Docstoc

Welcome to the Information Warfare Tutorial

Document Sample
Welcome to the Information Warfare Tutorial Powered By Docstoc
					http://www.au.af.mil/au/awc/awcgate/iw-army/intro.htm

Return to Information Operations Center
This tutorial originally developed by Army War College,
It was last updated Feb 1998, but still has value as a primer.

Last Updated: 02/17/98, Downloaded: 09/07/98


Welcome to the
Information Warfare Tutorial

This tutorial is a condensation of material presented through an advanced course dedicated to the
subject of Information Warfare and offered by the US Army War College. NSA Visiting
Professor, Mr. Robert F. Minehart, Jr. has developed and is currently teaching the course which
is offered as an elective. The material in this tutorial represents an unclassified version of the
advanced course and parallels the content being encoded into a stand-alone, multi-media tutorial.
The beta version of the stand-alone tutorial is ready for distribution effective 15 January 1997.
Public, corporate and government input will be sought during the beta period with final call for
input 15 May 1997. The final version including beta solicited input will be available by mid to
late summer 1997.

Although this version will not be replete with sounds, film clips, and images like the stand-alone
version, it is based on the same material as the multi-media version. It should serve well as a
concise, summarized reference for those who want the bare content.



The following is a table of contents for the tutorial modules:

      Executive Summary
      Module 1 - How Did We Get Here?
      Module 2 - The Threat.
      Module 3 - DoD Roles and Missions.
      Module 4 - Information Assurance.
      Module 5 - The Political Quagmire.
      Module 6 - IW Weapons.
      Module 7 - Loss of Sanctuary.
      Module 8 - The Military Perspective.
      Module 9 - Recommendations.
      Module 10 - Summary and Conclusions.
      References
DSB, Access the associated findings of the Defense Science Board. [link updated 22 Jan 00 by
AWC]




Executive Summary

The Internet was born from a Department of Defense (DoD) requirement for a survivable
communications system, as a result cyberspace is now a reality. Individuals are discovering a
political and social freedom never before imagined, but new threats are on the horizon. Just as
the threat of nuclear war once forced leadership to develop national security policy focused on
defending America, so will Information Warfare emerge as a threat requiring our leadership to
consider an Information Civil Defense.

A comparison between the Cold War period and today yields an interesting perspective. During
the Cold War the United States government leveraged over 90% of all telecommunications
research. Today, the United States government contributes to less than 10% of
telecommunications research; as a result, our government has much less influence on
establishing industrial standards.

Information Warfare is a threat because it levels the international playing field (political,
economic, and military), i.e. most nations cannot challenge American policy using traditional
force-on-force warfare. Information Warfare is very cost effective and offers a non-attribution
capability. Most importantly, the United States is the most vulnerable of all nations to IW. DoD
is critically dependent upon the public switched infrastructure though it has no control over and
little ability to influence security standards.

International espionage is being redirected from the individual with access to secret information
toward network administrators. Nations are determined to acquire America's customer base.
Industrial espionage will escalate into industrial sabotage. The Defense Information Security
Agency (DISA) has proved that government networks are vulnerable. There are strong
indications that an entirely new management philosophy is needed to counter 21st century spies.

Tomorrow's military will continue to stand ready to defend America against the two major
regional conflict (MRC) scenario; however, it can be forced to do so with fewer resources.
Economizing can be pursued through advanced Command and Control Warfare. Further,
America's military will be more able to extend their global reach utilizing an offensive
information warfare strategy. Tomorrow's military will prepare the theater of conflict by seizing
control of all critical infrastructures utilized by the enemy. Tomorrow's enemy will only be able
to communicate, finance, or logistically relocate that which our leadership allows. Our adversary
will be blinded by a complete cyberfog.
Currently the Joint Chiefs of Staff have offensive and defensive groups addressing both issues.
Mechanisms are currently in place and being honed to ensure that each new strategic weapon is
controlled within the required release authority. However, from a defensive perspective, DoD is
currently inhibited by limited authority which prohibits involvement in securing the public and
corporate sector of America's critical infrastructure.

Government's authority for securing America must be expanded to protect our nation from
groups that wish to influence U.S. policy through infrastructure attacks. Our nation's leadership,
both political and industrial, must define a process by which government can prosecute such
groups which seek to attack from outside the United States. Likewise, our leadership must equip
local and federal law enforcement with effective policy focused to counter such attacks from
within.

The threat posed to America's infrastructure via IW attacks is by its nature non-partisan. The
threat is real and is focused against all of America. As a result, our political leaders will come to
closure on this issue quickly once they are provided with adequate assessments of the threat and
needs of the individual and industry. Our policy makers can be drawn back to our fore-father's
belief that individual's rights are granted by God and secured by government. As a result, they
will be challenged to determine the delicate balance between individual and society's rights - this
will represent the heart of the debate.

The focus for change must come from Congress, however all branches must contribute. The
President must direct the Executive Branch departments and agencies to provide critical
information (data) for use by Congress, Industry, and the public in forming the national debate.
Likewise, the Supreme Court will, as it has in the past, ensure that legislated policy does not
encroach on the rights of Americans. Corporate America can be called upon to provide a realistic
view of industry's security needs. This view is currently not possible as most of corporate
America is either fearful of disclosing the extent of the threat, or is unaware of the intentions of
its adversaries. Finally, Congress must receive a balanced view from its constituents. The people
must educate themselves to the issues and voice their opinion.

There is value in looking at our nation's transition during times of great change, e.g., the
industrial revolution, the Great Depression, and the nuclear threat (Cold War). During each
period free enterprise provided the technical means to a solution. Likewise, during each
transition, there was a new assessment of the balance of rights.

Specific Lessons from History

      Legislative actions have historically supported economic and industrial growth.
      U.S. Courts have leaned toward the rights of the individual. The right to privacy has and
       will continue to be at the center of debate.
      The technical solutions to all of America's needs have come from the industrial sector.
      Divestitures such as AT&T's could benefit other critical infrastructures such as electric
       power.
Information Warfare Weapons fall into the following categories: Strategic National, Strategic
Theater, Operational, and Tactical. Each category has its own unique capabilities and thus
requires different safety mechanisms to prevent inadvertent release. The Commander In Chief
(CINC) implements the directions of the President. During the planning process the CINC can be
the single person responsible for the overall campaign and will select the weapons to be used, but
just as in the case of nuclear weapons, IW weaponry will require a higher level of coordination
and authorization for release.

Many nations in competition with the United States, either in the political or economic realm, are
actively developing IW capabilities. Such nations hope to use these capabilities to gain an
industrial edge by stealing U.S. industrial secrets, and when possible, disrupt our nation's
industrial base.

America has typically enjoyed a protected sanctuary provided by the two great oceans it borders.
Not until Pearl Harbor and the subsequent nuclear threat did America become aware of its loss of
sanctuary. With the fall of the Iron Curtain and the end of the Cold War, Americans have
returned to believing a protected sanctuary still exists. Cyberspace has no geographic boundaries.
Further, nations are contracting the efforts of cyber-terrorists to maintain non-attribution.
America's sanctuary has been lost. Our nation is under a quiet, systematically organized attack
by many forces whose goal is to topple America's position as world leader.

Just as America's military transitioned into the industrial age and adopted the concept of
mechanized war, so will it adapt to the concept warfare in the information age. That said, the
transition will not be easy. The Army has and will always command the ground aspect of
warfare. The information revolution will provide a battlefield (situational) awareness
unimaginable today, and precision guided weapons will allow a greater stand-off distance from
our adversary. The Navy (and Marine Corps) will continue to control the seas and provide the
heavy strategic reach capability America now enjoys. Global sensory networks will ensure the
U.S. Navy has the capability to track any form of naval enemy on a global basis. The Air Force
and its command of the skies will continue. The ability to precision strike a hostile nation's
command and control, air defense, or critical infrastructures can be just a push button away.
Precision strike will place munitions on a target in ways now considered impossible.




How Did We Get Here?
Module 1
The Lesson



The module learning objectives:
      To explore the concept of the Information Revolution by looking to the period of the
       1950's to present.
      Present the user with enough information to answer the question, How did we get here?
       in the context of Information Warfare.
      To answer the questions: What is Information Warfare? And, why is it an issue?



The Beginning

We can recall images of the ancient courier with a message written on his scalp.

Most of us have seen movies where the medieval king applies the royal seal that verifies the
message to be his own.

Looking to the American Civil War, we can recall the use of signal towers on which
communicators relayed the commander's message via flags.

As time marches on, leaders need faster and more efficient means to communicate.

Both speed and distance were overcome by the use of electronic communications. Advances
were made in the speed by which information could flow, travel far distances, and be encoded.




                              The pace of communications development during the early 20th
century was nearly linear. Advances in one trade motivated advances in another. During WW II
all aspects of communication were utilized by both the military and civilian sectors. President
Roosevelt, the Great Communicator, used the air waves to rally the American people and
government.



Introduction of the Atomic Age, 1945
                             The spark that started the information flame that is now burning
was struck by the atom bomb. This flame is known as the Information Revolution.

The concept of immediate and complete destruction induced leaders to reconsider every aspect
of government operations. America responded by preparing both the government and civilian
infrastructure for the what-if Scenario. The strike from the blue nuclear threat forced our
government into an unprecedented level of inter-agency cooperation. Communications
technology played a major role in not only providing indicators and warning of an impending
threat, but also made effective command and control possible. As a result, communications
research and development became a pivotal technology in securing our nation. Now one could
argue that the emerging threat posed by the information revolution calls for our nation's leaders
to pull together and consider an Information Civil Defense policy, i.e., Information Assurance.

It is important to realize just how frightened America became during those years. You may recall
the term duck and cover?



Images of total destruction generated a national fear that supported the massive build-up of the
defense infrastructure.

THE TRUTH: Barring the instantaneous collapse of the Russian government, a contingency I do
not foresee under present circumstances, war is inevitable. When the leaders in the Kremlin are
convinced that their superiority in nuclear weapons and the means to deliver them are superior to
ours by a proportion sufficient to enable Russians to destroy Americans with acceptable damage
in retaliation, they will not hesitate to use them. Although the carnage will be horrible,
civilization will not be wiped out -- Russian civilization, that is.
2. There can be no defense against atomic weapons; we are doomed to destruction and can only
despair....
Kenneth D. Barrett, The Deception of Civil Defense, 1964, Independence Press, Inc.


The Network

After 1945, the communications user base grew by several orders of magnitude. Our nation's
leadership needed the capability to know within minutes of an impending Soviet attack.

Each of these national efforts had a voracious appetite for communications bandwidth.
Further, the traditional point-to-point communications concept became obsolete. The network
concept was born.



The birth of ARPANET from the original DARPA requirement soon evolved into the
INTERNET most of us use today. What started as a government initiative soon became essential
to computer-equipped commercial organizations; similar to the current adoption/transition of the
Global Positioning System (GPS) by the civilian sector is another example.

In 1960 DoD leveraged more than 90% of the telecommunications research. Today, DoD
contributes less 10%. This is an important point to consider as DARPA would not have been able
to encourage the American industrial base to adopt the computer-to-computer communication
protocol (TCP\IP) without such influence.

For the past ten years, enhanced communications capabilities have been shrinking the world. The
futurist, Alvin Toffler refers to a Third Wave, information revolution which started in the mid
1980's and is guiding us toward an information-based society. He claims that Information has
power and that an information-based evolution will significantly change our political, economic,
industrial, and domestic systems.



The Public Trust (Then and Now)

Our nation has experienced another change since the early days of the Cold War - the erosion of
public trust. The American people expected their government to protect them from the Cold War
threat. It was understood that security meant secrecy. The WW II jingle loose lips sink ships was
still in the minds of most Americans. The Rosenberg trials and convictions publicly confirmed
that the Soviet Bear was out and about.

