schwartau, Winn. Information Warfare: Chaos on the Electronic
Superhighway. (New York, NY: Thunder's Mouth Press, 1994.)

Popular text on information warfare in general. Full of anecdotes. Lacks
grounding in the theoretical basis of warfare. Divides information warfare
into personal, corporate, and global information warfare.


[26] Science Application International Corporation (SAIC). Information
Warfare: Legal, Regulatory, Policy, and Organizational Considerations for
Assurance. (Prepared for the Joint Staff, 4 July, 1995.)

Exhaustive legal reference on the legal, regulatory, policy, and
organizational implications of information warfare. Cites specifics in
public law, executive orders, court decisions, etc.


[27] Starr, Stuart H., and Dale K. Pace. "Developing the Intellectual Tools
Needed by the Information Warfare Community." First International Symposium
on Command and Control Research and Technology (June 1995): 577-86.

Outlines a detailed conceptual framework for understanding information from
the military perspective. Leaves room for further definition of
non-military elements of information warfare. Examines toolsets applicable
to the support of the information warfare community.


[28] Stein, George J. "Information Warfare." Airpower Journal (Spring
1995): 31-39.

Discusses a definition of information warfare, development of a strategy
for information warfare, the U.S. Air Force perspective, and the danger of
failing to address information warfare. Sees the rise of information
warfare as similar to the rise of Airpower.


[29] Stoll, Clifford. The Cuckoo's Egg: Tracking a Spy Through the Maze of
Computer Espionage. (New York: Doubleday, 1989.)

Classic true story of international information warfare over the Internet.
Often referenced.


[30] Szafranski, Richard. "A Theory of Information Warfare: Preparing for
2020." Airpower Journal (Spring 1995): 56-65.

Defines information and warfare. Focuses on psychological warfare aspects
on information warfare. Sees the primary target of information warfare as
the knowledge and belief systems of the adversary.


[31] Toffler, Alvin, and Heidi Toffler. War and Anti-War: Survival at the
Dawn of the 21st century. (New York, NY: Little, Brown, and Company, 1993.)

Traces the evolution of warfare through agrarian, industrial, and
informational warfare "waves." Forecasts the future of human conflict.
Constantly referenced and highly recommended by other authors on the
subject of information warfare.
[32] Tzu, Sun (Griffith, Samuel B., trans.) The Art of War. (New York:
Oxford University Press, 1963.)

Ancient text on warfare popularized due to Sun Tzu's holistic view of
warfare and the increasing irrelevance of Clausewitz's classic On War in
the Information Age. Unlike Clausewitz, Sun Tzu regards information as
indispensable in reducing the uncertainty of war. Much of The Art of War is
arguably applicable to information warfare.


[33] Waller, Douglas. "Onward Cyber Soldiers." Time (August 24, 1995):
38-46.

Focuses mostly on examples and speculation to describe information warfare.
Provides a summary of some of the major papers on information warfare.
Includes many salient points.


[34] Wardynski, E. Casey. "The Labor Economics of Information Warfare."
Military Review (May-June 1995): 56-61.

Examines the economics of providing appropriate education in the nation's
public schools to ensure the numbers of quality workers that will be
required to support and defend the nation in the Information Age. Analyzes
the wages these people can expect to make and discusses the tradeoff
between developing technologies that require low skill, low wage workers,
versus developing technologies that require high skill, high wage workers.


[35] Cornerstones of Information Warfare. (Department of the Air Force,
1995.)

States the Air Force's definition of information warfare. Outlines the
traditional elements of warfare which comprise information warfare.
Discusses how Air Force doctrine should change to accommodate information
warfare.


[36] Jumpstart Information Warfare Briefing. (Department of the Air Force,
1995.)

Open source briefing ordered by the Air Force Chief of Staff to educate
Major Command and Numbered Air Force commanders and staffs on the subject
of information warfare. Contains numerous examples of information warfare
activities.


[37] National Defense University School of Information Warfare and Strategy
Syllabus, Academic Year 1995-96.

Details goals, objectives, lessons, and labs taught at the School of
Information Warfare and Strategy.


[38] U.S. Army Field Manual (FM) 100-6, Information Operations, 8 July,
1995 Working Draft.
States the Army's definition of information warfare. Discusses information
environment, threats, information dominance, information operations,
command and control warfare, intelligence, information systems, and
information activities.


[39] U.S. Army TRADOC Pamphlet 525-9, Concept for Information Operations, 1
August, 1995.

"This concept describes the importance of information and how to win the
information war in military operations now and into the twenty-first
century."

     http://cryptome.org/2013/01/infowar-tutorial/infowar-tutorial.htm

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:2
posted:1/23/2013
language:English
pages:54