However, events such as Watergate and the Pentagon Papers forced many Americans to question
the activities of their leadership. This growing concern motivated Congress to act in the mid
1970's. Reacting to a public call for greater control and openness, Congress dramatically changed
the way it processed legislation. Americans could now examine their government's specific
actions as role calls and voting activities were open to public record.

It is important to recognize the magnitude of change in public trust over the past six decades. In
the early days of the cold war people would not have questioned our government's actions to
provide security. The classification of key technologies and export control was accepted.
Cryptographical advances were considered national treasures worth protecting.

Today Americans demand tight controls to prevent any abuse of power by government officials.
Further, the balance of individual privacy vs. national security has shifted toward the individual.
Once a national technology, cryptography is now considered an intellectual novelty for public
use and discussion.
As our nation's policy makers develop information age legislation, the degree of public trust will
greatly influence their decisions. Policy makers will find it increasingly more difficult to tell the
public that legislation is motivated on a classified portrayal of threat. The people will demand an
explanation. This will challenge many departments and agencies to develop new methods of
operation. Political inertia from behind government's closed doors will resist the transition to
new policy, but change is unavoidable. Departments and agencies will learn to adopt a widely
accepted academic term, publish or perish.



What is Information Warfare?

The term information warfare is misleading and is often shunned by high level policy makers.
The concern is that information warfare implies some sinister plot by government to control the
information realm often called cyberspace. This is not the case. Unfortunately, changing the term
now may derail a movement within government and industry focused on defending America in
the new information age.

Our nation is becoming a network of networks (system of systems). For the past twenty years
operations once performed by humans are now handled by computers; consider the
modernization of the auto assembly line. Our nation's power grids, natural gas pipe lines, and
transportation systems are all managed by computer networks. Both Federal Express and United
Parcel Service critically depend upon their computer networks to get the package there on-time,
as do our nation's railways and shipping industries. Consider what havoc a hacker could create in
those data bases. Looking deeper into our nation's dependence on computer networks we find
that our nation's industry designs and manufactures its products on Computer Aided
Design/Computer Aided Manufacturing (CAD/CAM) systems. For example, the Boeing
Commercial Airplane Company completely designed and manufactured the new 777 airliner in
virtual space, i.e. a paperless design. Further, the 777 is the first commercial airliner to use Fly-
By-Wire technology - when the pilot moves the control yoke he has no direct connection to the
flight surfaces. He is simply sending signals to a computer that in turn sends commands to
powered actuators. Sensors on the various flight control surfaces send periodic data to the
computer as to their configuration. What would a computer virus do to one of these systems?

Until recently the aforementioned networks were protected by isolation, i.e. they were not
connected to outside data networks. However, as we enter the information revolution these
networks will become part of the networks-of-networks. The connection of these networks make
their operation better as the systems are able to communicate. However, the same
interconnection introduces the possibility that an unauthorized intruder may enter and corrupt the
system.

Note: during the early days of the Cold War, DoD maintained dedicated, redundant, and
survivable communications. Today, 95% of DoD communications ride on the public switch
network. America has witnessed hackers who easily penetrated and manipulated the public
switch network. Can our nation's communications net withstand a coordinated attack from a
hostile nation state? Should DoD be concerned for the security of the public switched network?
America's economic, political, and industrial infrastructure are now open to attack via the net;
this is the essence of Information Warfare (IW). IW offers hostile entities the capability to
exploit, disrupt, and/or destroy our nation's ability to operate.

Why are hostile forces looking to information warfare?

   1. No other nation, political group, or crime cartel has the ability to challenge the U.S. in a
      traditional force-on-force engagement. Consider the early days of our Revolutionary War
      and the way British troops were trained to fight. They lined up in columns and marched
      head-on into battle. Our patriots challenged this conventional method of warfare and took
      cover. America's adversaries, like our revolutionary ancestors, are now posturing for a
      new form of warfare fought within the information sphere. This new type of warfare can
      make it possible for them to exert their will on America.
   2. War fighters have always considered an adversary's political, economic, and industrial
      infrastructure as strategic targets. The information revolution now offers them the ability
      to strike America by non-lethal means, many times, without attribution. The ability to
      exploit, disrupt, and or destroy our nation's infrastructure by attacking its computer based
      operation, makes information warfare a very cost effective weapon to our adversaries.



Summary

The challenges facing America's future are not unlike those of the early 1950's. The difference is
that the nuclear threat is replaced by a new threat. IW effects may weigh heavily on the future of
our nation. Over the next decade our nation will have to adopt some type of Information Policy,
that establishes a means of coordinating the defense of America's infrastructure. Likewise, DoD
and the Intelligence Community need to develop methods of providing critical technology and
information to the public and commercial sectors.

Here are the important points of this module:

      Then: DoD leveraged the majority of research. Now: Commercial demands drive
       development.
      ARPANET's utility has evolved into a basic requirement.
      The public trust of government has been severely degraded.
      Information Warfare = a new way for hostile forces to exert their influence on America's
       economic, political, and industrial infrastructure.
      Why IW? America has virtually eliminated other nation state's ability to project classic
       force-on-force, i.e., our nation's military capabilities so dominate those of other nations,
       few can challenge America militarily; therefore, most nations of the world have
       effectively lost their element of military power when dealing with America policy.
      During the Cold War DoD maintained separate, dedicated, hardened communications.
       Today, 95% of DoD communications ride on the public switched network.
The Threat
Module 2
The Lesson



The module learning objectives:

       Identify the IW threats to DoD's information infrastructure and, in a broader sense,
        America's data networks.
       Address some of the sociological implications of an IW attack.



You must consider the various perspectives of IW threats:

   Perspective                       Concern
Corporate        Security, reliability
FBI              Criminal activity
Treasury\banking Security,non-reputability
DoD              Defense
Intelligence     Espionage - Input unavailable for beta version


What is DoD's concern?

After all, internal Continental United States (CONUS) policy is not it's concern...

Or is it?

There is a shared responsibility between managing DoD and commercial networks.



Why is DoD concerned?

DoD uses closed systems, router and firewall protection, and encryption in order to secure
critical networks and message traffic; however, these secured transmissions ride on the public
switched network, which has been proven to be vulnerable to IW attacks.

The enemy is turf blind. It does not worry about what is DoD or Public.
Information Warfare does not equal Computer Warfare.

Computer Warfare (CyberWar) is a subset of Information Warfare.

Many aspects of IW can be waged without the use of the computer. Take, for example, Somalia.



Threat Model

The following is a model that you can trace through for responding to IW threats.




Summary

Hopefully the case studies have illustrated that there are a variety of IW threats possible.

Here are the important points to this module:

      IW is not restricted to the technical world. Remember Somalia?
         In the past, links were the primary targets to exploit, while links and nodes were targets
          for denial and destruction. This is classic C2W.
         In the this new world, nodes and information are the primary targets for hackers and
          foreign intel.
         Now you have two new concerns: radical groups and commercial off the shelf software
          (COTS).




DoD Roles and Missions
Module 3
The Lesson


The module learning objective:

         To consider the question of who does what, who should be doing what, and what policy
          is in place that provides specific authority for both defensive and offensive IW.



Why is DoD involved in Information Warfare?

Consider the two perspectives:

   1. The offensive perspective. DoD must maintain the leading edge in warfighting capability.
   2. The defensive perspective. DoD must defend America (a shared role).



The DoD is critically dependent on information technology.

In the past:

DoD maintained a dedicated hardened communications capability.

Today:

Current technology offers better commercial communications services than past DoD systems.
This coupled with declining budgets, has driven DoD to the commercial sector for
communications needs.

Result:
Currently, 95% of DoD communications ride on the public switched networks.

Concern:

DoD has no authority to provide guidance on securing the public net.



So, What is DoD's role?

   1. Develop new weaponry that will operate in the new information infrastructure.
   2. Coordinate DoD policy with national policy needs. This can be done through executive
      committees, congressional support, and commercial interface.
   3. Ensure efficient use and system interoperability (ASDC3I).
   4. DoD procurement - solving future challenges in acquisition and technology (e.g,
      commercial, off-the-shelf purchases (COTS)).



Here are some DoD agencies who have an important role in IW:

       Defense Advanced Research Projects Agency (DARPA) - previously known as ARPA,
       has traditionally coordinated leading edge technology development, and is now focusing
       on information security technology.
       Defense Information Systems Agency (DISA) - DISA takes the lead in securing DoD
       unclassified, but sensitive networks.
       National Security Agency (NSA) - has the responsibility for securing the nation's
       classified data networks as well as managing the nation's cryptographic (code-breaking)
       activities.


The Joint Chief of Staff

Within DoD, the IW division of effort resides with the Joint Chief of Staff.

J3 is responsible for offensive IW. It coordinates development and approval for release of all IW
weaponry. Whereas, J6K is responsible for defensive IW. Further, the J6K acts as the
Information Assurance policy coordinator and, focuses DoD's IW education in conjunction with
the J7 and ASDC3I.

The split nature of the JCS will likely precipitate a change toward unification of both offensive
and defensive IW. Since historically, the military's primary role is warfighting, it would be
reasonable to assume that the J3 and J6 will merge their IW mission under the J3 umbrella. Look
for similar merging of offensive and defensive missions throughout DoD organizations and
agencies.
How does DoD ensure that public systems on which the military depends are secure?

The question of who will coordinate the processes of securing America's information
infrastructure is still unanswered, but it is unlikely that DoD will assume this role.

Information Warfare may be likened to waging Infrastructure Warfare. Whoever is responsible
for managing the infrastructure will probably assume some key responsibilities in securing
America.



So, what is the DoD role at the national strategic level?

To lead from behind.

and

      1. Provide sound advice on the exact nature of the threat.
      2. Provide information (knowledge) gained by past experiences (i.e., what works and what
         does not).
      3. Provide technical expertise when requested.
      4. Form partnerships with state and local governments as well as with the commercial
         sector.



DoD's most important role

As a result of Watergate, Vietnam, and other associated events, public trust in the government
has steadily eroded over the past six decades. This erosion has also affected the DoD's image.
Many Americans believe that DoD is not in line with main stream culture, e.g., policies on gay's
in the military and sexual harassment (Tail Hook). It is a common belief that the Pentagon is
looking for a new global threat now that the Cold War is over; that the Information War is the
new global threat used to acquire additional DoD funding. Reinforcing these views is the
recurring question what is big brother up to? Given that situation, it is clear that the public will
demand strong evidence before accepting an expansion of DoD's role into cyberspace.

This cannot be understated: DoD must take steps to re-establish the public trust and provide clear
evidence that the IW threat is real. The first steps are:

         Openness
         Education

Public trust is critical. Americans should not have ask What is my government up to?
Summary

This module contained two simple, yet important messages. DoD must accomplish these two
tasks to accomplish its IW mission:

      DoD is dependent on the civil infrastructure. DoD must share responsibility with the civil
       sector for defense of the national information infrastructure.
      Government department and agencies will have to develop a strategy for leading from
       behind.




Information Assurance
Module 4
The Lesson


The module learning objective:

      To define the concept of National Information Assurance and identify related national
       policy issues.



Before we continue with this module, let's review the previous 3 modules:

Module 1 Review

Then: Money was available through DoD sponsored research. Now: Commercial demands drive
development.

The birth of ARPANET evolved into a basic requirement.

Then: Public trust of government was high. Now: Public trust of government is low.



Module 2 Review

IW is more than technical, i.e. Somalia.
In the past, network links were the primary targets for exploitation, and links and nodes were
targets for denial and destruction. Classic C2W.

In this new world, nodes and information are the primary targets for hackers and foreign
intelligence.

There are now two new concerns: radical groups and commercial, off-the-shelf software
(COTS).



Module 3 Review

DoD is now dependent on the civilian infrastructure.

DoD must share the responsibility with the civilian sector for defense of the national information
infrastructure.

The President, Congress, Supreme Court and the commercial sector will divide the baby.

Government departments and agencies will have to develop a strategy for leading from behind.



In this module we will address these major points on Information Assurance:

   1.   Who, what, when and why (roles perspective).
   2.   DoD's role (past attempts).
   3.   Risk management (nodes, links, and information).
   4.   Defense strategies: red team approach vs active defense.
   5.   Management challenges.



From the National Security Strategy, February 1995:

The threat of intrusions to our military and commercial information systems poses a significant
risk to national security and must be addressed.

That, by now, should be obvious. The real concern is:

Are we under attack right now? And if so, from whom?

Redefining and maintaining security is a national concern. DoD and the Intel community must
design a method that will provide critical threat and technical knowledge. They must also
cooperate with the private sector.
Who Are The Real Players?

Some of the real players who will influence the political process and build the solutions:

      Sun Micro Systems
      Microsoft
      Motorola
      Intel
      IBM
      Apple
      And many others...

With DoD leading from behind!



Accreditation Shortfalls

Past DoD attempts in securing the information infrastructure mainly involved an accreditation
process. This, unfortunately, did not work well because of these shortfalls:

      Inconsistent accreditation decisions were made independently for interdependent
       systems. This resulted in non-uniform protections across common DoD infrastructure.
       Also, the weaknesses in one community undermined the security of others.
      Security assessments are costly, time-consuming processes.
      Security was not adequately addressed during the development and maintenance of the
       systems, which resulted in ineffective or inefficient security.
      Inefficient integration across DoD efforts resulted in duplication and approaches that did
       not meet common DoD needs.



Accreditation Consequences

The shortfalls of a DoD accreditation system led to the following consequences:

      Erratic protection for DoD information systems.
      Cost of protection too high.
      No means to cope with new technology.
      Once accredited, a false sense of security exists, that is until the next detected attack.



Defensive IW Implementation
Any proposed defensive IW implementation must encompass all of these areas:

      Doctrine
      Policy
      Organizational Infrastructure
      Assessments
      Technology
      Education & Training



Active Defense

If accreditation does not work, what about an active defense? This implementation also has
shortfalls. Most importantly, an active defense would violate U.S. criminal code on computer
crime, e.g., 18 USC 1030 (a)(5)(A).

Consider also the following scenario: What if the hacker is using his/her parent's business
computer or is using an assigned computer at the Washington Post, Sony, or the Pentagon?

Using an active defense would damage not only the hacker's files, but also the files of the
legitimate computer owner/user. What if a computer being used by a hacker, doctor's son,
belonged to your doctor and the files destroyed by an active defense were your patient history
files?

Other considerations:

      Both good guys and hackers use the Internet.
      Hackers use sniffers.
      Hackers loop & weave.
      Hot pursuit and active defense may not be options.



If Active Defense is not an Option...

There are recommended strategies to deal with hackers who enter your network. Once intrusion
is detected, you have several options:
                        Sometimes the best offense is a good defense...


IW Defensive Strategy

What works?

   1. Manage your security - set policy for what is allowed, and what behavior is prohibited.
   2. Banners that announce monitoring to be read by everyone logging onto your system.
   3. Red Teaming - Controlled "hacking" by security professionals who your organization has
      contracted for the identification of security risk.
   4. Risk management - plan for the attack.




The Political Quagmire
Module 5
The Lesson



The module learning objectives:

      To discuss opposing viewpoints (individual rights Vs law enforcement).
      To present specific recommendations.
Information Policy - The Political Quagmire

Do we need a national information policy?

If so, what forces will influence the process?

Can we look to history for clues?



A Historical Review

Was national policy challenged by the Industrial Revolution? If so, what did we learn? Did the
Cold War challenge national policy? What unique challenges does the Information Revolution
pose?

It is reasonable to suggest that our society is becoming more dependent on information systems.
In an effort to better understand policy challenges of the emerging Information Age, it may be
useful to consider our nation's reaction as it transitioned into the industrial age. Such an analysis
may yield similar policy concerns, i.e. state Vs individual rights.



Policy Challenges of the Industrial Revolution: The Lochner Period

Looking to the U.S. Supreme Court and the period of 1905-1937 (Lochner Period), we see that
our nation was challenged by the industrial revolution in much the same way as the Information
Revolution does today. In 1905 the Supreme Court considered the case of Lochner Vs New York,
where the court struck down a New York law that prohibited the number of hours a week bakers
could be contracted to work. This profound legal finding shifted the balance of rights toward free
enterprise; thus, the term the Lochner Period. The essence and impact of this period cannot be
understated.



Policy Challenges of the Industrial Revolution: Before the Lochner Period

Before the Lochner Period (circa 1897) our nation subscribed to a policy of laissez-faire
economics. In 1897, laissez-faire became the operative policy as a result of the Allgeyer Vs
Louisiana decision. Laissez-faire was basically the principle of protecting business from
unreasonable regulation, i.e. to advance the Industrial Revolution. The important point is,
America has and will continue to promote free enterprise. Free enterprise developed our nation's
industrial strength and positioned our country for its role as a world leader. Therefore, it should
come as no surprise that industry will continue to leverage considerable influence in any national
debate.
The Period 1934-1996

Looking to the period between 1934-1996 and telecommunications legislation, we see that
economics drove the political agenda. The national communication system (AT&T) was built
upon the power infrastructure provided by the Rural Electrification Act. However, as technology
and competition developed our nation witnessed the break-up of AT&T. AT&T's break-up was
driven by industry as the market nature of our economy prevailed. The most recent and
potentially dramatic change came with the Telecommunications Act of 1996, where competition
is virtually open to all, and for the first time the operative word is information, and not television,
telephone, or anything else.



Cold War Policy Challenges

The threat of complete and total destruction challenged all sectors of our civil and government
infrastructure. For the first time in history a nation could completely, without notice, destroy
another nation. In time, solutions were developed to protect against this danger. Most of these
solutions relied upon inter-working relationships between not only nations, but between
governments and their civilian sectors. The Information Revolution poses a new threat against
our political, economic, and industrial infrastructure. Once we worried about national secrets;
now we must be concerned with industrial secrets. Hostile forces will use the information
infrastructure to extract trade secrets critical to an industry's competitive edge.



The Issue of Privacy

Privacy is one of the most interesting of individual rights. The term itself does not appear within
the Constitution or the Bill of Rights and is often referred to as an implied right The balance of
an individual's right to privacy has shifted with time as our courts have interpreted our founding
father's intention. Today many argue that the right to privacy need not be specifically addressed
by the Constitution as it is one of the most basic of rights granted by the creator of which this
government was formed to protect. Nonetheless, our policy makers will be driven to accelerate
the privacy debate as Americans come to realize the overwhelming capabilities of modern
computer systems to gather and analyze personal data and reveal personal information many of
whom do not want disclosed. What ever your personal or business perspective, this aspect of the
public debate will be key to future policies. It is imperative that all viewpoints be considered and
an equitable policy emerge; otherwise, our nation will experience a protracted period of
legislation vs. court review which will only serve to the benefit of our nation's adversaries.
Consider issues of privacy in Cyberspace using the following rule of thumb:

Currently two tests exist to determine if privacy has been violated:
1. Does the individual or company expect the information to be private, (subjective expectation
of privacy)?
2. Is society willingl to grant that expectation?


The Threat of Perception Management

Third world nations are developing a tactic referred to as the Aideed Model. This model is named
after the Somalian War Lord whose unique strategy of turning a nation's information
infrastructure against itself through active perception management led to the defeat of the world's
best equipped military. The Aideed Model is particularly attractive as the budget for executing
such an operation is typically smaller than that of an intercity street gang. This, among other
recent examples, prove that factions hostile to the interests of the United States do not need to
engage in traditional military force-on-force in order to exert their will upon a superpower.



Historical Conclusion

From a policy perspective, our nation is undergoing a change not unlike the Industrial
Revolution, with many of the same issues reemerging for debate. This does offer a good
perspective for policy makers as a benchmark. However, unlike our transition into the industrial
age, the current transition challenges our policy makers much like the Cold War period in that
solutions rely on cooperative efforts between government and the civilian sector. Further
complicating information policy is the possibility that our form of democracy may be challenged
as never before. That said, history suggests there are two great dilemmas. As in the past, two
themes help to identify critical policy issues: equality for all and the power of government Vs the
individual. Now, as in the past, the solution lies in a delicate balance between the people,
government, and industry.



What Did We Learn From the Industrial Revolution?

The major points from our brief historical review are:

      Historically, national policy has supported industrial growth through free enterprise.
      Privacy has and continues to be a major issue.
      Just as in the past, national policy makers are faced with two great dilemmas:
           o Ensuring equal rights.
           o Separation of individual vs. national government rights.




What Did We Learn During the Cold War?
   1. Information Warfare threatens many of our national infrastructures (political, economic,
      and industrial), in much the same way nuclear weapons did during the Cold War. Nuclear
      weapons threatened loss of service through mass destruction whereas IW threatens
      through the net attack.
   2. In both cases, the solution depends on a government, industry, and civilian joint effort.
      Our nation's (information/infrastructure) civil defense relies on cooperation.



What is Unique About the Information Revolution?

   1. The impact of a connected America (an immediate human viewpoint sensor) on the
      national policy process.
   2. The ability of an adversary to manage the American perspective.
   3. Unlike nuclear or conventional weapons, it is often impossible to detect an Information
      Warfare attack until it is too late. Further, the adversary can hide within Cyberspace.
   4. Government has much less influence as compared to its influence during the Industrial
      Revolution and Cold War period. As a result, government must lead from behind by
      providing sound, accurate advice to the public and industry.



The Various Perspectives of Information Warfare

These are the various perspectives of IW:

      Personal
      Corporate
      Justice
      Treasury This perspective is the same as for the Dept. of Justice.
      DoD
      Commerce

      Intelligence - this data unavailable in the beta version.

Summary. The focus for change must come from Congress. The issues associated with
defending America in the age of information can only be equitably debated through this
branch of government. This is not to suggest that the President and the Judicial branch will
not play a major role; they will. Congress will have to take the lead in forging new policy as
our nation enters the 21st century.

Role of the President: direct the Executive branch departments and agencies to provide critical
information (data) for use by Congress, Industry , and the public in forming the national debate.
The Executive branch must provide a clear representation of the Threat that IW poses to our
nation's infrastructure. Further, the President must ensure that any technical skills and associated
knowledge resident in the U.S. Government is available to industry and Congress for their use in
formulating national information policy.

Role of the Supreme Court: The Supreme Court will, as it has in the past, ensure that legislated
policy does not encroach on the rights of Americans. Just as the Supreme Court played a major
role in interpreting legislation as America entered the Industrial Revolution, it will do so for the
Information Revolution. However, history has shown that such interpretations are molded over
time as society's needs and perspectives change. For example, the balance between economic
rights and the needs of business.

Role of industry: Corporate America will be called upon to provide a realistic view of industry's
security needs. This view is currently not possible as most of corporate America is either fearful
of disclosing the extent of the threat, or is unaware of the intentions of its adversaries. To remedy
this, the President must commit America's intelligence community to directly providing relevant
indications and warnings to industry. Congress must engineer a policy where industry is required
to report the number and nature of IW attacks against its infrastructures. Such disclosures by
industry must be protected to guard against the erosion of public confidence.

Role of the individual: The Internet is growing exponentially. Within it there are many
references to the sanctuary of cyberspace. There have been declarations of cyber independence
and calls for a hands-off by governments. People of the world are experiencing for the first time
what Americans have taken for granted: Freedom of Speech. The ability to publicly voice one's
opinion is bringing a passion to the Internet that is indescribable. Non-Americans are naturally
hesitant to embrace any government association with the Internet. However it must be
remembered that it was America, specifically the U.S. Department of Defense, that made the
Internet possible. According to the Declaration of Independence, America's government is
formed by its people to protect the rights granted by the Creator. This brings us to one of the
most fundamental arguments of society (State):when do the rights of the many outweigh the
rights of the few? This issue has been argued since the dawn of logical thought. Our policy
makers (President and Congress) must receive a balanced view from their constituents. Often our
nation has applied the oil only to the squeaky wheel. The Congress must initiate public
community debates to help bring the message to Washington. When called individuals must
educate themselves to the issues and voice their opinion.

Lessons from the Past

Look to our nation's transition during times of great change, e.g., the industrial revolution, the
Great Depression, and the nuclear threat (Cold War). During each period the concept of free
enterprise provided the technical means to a solution. Likewise, each transition required a new
assessment of the balance of rights. Looking more recently to the second half of the 20th century,
it can again be illustrated that free enterprise enabled America to become the global leader in
technology.

Specific Lessons from History

    1. Legislative actions have historically supported economic and industrial growth.
   2. The mean trend of U.S. Courts has been to lean toward the rights of the individual. The
      right to privacy has and will continue to be at the center of such debates.
   3. The technical solutions to all of America's needs have come from the industrial sector.
      History has shown that with the encouraging government policy the pace of development
      can be greatly accelerated, e.g., America's race for the moon in the 1960's.
   4. Look to the benefits of AT&T's divestiture. What other aspects of America's critical
      infrastructure could benefit from similar considerations, i.e., electric power distribution?
   5. Consider the recent cases involving free speech; for example the Philadelphia Court
      striking down legislation on indecency. What can be learned from this? Was Congress
      reactive or proactive? Were legislators responding to impulse demands of a minority?
      Congress must carefully consider the implications of oiling the squeaky wheel, as this
      may lead to action without thoughtful representation.




IW Weapons
Module 6
The Lesson



Notice: Due to the sensitive nature of this section, the weapons presented are ones proposed
by open source (non-government) authors. The examples offered should only be considered
as concepts to stimulate your thoughts on "what-if' possibilities.

THIS PRESENTATION NEITHER CONFIRMS NOR DENIES THE EXISTENCE OF SUCH
WEAPONS!

The module learning objectives:

      Explain and define the types of weapons that can be used to conduct Information
       Warfare.
      To understand that each IW weapons could be used as a strategic national, theater
       strategic, operational, or tactical weapon.



IW weapons include the following:

                Malicious software               Chipping
                Back doors                       Electromagnetic pulse weapons
                Destructive microbes             Van Eck radiation
                Cryptology                       Spoofing/Authentication
                Video morphing                   Psychological operations
                Attacks on the banking system Disruption of air traffic control
                Denial of service                Stand-off and close-in sensors
                Decision support


Malicious Software

Viruses, worms, and Trojan horses, falling under the category of malicious software, are perhaps
the most frequently talked about information warfare weapons in the popular media. Although
these weapons have the potential to cause great damage, there is no clear method for effectively
targeting and controlling these weapons. Once a virus is let loose, it is just as likely to infect
friendly information systems as it is to infect enemy information systems.



Chipping

Chipping is the practice of making electronics chips vulnerable to destruction by designing in
weaknesses. For example, certain chips may be manufactured to fail upon receiving a specific
signal.Anyone using these chips could then be instantly devastated. Unfortunately,the problem
here, once again, is how to get the right people to use the affected chips.



Back Doors

Back doors are designed to defeat security protections. For example,the designers of the Clipper
encryption chip could possibly have built in a secret back door so that they can easily decode
messages encrypted with the chip.



Electromagnetic Pulse

Electromagnetic pulse weapons could be used to knock out enemy electronics equipment.
Suitcase sized devices have been developed to do just that.
Destructive Microbes

Researchers are also working on developing microbes which eat electronics components so that,
in the event of conflict, these microbes could be introduced into an adversary's electronics
equipment to cause failure.



Van Eck Radiation

Van Eck radiation is the radiation which all electronic devices emit. Specialized receivers can
pick up this radiation and tap a wealth of information. Fortunately, there are various safeguards
against this type of attack.



Cryptology

Cryptology is a weapon of information warfare designed to encrypt and crack secure
communications respectively. Despite significant advances in cryptography, cryptanalysis will
continue to be an important weapon aided by equally significant advances in computing power.



Spoofing

Spoofing is an attempt to send a falsified message to someone. For example, I could dial up a
university phone registration system pretending to be someone I have a grudge against, and drop
their classes. Since these systems are automated, all I need to know in most cases is a person's
Social Security number and birth date.



Video Morphing

Video morphing is a weapon that could be used in a manner similar to that in the movie Forrest
Gump to make an enemy leader appear to say things he or she didn't in fact say, undermining
credibility.



Psychological Operations

Psychological operations (PSYOP) using all available information means to form a desired
public perception. PSYOP benefits from the ability to conduct market research and analysis of
regional data. As a result, customized messages and be generated for each targeted sector of
society. PSYOP was very successfully in the U.S. re-instatement of Haiti's president.



Attacks on the banking system, Disruption of air traffic control, Denial of service

Various possible operations with obvious effects include knocking out telephone switches,
crashing stock markets, attacking electronic routers for rail system, attacking bank accounts,
disrupting air traffic control, and denying service with, for instance, a ping attack. Note: the
"ping attack" gets its name from old age sonar techniques. Within a network, a computer can
send systematic queries to all addresses and analyze the associated return time, very similar to
sonar. Net groups with similar times of return and be associated into a hierarchical structure.



Stand-off and close-in sensors

For military applications, the use of stand-off and close-in sensors to gather data could be
considered an information warfare weapon.



Decision support

As in any decision process the more information available the higher the probability of arriving
at a useful solution. Likewise, computer decision support is also a key weapon in information
warfare and especially in defensive information warfare. Decision support can be used to detect
attacks, identify the type of attack, generate defensive options, evaluate options, and perform
damage assessments. In a similar manner, an adversaries decision support system can be delayed,
or disrupted with erroneous data.



Summary

Information Warfare Weapons fall into three categories: Strategic National, Strategic Theater,
Operational, and Tactical. Each category has its own unique capabilities and thus requires
different safety mechanisms to prevent inadvertent release. Consider nuclear weapons. They too
can be employed to support a tactical, theater and/or strategic objective. However, nuclear
weapons must ultimately be released for use by the President and usually by recommendation of
the National Security Council. IW weaponry is very similar, but there are exceptions.

The Commander In Chief (CINC) will always implement the directions of the President. IW
weaponry supporting non-military elements of power or that fall into the category of national
strategic will all require NSC approval. However, operational control of IW weapons which
support classic C2W has been delegated to the CINC for implementation. Likewise, traditional
theater level Electronic Warfare (EW) or PSYOP that is enhanced by IW capabilities fall under
CINC authority as well.

National Strategic IW weapons, will be released by the president upon recommendation of the
NSC. For example, a computer virus that would cripple a nation's monetary system or may seize
control of international satellites must be controlled by either the President (SECDEF if authority
has been delegated). Justification: a response in-kind would have a direct impact on the
American homeland, i.e. the loss of sanctuary.

So who pulls the trigger? In general the command to launch an IW attack will at least be
reviewed by the National Security Council, possibly the President (weapon dependent), and
ordered by the CINC. One must remember that some strategic weapons will only be released on
authority of the President. Note: during the planning process the CINC will be the single person
responsible for the overall campaign and will decide his or her preferred weapons of choice, but
just as in the case of nuclear weapons, IW weaponry will require a higher lever of coordination
and authorization for release.




Loss of Sanctuary
Module 7
The Lesson


The module learning objectives:

      Understand the concept of an Information (electronic) Pearl Harbor.
      Understand loss of sanctuary.




Historical Review
                                                         What was Pearl Harbor? A strike at the
heart of America.

Why Pearl Harbor? Japan wanted to eliminate the US's ability to project power in the Pacific.

How do countries today project power?

      Politically
      Economically
      Military option removed




Another Consideration

Why are Third World nations so desperately seeking weapons of mass destruction (WMD)?

Many nations do not have the resources to maintain a powerful military force. WMDs, such as
nuclear, biological, or chemical weapons present an economically viable alternative for security.

What was wrong with Japan's WWII strategy and recent efforts by Third World nations? Pearl
Harbor ensured a response from the United States. Japan wanted to erase the U.S. Pacific
military threat. They, of course, did not accomplish that. Iran, Iraq, Libya, and others want to
reduce the effectiveness of American military influence, but they know doing so explicitly and
deliberately would result in war.
An Effective Information (electronic) Pearl Harbor

An Effective Information (electronic) Pearl Harbor So what would an effective Information Pearl
Harbor look like? Today, our critical infrastructures consist of the transportation, power, and
industrial networks. These all could be likely targets.

The U.S. may find it difficult to use military force in response to an Information Pearl Harbor-
type attack. It is difficult for the U.S. to retaliate using military action when the country did not
suffer loss of life and cannot even determine who to target.



                          Weapons Choice From a Non-US Perspective

             Force Deployed       Relative Expense              Anticipated Response
         Military deployment      Very high           In kind. US would dominate.
         Nuclear                  High                Possible in-kind. US would win.
         Chemical/biological      Medium              Definite military response. US would win.
         IW infrastructure attack Low                 US can't ID attacker. Can't retaliate.



Information Pearl Harbor Summary

   1. Many developing nations are seeking to level the field with respect to the basic elements of
      power.
   2. Most nations have started advancing their economic and political development, and thus are
      seeking to increase their international status.
   3. No nation on earth can afford to challenge the U.S. militarily. IW can level the field.
   4. The political, economic, and military reaction to an IW Pearl Harbor is an acceptable risk to an
      attacking nation.
   5. Therefore, it is reasonable to assume that the next Pearl Harbor will be against a critical aspect
      of America's infrastructure. Further, it is reasonable to suggest that this attack will be launched
      via cyberspace.




The Military Perspective
Module 8
The Lesson
The module learning objective:

       To examine Information Warfare from the military perspective.




The Military Perspective - War Fighting in the Information Age

Carl von Clausewitz reasoned that commitment to war merges from the confluence of three
characteristics or tendencies: the people, the military, and the government. He suggested that
when these three components unify around a common purpose to be achieved by force of arms,
an interactive trinity emerges that produces the national will to fight.

This suggests the following formulation:

National Will = Will of the People + Will of the Military + Will of the Government

This proposition has been supported in the emerging information age. For examples look at
Somalia and Haiti. Information had the power to break the will of the people.



The Military - Planning For Future Conflict

Our military must assume that future conflicts will be viewed real-time in the homes of every
American. War must be quick, decisive, and limit civilian casualties to few or none.

Furthermore, because of our system, the military and political leadership cannot lie or deny
access to the American press.

Does the Information Age offer any positive advances to the military?

Yes.

These include: immediate battlefield awareness, precision weapons, and most importantly, new
non-lethal weaponry. However, we must understand America's potential adversaries may have
the same capabilities. Therefore, many believe future conflicts will be waged on the information
plane.



Why Will the Military Choose Information Warfare?

Consider infrastructure as a target; power plants, communications facilities, factories, petroleum
pipelines, transportation systems (air, sea, rail). All are either currently or will soon be operated
and managed by computers. Computers that receive critical sensing and requirement changes via
the net. Therefore, by attacking or taking control of the net an adversary controls the
infrastructure.

A nation's air force may take out an air defense system using a computer virus in lieu of an iron
bomb. It's cheaper, quieter, and safer. And it is psychologically more effective!



Infrastructure

A nation's infrastructure can be exploited, disrupted, or destroyed by infiltrating the computer
networks that control such. Many ask will an army still be required to occupy a nation to impose
its will? In total war, most likely; however, in the emerging age of economic warfare occupation
can be achieved by precipitation a condition conducive to a leveraged buy-out, i.e., foreign
corporations with the assistance of their government will simply procure critical portions of an
enemy's infrastructure. As a result, ultimate control can be achieved through the corporate board
room.

Remember, the trinity concept offered by Clausewitz: a nation's will is a combination of the
people's, military's, and government's will. The people will as always desire a non-military
solution to challenges of national interest. The information age offers many non-military options
for exerting national will.

IW offers a new peace time application of warfare. A new type of infrastructure attack focused
against a nation's political, economic, and social infrastructure.



Economic Warfare - Taking Away a Nation's Ability to Produce and Trade for Needed
Commodities

An old quote:

The greatest happiness is to vanquish your enemies, to chase them before you rob them of their wealth,
to see those dear to them bathed in tears, to clasp to your bosom their wives and daughters. Genghis
Khan

Today, translated by America's competitors:

The greatest happiness is to crush your American competitor, to chase them before you, to rob them of
their market share, to clasp to your income statement their former sales revenues, and to hear the
lamentations of their stockholders. Asian Strategy
The Military Perspectives of Information Warfare

You can examine each service's perspective on IW:

      Army
      Air Force
      Navy




Recommendations
Module 9
The Lesson


The module learning objective:

      To examine recommendations for a national policy on Information Warfare.




Directions

Congress is being pulled in all directions by these groups:

      Supreme Court
      Industry
      Individual citizens
      Defense
      Foreign interests
      Law enforcement
      Special interest groups

Although a political solution has not been identified, it does exist. The path toward the answer
can be significantly narrowed. The historical evolution of our constitutional rights provides the
reliable road map. Our country's Constitution, legislative enactment, executive orders, and
Supreme Court rulings form the boundaries within which future policies.

Congressional leaders will be challenged to set upon the path to deriving legislation that secures
our nation's critical infrastructures. In doing so our nation's leaders will have to pay close
attention to the following influences. Otherwise, the legislative process will become bogged
down in debate or litigation and much needed legislation will ultimately be delayed.

       First, fourth and fourteenth amendments
       Individual citizens
       Special interest groups
       Law enforcement
       Defense
       Lochner lesson
       Industry
       Foreign interests
       Supreme Court rulings




Finding the Path

Finding the path consists of:

   1.   Identifying the problem (threat) and opportunity.
   2.   Determining a process (committee structure).
   3.   Gathering information (who has interest and what are those interests?).
   4.   Forming a strategy (review of draft legislation).
   5.   Implementing the strategy.




The Next Step

The IW threat has been identified and the process of reporting such is on-going. The next step,
Determining a Process, has been done by the formation of a presidential bipartisan committee
(commission) on securing our Nation's critical infrastructures.

This committee will focus on protecting those infrastructures critical to national defense and
preserving the American way of life; however, in doing so issues that resonate at the core of each
American's individual right to freedom will have to be considered. Groups which support various
positions during these debates will have to carefully formulate their strategy to insure that the
needs of their constituents are addressed.



What is the Problem (an example in problem solving)?

This may sound elementary, but one of the most difficult aspects of problem solving is correctly
identifying the problem, or determining what really needs to be fixed. Interestingly, the threat of
an informational attack itself is not the central issue. Depending upon the specific target
infrastructure the central issue may be one of several: knowing the event has occurred,
motivations of the attackers, the loss of service, or the attacker's ultimate goal (which could be
the second or third order effect).

The following example is offered as a mental exercise to help illustrate that identifying the
central issue is not always easy and that often solutions are sought that do not solve the actual
problem.

The Scenario

The setting is a college class room.

On the first day of a freshman engineering class thirty students have filled the room, confident
that they have the ability to become world-class engineers. The instructor introduces himself and
displays the following sign for the student's consideration:




The instructor asked two questions, with the first being What is the problem? After about twenty
minutes, the students were ready to present their analysis. The students finally decided that the
following was the problem: the bridge freezes before the road surface.

The second question was, What is the best solution? There was little consensus. The students
devised clever solutions to the problem. Here are some of their creative solutions:

      An automatic salt dispenser that operates during freezing conditions.
      Keep bridges dry with an inexpensive covering.
      Heat the bridge during the winter months.

The Result

So, two questions were asked: What is the problem? and What is the solution? Obviously, the
students did not get either question correct. As the students continued to work on this
assignment, the voice of a young lady emerged from the back of the room.

The sign is the solution, she said.

The instructor then asked, What is the problem?

She replied that the problem is not the bridge freezing. It is the fact that a driver who is not
paying attention and traveling on a surface with good traction suddenly reaches an area where
the road surface is icy. The problem is the unsuspecting driver, not the freezing bridge.

Therefore, the sign is the solution as it makes the driver aware of a potential hazard. She was
right!



Example Summary

The example was given to illustrate how easy it is to arrive at a solution to the wrong problem
and miss the issue. Look at the recent Indecency Law passed by Congress and struck down by a
Philadelphia Court as unconstitutional. The law sought to stop the posting of pornographers from
being accessed by minors via the Internet. Did the engineers of this legislation lose focus of the
real problem? As a young person, did you ever see pornography? Is the material the problem, its
mode of publication, or its manufacturer?

As our nation enters the age of information many different issues will come into play: privacy,
free speech, law enforcement, etc. Our congressional leaders (more importantly their staff
members performing the analyses) will have to remain constantly aware that it is easy to diverge
from the core issue, which is the national security threat posed by IW. The IW threat will raise
many issues for congressional review. Not all of these issues deal with national security.
Congress and executive agencies must continue to keep the national debate focused upon
securing America. Only then can our nation adequately deal with the more social aspects of the
emerging information age.

Here is a recommended rule of thumb. If you are suggesting a solution ask yourself, Why would
I want to do that? Continue asking yourself until you arrive at a basic, repeating conclusion.
Considering our students in the example and their initial solutions. Would they have come to
closure more quickly had they asked the simple question, why? Would Congress have passed the
recent Indecency Law had they done the same?




Summary and Conclusions
Module 10
The Lesson


The module learning objective:

      To summarize and draw conclusions from the previous lessons.
Module 1 Summary - How Did We Get Here?

   1. The Internet was born from a DoD requirement for a survivable communications system. As a
      result the Global Information Infrastructure (GII) which utilizes the Internet protocol is evolving
      into a robust information sphere where individuals are discovering a political and social freedom
      never before available. There is an evolving new indestructible cyberspace where individuals are
      free from race, color, age, or sexual bias; only one's ideas matter. Our planet is undergoing an
      information revolution. Module 1 illustrates what many call the nuclear model. This reference
      suggest that just as the threat of nuclear war forced America to develop new national policy
      focused on defending America from a new threat, so does the emergence of an Information
      Warfare threat establish a need for an Information Civil Defense. Such an IW Civil Defense
      would consolidate national policy to protect America's critical infrastructures (communications,
      power, financial, transportation) from attacks launched via the net.
   2. A comparison between now and then: The Internet concept (ARPANET) was born from a Cold
      War requirement when the United States government leveraged over 90% of all
      telecommunications research. As a result, the Internet protocol (TCP/IP) was accepted by
      industry and academia. Today, the Internet offers a viable market place rich for corporate and
      public investment. With the end of the Cold War, the United States government now
      contributes less than 10% of telecommunications research funds.
   3. Once capable of supporting an independent communications network, the Department of
      Defense enjoyed the security of a dedicated and redundant network. However, faced with
      diminishing defense budgets and a rapidly expanding commercial telecommunications
      infrastructure, DoD is now economically forced to rely on the Public Switched Network, a
      network that has been demonstrated to be vulnerable to information attack. For the first time in
      history, DoD is critically dependent upon an infrastructure that it does not control or influence.
      This begs the question, "Who will be responsible for securing America's critical infrastructures?"
      And for the first time, DoD and the intelligence community must grapple with the concept of
      leading from behind, where contributions to the national debate are to provide accurate, sound
      advice on what constitutes the Threat, and which entities are positioning themselves to take
      advantage of America's critical infrastructures.




Module 2 Summary - The Threat

   1. Why is Information Warfare a threat? IW levels the international playing field (political,
      economic, and military), i.e., most nations cannot challenge American policy using traditional
      force-on-force. Information Warfare is very cost effective, and offers a non-attribution capability
      that can be completely hidden during development and deployment. Finally, the United States,
      whose policy is often the target of attack by emerging or rogue states, is the most vulnerable to
      IW.
   2. DoD analysis suggests that when 95% of government networks were subjected to informational
      attacks, less then 5% were detected. Further, of the 5% detected, very few are successful in
      closing the hole to future attacks.
   3. The groups posing the threat to America's critical infrastructure are:
                                Threat                                 Threat Level
        Individual Hackers                                      Low lever threat (nuisance)
        Coordinated hacking (Instructor/tutor)                  Low/Med level of threat
        Funded, coordinated (focused, employed)                 High level
        State sponsored, focused (Intel provided, spec tasking) Extremely High

   4.
        A new management philosophy is needed.
   5. Old Business - New Focus (Spies of the 21st century). As security products become available to
      the public and commercial sector the focus of international espionage will be redirected from
      the individual with access to desired information toward the network system administrator. Just
      as any industry seeks the most bang for the buck, so will foreign case officers seek to target the
      system administrators of key computer systems. This threat transcends the traditional focus and
      will expose virtually every aspect of American society. In the past corporations needed only to
      enforce strict security upon those facilities handling classified government material. The spies of
      tomorrow will target institutions such as banking (ATM, investment), transportation (Federal
      Express, UPS, rail, trucking) and industry (chemical, power, computer, etc.).
   6. The new business of spying. As the world enters the information age, international economic
      competition will become more fierce. Nations will set as a national priority the goal of acquiring
      America's customer base. Industrial espionage will escalate into industrial sabotage. For
      example, a foreign power may recruit a critical software or hardware engineer in an effort to
      implant destructive code that can be remotely triggered. The focus of such an attack may be as
      simple as to force a general product recall, and the timing of the execution could coincide with a
      critically weak period for the company. Thus a simple failure that forces a product recall may
      precipitate a disastrous fall of stock prices and takeover of the company. (Industry will need to
      re-think its current security practices and be more aware of the threat posed by grieving and/or
      disgruntled employees)




Module 3 Summary - DoD Roles and Missions

   1. America's military is in the process of aligning itself as the Cold War threat diminishes.
      Tomorrow's military will continue to stand ready to defend America if faced with the traditional
      two major regional conflicts scenario; however, it will be forced to do so with fewer resources.
      Economizing will be sought through advanced Command and Control Warfare. Further,
      America's military will be more likely to operate with a global reach utilizing new strategic
      offensive information warfare. Tomorrow's military will prepare the theater of conflict by seizing
      control of all critical infrastructures utilized by the enemy. Tomorrow's enemy will only be able
      to communicate, finance, or logistically relocate that which our leadership allows. Our adversary
      will be blinded by a complete cyberfog of war.
   2. Just as these new weapons for peace are being developed, so are the controlling mechanisms.
      Currently the Joint Chiefs of Staff has both an offensive and defensive group addressing these
      very issues. Mechanisms are currently in place and being honed to ensure that each new
      strategic weapon is controlled within the required authority for release.
   3. From the defensive perspective, DoD is currently inhibited as its mandated authority prohibits
        involvement in securing the public and corporate sector of America's critical infrastructure. This
        offers the greatest challenge to future military leaders, as they have little influence in securing a
        vulnerable America which is open to an Information Pearl Harbor. Just as America pulled
        together a nation threatened by a cold war, our nation's leaders must define America's
        Information (infrastructure) Civil Defense.




Module 4 Summary - Information Assurance

To expand the DoD perspective of securing America from groups that wish to influence U.S.
policy throughout infrastructure attacks, our nation's leadership, both political and industrial,
must define a process by which America can be secured. The National Information Infrastructure
will be used by tomorrow's enemies to gain access and attempt to control or influence our
nation's critical infrastructures. Policy makers will be faced with the challenge of respecting and
balancing the basic rights of Americans. For example, a balance between the right to privacy vs.
law enforcement represents one of many issues which will be hotly debated. However, there is
one positive aspect; the threat posed to America's infrastructure via IW attacks is by its nature
non-partisan. The threat is real and is focused against all of America. As a result, our political
leaders will come to closure on this issue much more quickly. This contrasts sharply with the
health care debates of the early 90's which ended with few positive results.

The key to Information Infrastructure security is clearly defined by our forefathers:

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their
Creator with certain unalienable Rights, that among these are Life, Liberty, and the pursuit of Happiness.
That to secure these rights, Governments are instituted among Men, deriving their just powers from the
consent of the governed. That whenever any Form of Government becomes destructive of these ends, it
is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation
on such principles and organizing its powers in such form, as to them shall seem most likely to effect
their Safety and Happiness.

Our forefathers believed that individual rights were granted by God and secured by government.
Our nation's leaders will be challenged to find the right balance - this represents the heart of the
debate in securing America.



Module 5 Summary - The Political Quagmire

The focus for change must come from Congress. The issues associated with defending America
in the age of information can only be equitably debated through this branch of government. This
is not to suggest that the President and the Judicial branch will not play a major role; they will...
Congress will have to take the lead in forging new policy as our nation enters the 21st century.

Role of the President: Lead from behind by directing the Executive branch departments and
agencies to provide critical information (data) for use by Congress, Industry, and the public in
forming the national debate. The Executive branch must provide a clear representation of the
Threat that IW poses to our nation's infrastructure. Further, the President must ensure that any
technical skills and associated knowledge resident in the U.S. Government is available to
industry and Congress for their use in formulating national information policy.

Role of the Supreme Court: The Supreme Court will, as it has in the past, ensure that legislated
policy does not encroach on the rights of Americans. Just as the Supreme Court played a major
role in interpreting legislation as America entered the Industrial Revolution, it will do so for the
Information Revolution. However, history has shown that such interpretations are molded over
time as society's needs and perspectives change. For example, the balance between economic
rights and the needs of business.

Role of industry: Corporate America will be called upon to provide a realistic view of industry's
security needs. This view is currently not possible as most of corporate America is either fearful
of disclosing the extent of the threat, or is unaware of the intentions of its adversaries. To remedy
this, the President must commit America's intelligence community to directly providing relevant
indications and warnings to industry. Congress must engineer a policy where industry is required
to report the number and nature of IW attacks against its infrastructures. Such disclosures by
industry must be protected to guard against erosion of the public confidence. Today many
nations desire U.S. military products, tomorrow they will want American security products that
protect critical infrastructure. If our nation's policy makers pass legislation that encourages the
will of American industry, the "Made in America" label will appear on security systems world
wide.

Role of the individual: The Internet is growing exponentially. Within it there are many
references to the sanctuary of cyberspace. There have been declarations of cyber-independence
and calls for a hands-off by governments. People of the world are experiencing for the first time
what Americans have taken for granted: Freedom of Speech. The ability to publicly voice one's
opinion is bringing a passion to the Internet that is indescribable. Non-Americans are naturally
hesitant to embrace any government association with the Internet. However it must be
remembered that it was America, specifically the U.S. Department of Defense, that made the
Internet possible. According to the Declaration of Independence, America's government is
formed by its people to protect the rights granted by the Creator. This brings us to one of the
most fundamental arguments of society (State): when do the rights of the many outweigh the
rights of the few? This issue has been argued since the dawn of logical thought. Our policy
makers (Congress and the President) must receive a balanced view from their constituents. Often
our nation has applied the oil only to the squeaky wheel. The Congress must initiate public
community debates to help bring the message to Washington. When called individuals must
educate themselves to the issues and voice their opinion.

Lessons from the Past

Look to our nation's transition during times of great change, e.g., the industrial revolution, the
Great Depression, and the nuclear threat (Cold War). During each period the concept of free
enterprise provided the technical means to a solution. Likewise, each transition, required a new
assessment of the balance of rights. Looking more recently to the second half of the 20th century,
it can again be illustrated that free enterprise enabled America to become the global leader in
technology. The voices of our forefathers offer guidance; if only we would listen.

Specific Lessons from History

    1. Legislative actions have historically supported economic and industrial growth.
    2. The mean trend of U.S. Courts has been to lean toward the rights of the individual. The right to
       privacy has and will continue to be at the center of such debates.
    3. The technical solutions to all of America's needs have come from the industrial sector. History
       has shown that with the encouraging government policy the pace of development can be greatly
       accelerated, e.g., America's race for the moon in the 1960's.
    4. Look to the benefits of AT&T's divestiture. What other aspects of America's critical
       infrastructure could benefit from similar considerations, i.e., electric power distribution?
    5. Consider the recent cases involving free speech; for example the Philadelphia Court striking
       down legislation on indecency. What can be learned from this? Was Congress reactive or
       proactive? Were legislators responding to impulse demands of a minority? Congress must
       carefully consider the implications of oiling the squeaky wheel, as this may lead to action
       without thoughtful representation.




Module 6 Summary - IW Weapons

Information Warfare Weapons fall into three categories: Strategic, Theater, and Tactical. Each
category has its own unique capabilities and thus requires different safety mechanisms to prevent
inadvertent release. Consider nuclear weapons. They too can be employed to support a tactical,
theater and/or strategic objective. However, nuclear weapons must ultimately be released for use
by the President and usually by recommendation of the National Security Council. IW weaponry
is very similar, but there are exceptions.

The Commander In Chief (CINC) will always implement the directions of the President. In such
a capacity certain IW weapons can be left to the discretion of the CINC for implementation.
Likewise, traditional theater level Electronic Warfare (EW) or PSYOP that is enhanced by IW
capabilities fall under CINC authority.

Strategic IW weapons however, will most likely be reserved for release by the highest level. For
example, a computer virus that would cripple a nation's monetary system or may seize control of
international satellites must be controlled by either the President (SECDEF if authority has been
delegated). Justification: a response in-kind would have a direct impact on the American
homeland, i.e., the loss of sanctuary.

So who pulls the trigger? In general the command to launch an IW attack will at least be
reviewed by the National Security Council, possibly the President (weapon dependent), and
ordered by the CINC. One must remember that some strategic weapons will only be released on
authority of the President. Note: during the planning process the CINC will be the single person
responsible for the overall campaign and will decide his or her weapons of choice, but just as in
the case of nuclear weapons, IW weaponry will require a higher lever of coordination and
authorization for release.



Module 7 Summary - Loss of Sanctuary

America has the strongest, most capable military in the world. This fact challenges many nation's
objectives which conflict with American policy. No nation has the capability to challenge the
United States using traditional force-on-force. Further, the acquisition of weapons of mass
destruction by such nations is also considered futile, as America's response would be direct and
massive. This leaves many developing nations with few options in countering America's military
force. That was until the introduction of Information Warfare.

Many nations in competition with the United States, either in the political or economic realm, are
actively developing IW capabilities. They hope to use these capabilities to gain an industrial
edge by stealing U.S. industrial secrets, and when possible disrupt America's industrial base.

America possesses many infrastructures: power, transportation, economic. But there are others
not normally considered. Our nation possesses a knowledge infrastructure where critical
scientific information is freely shared between academia, government, and industry. This
infrastructure, like others, is open to attack by IW weapons.

America has typically enjoyed a protected sanctuary provided by the two great oceans. Not until
Pearl Harbor and the subsequent nuclear threat did America become aware of it's loss of
sanctuary. With the fall of the Iron Curtain and the end of the Cold War, Americans have
returned to believing in a new protected sanctuary. This is far from the truth. Daily, America's
critical infrastructures are being probed and investigated by foreign powers. Our nation's
industries currently lack the capability to adequately detect the implantation of IW weapons into
our infrastructure.

Many nations are looking for ways to attack our financial networks to gain economic advantage.
Likewise our industrial base is under attack. Cyberspace has no geographic boundaries. Nations
are contracting the efforts of cyber-terrorists to maintain non-attribution. It is possible that some
nations we traditionally consider allies and friendly are set on a path of economically and
industrially conquering America.

America's sanctuary has been lost. Our nation is under a quiet, sometimes organized attack by
many forces whose goal is to topple America's global position.



Module 8 Summary - The Military Perspective

The military perspective on the beta version of this tutorial was composed from various
unclassified briefings and presentations. Each service has been distributed the beta version with
the intent of providing input into the final version due in October 1996. As you explore the
military perspective please remember that military offensive aspects of IW cannot be discussed
openly. Nonetheless these efforts are ongoing!

Just as America's military transitioned into the industrial age and adopted the concept of
mechanized war, so will it adapt to warfare in the information age. That said, the transition will
not be easy. Just as military leaders resisted accepting a mechanized calvary and concept of an
Air Force there will be great hesitation to adopt IW. By its nature any military must adhere to
tradition and order. How else can a person be commanded into combat? But tradition typically
stalls advancement of new technologies. America's military will become tomorrow's information
warriors, and when future military leaders look to this period they will again wonder why
acceptance of such an natural concept was hard to comprehend.

The Army has and will always command the ground aspect of warfare. The information
revolution will provide a battlefield (situational) awareness unimaginable today. The fog of war
will be greatly reduced if not totally eliminated. Likewise, offensive IW will render our nation's
enemies dispersed and informationally isolated. The enemy's fog will be extended to a complete
blindness. All aspects of today's Army will be enhanced by the information revolution.

The Navy and Marine Corps will continue to control the seas and provide the heavy strategic
reach capability America now enjoys. Global sensory networks will ensure the Navy has the
capability to track any form of naval enemy on a global basis. New information technologies will
extend the track and reaction time of many naval weaponry for both hard and soft kills.

The Air Force and its command of the skies will continue. Tomorrow's air defense weaponry and
electronic warfare will be unrecognizable to today's military leaders. The ability to precisely
strike a hostile nation's command and control, air defense, or critical infrastructures will be just a
push-button away. If a hard kill is required, the enhancement of IW will ensure the safety of our
service personal and reduce the amount of physical force necessary. Precision strike will place
munitions on a target in ways now considered impossible.



Module 9 Summary - Recommendations

The nation is ready to debate the issue of Information Warfare and begin to decide that delicate
balance between protecting the individual rights and national security. For the past three years
we have come a long way. First the term Information Warfare was discussed, i.e., what does it
mean. Then groups began to discuss organization structure and identify needed policy. Today,
insiders understand IW and its threat to America's infrastructure. It is now time to mode the
debate to the people and industry and answer the question, how do we protect America's Critical
Infrastructure form Information Warfare.

The following Executive Order was issues by President Clinton on July 15, 1996. It focuses the
necessary ingredients for the national debate:
WASHINGTON, July 15, 1996

Executive Order

Certain national infrastructures are so vital that their incapacity or
destruction would have a debilitating impact on the defense or economic
security of the United States.

These critical infrastructures include

 telecommunications,
 electrical power systems,
 gas and oil storage and transportation,
 banking and finance,
 transportation,
 water supply systems,
 emergency services (including medical, police, fire, and rescue), and
 continuity of government.


Threats to these critical infrastructures fall into two categories:

1. physical threats to tangible property ("physical threats"),

2. and threats of electronic, radio-frequency, or computer-based attacks
on the information or communications components that control critical
infrastructures ("cyber threats").

Because many of these critical infrastructures are owned and operated by
the private sector, it is essential that the government and private
sector work together to develop a strategy for protecting them and
assuring their continued operation.

     NOW, THEREFORE, by the authority vested in me as President by the
Constitution and the laws of the United States of America, it is hereby
ordered as follows:

Section 1. Establishment. There is hereby established the President's
Commission on Critical Infrastructure Protection ("Commission").

        (a) Chair. A qualified individual from outside the Federal
Government shall be appointed by the President to serve as Chair of the
Commission. The Commission Chair shall be employed on a full-time basis.

        (b) Members. The head of each of the following executive branch
departments and agencies shall nominate not more than two full-time
members of the Commission:

        (i)       Department of the Treasury;
        (ii)      Department of Justice;
        (iii)     Department of Defense;
        (iv)      Department of Commerce;
        (v)       Department of Transportation;
        (vi)      Department of Energy;
        (vii)     Central Intelligence Agency;
        (viii)    Federal Emergency Management Agency;
        (ix)    Federal Bureau of Investigation;
        (x)     National Security Agency.

One of the nominees of each agency may be an individual from outside the
Federal Government who shall be employed by the agency on a full-time
basis. Each nominee must be approved by the Steering Committee.

Sec. 2. The Principals Committee. The Commission shall report to the
President through a Principals Committee ("Principals Committee"), which
shall review any reports or recommendations before submission to the
President. The Principals Committee shall comprise the:

        (i)     Secretary of the Treasury;
        (ii)    Secretary of Defense;
        (iii)   Attorney General;
        (iv)    Secretary of Commerce;
        (v)     Secretary of Transportation;
        (vi)   Secretary of Energy;
        (vii)   Director of Central Intelligence;
        (viii) Director of the Office of Management and Budget;
        (ix)    Director of the Federal Emergency Management
                Agency;
        (x)     Assistant to the President for National
                Security Affairs;
        (xi)    Assistant to the Vice President for National
                Security Affairs.

Sec. 3. The Steering Committee of the President's Commission on
Critical Infrastructure Protection. A Steering Committee ("Steering
Committee") shall oversee the work of the Commission on behalf of the
Principals Committee. The Steering Committee shall comprise four
members appointed by the President. One of the members shall be the
Chair of the Commission and one shall be an employee of the Executive
Office of the President. The Steering Committee will receive regular
reports on the progress of the Commission's work and approve the
submission of reports to the Principals Committee.

Sec. 4. Mission. The Commission shall:

        (a) within 30 days of this order, produce a statement of its
mission objectives, which will elaborate the general objectives set
forth in this order, and a detailed schedule for addressing each mission
objective, for approval by the Steering Committee;

        (b) identify and consult with: (i) elements of the public and
private sectors that conduct, support, or contribute to infrastructure
assurance; (ii) owners and operators of the critical infrastructures;
and (iii) other elements of the public and private sectors, including
the Congress, that have an interest in critical infrastructure assurance
issues and that may have differing perspectives on these issues;

        (c) assess the scope and nature of the vulnerabilities of, and
threats to, critical infrastructures;

        (d) determine what legal and policy issues are raised by efforts
to protect critical infrastructures and assess how these issues should
be addressed;

        (e) recommend a comprehensive national policy and implementation
strategy for protecting critical infrastructures from physical and cyber
threats and assuring their continued operation;

        (f) propose any statutory or regulatory changes necessary to
effect its recommendations; and

        (g) produce reports and recommendations to the Steering
Committee as they become available; it shall not limit itself to
producing one final report.

Sec. 5. Advisory Committee to the President's Commission on Critical
Infrastructure Protection.

        (a) The Commission shall receive advice from an advisory
committee ("Advisory Committee") composed of no more than ten
individuals appointed by the President from the private sector who are
knowledgeable about critical infrastructures. The Advisory Committee
shall advise the Commission on the subjects of the Commission's mission
in whatever manner the Advisory Committee, the Commission Chair, and the
Steering Committee deem appropriate.

        (b) A Chair shall be designated by the President from among the
members of the Advisory Committee.

        (c) The Advisory Committee shall be established in compliance
with the Federal Advisory Committee Act, as amended (5 U.S.C. App.).
The Department of Defense shall perform the functions of the President
under the Federal Advisory Committee Act for the Advisory Committee,
except that of reporting to the Congress, in accordance with the
guidelines and procedures established by the Administrator of General
Services.

Sec. 6. Administration.

        (a) All executive departments and agencies shall cooperate with
the Commission and provide such assistance, information, and advice to
the Commission as it may request, to the extent permitted by law.

        (b) The Commission and the Advisory Committee may hold open and
closed hearings, conduct inquiries, and establish subcommittees, as
necessary.

        (c) Members of the Advisory Committee shall serve without
compensation for their work on the Advisory Committee. While engaged in
the work of the Advisory Committee, members may be allowed travel
expenses, including per diem in lieu of subsistence, as authorized by law
for persons serving intermittently in the government service.

        (d) To the extent permitted by law, and subject to the
availability of appropriations, the Department of Defense shall provide
the Commission and the Advisory Committee with administrative services,
staff, other support services, and such funds as may be necessary for
the performance of its functions and shall reimburse the executive
branch components that provide representatives to the Commission for the
compensation of those representatives.

        (e) In order to augment the expertise of the Commission, the
Department of Defense may, at the Commission's request, contract for the
services of nongovernmental consultants who may prepare analyses,
reports, background papers, and other materials for consideration by the
Commission. In addition, at the Commission's request, executive
departments and agencies shall request that existing Federal advisory
committees consider and provide advice on issues of critical
infrastructure protection, to the extent permitted by law.

        (f) The Commission, the Principals Committee, the Steering
Committee, and the Advisory Committee shall terminate 1 year from the
date of this order, unless extended by the President prior to that date.

Sec. 7.    Interim Coordinating Mission.

        (a) While the Commission is conducting its analysis and until
the President has an opportunity to consider and act on its
recommendations, there is a need to increase    coordination of existing
infrastructure protection efforts in order to better address, and
prevent, crises that would have a debilitating regional or national
impact. There is hereby established an Infrastructure Protection Task
Force ("IPTF") within the Department of Justice, chaired by the Federal
Bureau of Investigation, to undertake this interim coordinating mission.

        (b) The IPTF will not supplant any existing programs or
organizations.

          (c) The Steering Committee shall oversee the work of the IPTF.

        (d) The IPTF shall include at least one full-time member each
from the Federal Bureau of Investigation, the Department of Defense, and
the National Security Agency. It shall also receive part-time
assistance from other executive branch departments and agencies. Members
shall be designated by their departments or agencies on the basis of
their expertise in the protection of critical   infrastructures. IPTF
members' compensation shall be paid by their parent agency or
department.

        (e) The IPTF's function is to identify and coordinate existing
expertise, inside and outside of the Federal Government, to:

                (i) provide, or facilitate and coordinate the provision
of, expert guidance to critical infrastructures to detect, prevent,
halt, or confine an attack and to recover and restore service;

                (ii) issue threat and warning notices in the event
advance information is obtained about a threat;

                 (iii) provide training and education on methods of
reducing vulnerabilities and responding to attacks on critical
infrastructures;

                  (iv) conduct after-action analysis to determine possible
future threats, targets, or methods of attack; and

                (v) coordinate with the pertinent law enforcement
authorities during or after an attack to facilitate any resulting
criminal investigation.

        (f) All executive departments and agencies shall cooperate with
the IPTF and provide such assistance, information, and advice as the
IPTF may request, to the extent permitted by law.

        (g) All executive departments and agencies shall share with the
IPTF information about threats and warning of attacks, and about actual
attacks on critical infrastructures, to the extent permitted by law.

        (h) The IPTF shall terminate no later than 180 days after the
termination of the Commission, unless extended by the President prior to
that date.

   Sec. 8.     General.

        (a) This order is not intended to change any existing statutes
or Executive orders.

        (b) This order is not intended to create any right, benefit,
trust, or responsibility, substantive or procedural, enforceable at law
or equity by a party against the United States, its agencies, its
officers, or any person.

WILLIAM J. CLINTON        THE WHITE HOUSE, July 15, 1996.




References

The following list of references are from an excellent paper written by Daniel E. Magsig titled
Information Warfare: In the Information Age. Thanks to Daniel for all the effort in compiling
this list with abstracts:

[1] Alberts, David S., and Richard E. Haynes. "Information Warfare
Workshop: Decision Support Working Group Report." First International
Symposium on Command and Control Research and Technology (June 1995):
569-76.

Discusses information warfare decision support, and offensive and defensive
information warfare issues. Highlights pervasive nature of information
warfare. Recommends one consistent, widely disseminated policy on
information warfare, full integration of information warfare into military
operations, emphasis on defensive information warfare, and attention to
psychological and coalition warfare issues.
[2] Alberts, David S., and Richard E. Haynes. "The Realm of Information
Dominance: Beyond Information War." First International Symposium on
Command and Control Research and Technology (June 1995): 560-65.

Examines the concept of information dominance. Suggests a data,
information, understanding, knowledge, and wisdom typology of information.
Defines information space across arenas, levels, and natures of interaction
between entities. Highlights danger of focusing too narrowly on commonly
discussed elements of information warfare.


[3] Arquilla, John, and David Ronfeldt. "Cyberwar is Coming!" Comparative
Strategy 12 (April-June 1993): 141-65.

Classic paper introduces terms "cyberwar" and "netwar". Argues mass and
mobility will no longer decide the outcome of conflict. Instead,
decentralized, networked forces with superior command, control, and
information systems will disperse the fog of war while enshrouding the
enemy in it. Provides excellent example of twelfth and thirteenth century
Mongol armies successfully employing such doctrine.


[4] Arquilla, John. "The Strategic Implications of Information Dominance."
Strategic Review (Summer 1994): 24-30.

Focuses on the importance of information dominance over traditional
attritional and maneuver techniques. Introduces control warfare and
advocates a systems approach to identifying and attacking an adversary's
"center of gravity". Identifies the links between systemic elements as key
targets.


[5] Campen, Alan D., ed. The First Information War: The Story of
Communications, Computers, and Intelligence Systems in the Persian Gulf
War. (Fairfax, VA: AFCEA International Press, 1992.)

Often cited reference on the role of information, communications, command,
control, and electronic warfare in the Persian Gulf War.


[6] Campen, Alan D. "Information Warfare is Rife with Promise, Peril."
Signal 48 (November 1993): 19-20.

Argues military leaders must understand the nature of change in warfare
inherent in information based warfare. The right changes will act as
effective force multipliers. The wrong changes, or failure to change, will
leave the United States dangerously exposed. Discusses specific military
issues.


[7] Campen, Alan D. "Vulnerability of Info Systems Demands Immediate
Action: Reliance by Military on Commercial Communications Infrastructure
Poses Significant Peril to United States." National Defense (November
1995): 26-7.

Focuses on military reliance on commercial communications and market driven
security policy. Argues for stronger government role in assuring the
security of the National Information Infrastructure.


[8] Clausewitz, Carl von. On War. (New York: Viking Penguin, 1988.)

Classic text on warfare that has dominated military thinking for over a
century. Clausewitz regards information as generally unreliable in war.
This can be explained by his focus on operational and tactical level
issues, and his pre-Industrial Age frame of reference. Unfortunately,
Clausewitz so dominates military thinking that his bias against information
and intelligence has in some cases undermined acceptance of the precepts
information warfare.


[9] Dubik, James M., and Gordon R. Sullivan. "War in the Information Age."
AUSA Institute of Land Warfare, Landpower Essay Series 94-4 (May 1994): 16
pages.

Parallels the changes needed in today's Information Age military with the
changes that were necessary in the Industrial Age military at the turn of
the century. Specifically, the network as the model replaces the machine as
the model; near-simultaneous, continuous, short-run production replaces
paced, sequential, continuous, long run production; and, mass-customized
products, precisely targeted, with near-instantaneous distribution replaces
mass output.


[10] Franks, Frederick M., Jr. "Winning the Information War" Vital Speeches
of the Day 60 (May 15, 1994): 453-8.

Discusses the shift from hierarchical organizations to networked
organizations necessary in information based warfare. Traces the evolution
of command, control, communications, and intelligence through major wars.
Emphasizes the need for rapid, reliable sharing of information across units
and at different levels instead of traditional stove-piped intelligence
activities.


[11] Grier, Peter. "Information Warfare." Air Force Magazine (March 1995):
34-7.

Provides overview of information warfare from the U.S. military
perspective. Pulls together information from many sources highlighting key
topics.


[12] Handel, Michael I. Sun Tzu and Clausewitz Compared. (Carlisle
Barracks, Pennsylvania: U.S. Army War College, 1991.)

Compares the two most highly regarded classic texts on warfare. Section on
deception, surprise, intelligence, and command and control speaks to issues
related to information warfare.


[13] Jensen, Owen E. "Information Warfare: Principles of Third-Wave War."
Airpower Journal (Winter 1994): 35-43.

Summarizes War and Anti-War [31] and proposes eight principles of
information warfare grouped into four categories summarized as: "(1)
thicken the fog of war for our enemy, (2) lift the fog of war for ourselves
to create a transparent battlefield, (3) ensure that our enemies can't turn
these tables on us, and (4) always fight the information war with full
intensity."


[14] Johnson, Stuart E., and Martin C. Libicki, eds. Dominant Battlespace
Knowledge: The Winning Edge. (Washington, D.C.: National Defense University
Press, 1995.)

Introduces the concept of dominant battlespace knowledge which is the
ability to collect real-time battlefield information, understand that
information, and turn that knowledge into a decisive battlespace advantage.
Discusses necessary doctrinal changes.


[15] Lawrence, R. E., and A. J. Ross. "Equities: Dissemination vs.
Protection: Information Warfare Workshop Results." First International
Symposium on Command and Control Research and Technology (June 1995):
566-8.

Recommends action to raise public awareness of the threat of information
warfare. Recognizes vulnerabilities to national information infrastructure.
Argues information needs to be shared instead of overprotected, on the
premise that some adversaries, notably hackers, have achieved their
relative effectiveness largely through the practice of information sharing.


[16] Libicki, Martin C. What is Information Warfare? (Washington, D.C.:
National Defense University Press, 1995.)

Proposes seven distinct forms of information warfare: command and control
warfare, intelligence based warfare, electronic warfare, psychological
warfare, "hacker" warfare, economic information warfare, and cyberwarfare.
Posits that the concept of information dominance is hollow.


[17] Libicki, Martin C. The Mesh and the Net: Speculations on Armed
Conflict in a Time of Free Silicon. (Washington, D.C.: National Defense
University Press, 1995.)

Analyzes the "revolution in information technology." Argues that technology
begets doctrine and doctrine begets organization, implying a possible need
for organizational changes in the military. Examines a proposed
"Information Corps".


[18] Libicki, Martin C., and James A. Hazlett. "Do We Need an Information
Corps?" Joint Forces Quarterly 1 (Autumn 1993): 88-97.

Examines the debate as to whether a separate Information Corps should be
created. The benefits would be common doctrine, inherent standardization,
and increased innovation. The downside would be a lack of integration with
other forces.


[19] Libicki, Martin C. "Dominant Battlefield Awareness and its
Consequences." First International Symposium on Command and Control
Research and Technology (June 1995): 550-9.

Introduces the concept of dominant battlefield awareness. Predicts the
ability to achieve perfect knowledge of a 200 mile square battlefield by
the year 2008. Discusses the technological requirements for achieving
dominant battlefield awareness. Examines the pros and cons of related
issues.


[20] Lucky, Robert W. Silicon Dreams: Information, Man, and Machine. (New
York, NY: St. Martin's Press, 1989.)

Discusses in layman's terms the concept of information, information theory,
and information processing. Provides even coverage of philosophical and
technical issues. Touches on almost every important aspect of information.


[21] Mann, Edward. "Desert Storm: The First Information War?" Airpower
Journal (Winter 1994): 4-14.

Takes the theory of information warfare and ties it together with specific
examples from the Persian Gulf War. Discusses many key concepts in concise,
readable terms.


[22] Nielson, Robert E., and Charles B. Gaisson. "Information - The
Ultimate Weapon." First International Symposium on Command and Control
Research and Technology (June 1995): 545-549.

Examines the differences between war in the Industrial Age and war in the
Information Age. Focuses in on the decision environment and the old and new
paradigms for decision making. Argues for greater technological support for
decision making to reduce need for fallible intuition.


[23] Peterson, A. Padgett. "Tactical Computers Vulnerable to Malicious
Software Attacks." Signal 48 (November 1993): 74-5.

Highlights the role of tactical computers in warfare, examining their
vulnerability to viruses. Discusses the history of viruses, how they work,
what they are capable of, and theoretical reasons why no perfect defense
can be established. Examines practical measures that can be taken with
tactical computers to reduce the threat.


[24] Ryan, Donald E., Jr. "Implications of Information Based Warfare."
Joint Forces Quarterly (Autumn-Winter 1994-5): 114-6.

Discusses the need to re-examine doctrine in light of advances in
technology. Draws analogies between traditional Industrial Age warfare
doctrinal elements and proposed future doctrine.


[25] Schwartau, Winn. Information Warfare: Chaos on the Electronic
Superhighway. (New York, NY: Thunder's Mouth Press, 1994.)

Popular text on information warfare in general. Full of anecdotes. Lacks
grounding in the theoretical basis of warfare. Divides information warfare
into personal, corporate, and global information warfare.


[26] Science Application International Corporation (SAIC). Information
Warfare: Legal, Regulatory, Policy, and Organizational Considerations for
Assurance. (Prepared for the Joint Staff, 4 July, 1995.)

Exhaustive legal reference on the legal, regulatory, policy, and
organizational implications of information warfare. Cites specifics in
public law, executive orders, court decisions, etc.


[27] Starr, Stuart H., and Dale K. Pace. "Developing the Intellectual Tools
Needed by the Information Warfare Community." First International Symposium
on Command and Control Research and Technology (June 1995): 577-86.

Outlines a detailed conceptual framework for understanding information from
the military perspective. Leaves room for further definition of
non-military elements of information warfare. Examines toolsets applicable
to the support of the information warfare community.


[28] Stein, George J. "Information Warfare." Airpower Journal (Spring
1995): 31-39.

Discusses a definition of information warfare, development of a strategy
for information warfare, the U.S. Air Force perspective, and the danger of
failing to address information warfare. Sees the rise of information
warfare as similar to the rise of Airpower.


[29] Stoll, Clifford. The Cuckoo's Egg: Tracking a Spy Through the Maze of
Computer Espionage. (New York: Doubleday, 1989.)

Classic true story of international information warfare over the Internet.
Often referenced.


[30] Szafranski, Richard. "A Theory of Information Warfare: Preparing for
2020." Airpower Journal (Spring 1995): 56-65.

Defines information and warfare. Focuses on psychological warfare aspects
on information warfare. Sees the primary target of information warfare as
the knowledge and belief systems of the adversary.


[31] Toffler, Alvin, and Heidi Toffler. War and Anti-War: Survival at the
Dawn of the 21st century. (New York, NY: Little, Brown, and Company, 1993.)
Traces the evolution of warfare through agrarian, industrial, and
informational warfare "waves." Forecasts the future of human conflict.
Constantly referenced and highly recommended by other authors on the
subject of information warfare.


[32] Tzu, Sun (Griffith, Samuel B., trans.) The Art of War. (New York:
Oxford University Press, 1963.)

Ancient text on warfare popularized due to Sun Tzu's holistic view of
warfare and the increasing irrelevance of Clausewitz's classic On War in
the Information Age. Unlike Clausewitz, Sun Tzu regards information as
indispensable in reducing the uncertainty of war. Much of The Art of War is
arguably applicable to information warfare.


[33] Waller, Douglas. "Onward Cyber Soldiers." Time (August 24, 1995):
38-46.

Focuses mostly on examples and speculation to describe information warfare.
Provides a summary of some of the major papers on information warfare.
Includes many salient points.


[34] Wardynski, E. Casey. "The Labor Economics of Information Warfare."
Military Review (May-June 1995): 56-61.

Examines the economics of providing appropriate education in the nation's
public schools to ensure the numbers of quality workers that will be
required to support and defend the nation in the Information Age. Analyzes
the wages these people can expect to make and discusses the tradeoff
between developing technologies that require low skill, low wage workers,
versus developing technologies that require high skill, high wage workers.


[35] Cornerstones of Information Warfare. (Department of the Air Force,
1995.)

States the Air Force's definition of information warfare. Outlines the
traditional elements of warfare which comprise information warfare.
Discusses how Air Force doctrine should change to accommodate information
warfare.


[36] Jumpstart Information Warfare Briefing. (Department of the Air Force,
1995.)

Open source briefing ordered by the Air Force Chief of Staff to educate
Major Command and Numbered Air Force commanders and staffs on the subject
of information warfare. Contains numerous examples of information warfare
activities.


[37] National Defense University School of Information Warfare and Strategy
Syllabus, Academic Year 1995-96.
Details goals, objectives, lessons, and labs taught at the School of
Information Warfare and Strategy.


[38] U.S. Army Field Manual (FM) 100-6, Information Operations, 8 July,
1995 Working Draft.

States the Army's definition of information warfare. Discusses information
environment, threats, information dominance, information operations,
command and control warfare, intelligence, information systems, and
information activities.


[39] U.S. Army TRADOC Pamphlet 525-9, Concept for Information Operations, 1
August, 1995.

"This concept describes the importance of information and how to win the
information war in military operations now and into the twenty-first
century."



http://cryptome.org/2013/01/infowar-tutorial/infowar-tutorial.htm

Information War Tutorial

The Public Trust (Then and Now)

Our nation has experienced another change since the early days of the Cold War - the erosion of
public trust. The American people expected their government to protect them from the Cold War
threat. It was understood that security meant secrecy. The WW II jingle loose lips sink ships was
still in the minds of most Americans. The Rosenburg trials and convictions publicly confirmed
that the Soviet Bear was out and about.

However, events such as Watergate and the Pentagon Papers forced many Americans to question
the activities of their leadership. This growing concern motivated Congress to act in the mid
1970's. Reacting to a public call for greater control and openness, Congress dramatically changed
the way it processed legislation. Americans could now examine their government's specific
actions as role calls and voting activities were open to public record.

It is important to recognize the magnitude of change in public trust over the past six decades. In
the early days of the cold war people would not have questioned our government's actions to
provide security. The classification of key technologies and export control was accepted.
Cryptographical advances were considered national treasures worth protecting.

Today Americans demand tight controls to prevent any abuse of power by government officials.
Further, the balance of individual privacy vs. national security has shifted toward the individual.
Once a national technology, cryptography is now considered an intellectual novelty for public
use and discussion.
As our nation's policy makers develop information age legislation, the degree of public trust will
greatly influence their decisions. Policy makers will find it increasingly more difficult to tell the
public that legislation is motivated on a classified portrayal of threat. The people will demand an
explanation. This will challenge many departments and agencies to develop new methods of
operation. Political inertia from behind government's closed doors will resist the transition to
new policy, but change is unavoidable. Departments and agencies will learn to adopt a widely
accepted academic term, publish or perish.

_____

DoD's most important role

As a result of Watergate, Vietnam, and other associated events, public trust in the government
has steadily eroded over the past six decades. This erosion has also affected the DoD's image.
Many Americans believe that DoD is not in line with main stream culture, e.g., policies on gay's
in the military and sexual harassment (Tail Hook). It is a common belief that the Pentagon is
looking for a new global threat now that the Cold War is over; that the Information War is the
new global threat used to acquire additional DoD funding. Reinforcing these views is the
recurring question what is big brother up to? Given that situation, it is clear that the public will
demand strong evidence before accepting an expansion of DoD's role into cyberspace.

This cannot be understated: DoD must take steps to re-establish the public trust and provide clear
evidence that the IW threat is real. The first steps are:

       Openness
       Education

Public trust is critical. Americans should not have ask What is my government up to?

_____

Then: Money was available through DoD sponsored research. Now: Commercial demands drive
development.

The birth of ARPANET evolved into a basic requirement.

Then: Public trust of government was high. Now: Public trust of government is low.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:1/23/2013
language:English
pages:57