Information Warfare: Good News and Bad News
by Major Keith D. Anthony, USAR
The views expressed in this article are those of the
author and do not reflect the official policy or position of the
National Air Intelligence Agency, Department of Defense, or the
U.S. Government.
The chief objective of information warfare is to
achieve information superiority over an adversary. It might mean
more information; it definitely does mean better information. IW
means making sure our information is reliable and accurate. At the
same time, IW means denying information superiority to an
adversary. This could mean denying information or manipulating the
information available to an adversary. The playing field is
"info-space" the collection of all things involved in generation,
gathering, processing, storage, and transmission of information. IW
holds that the information a nation's military has available to
make a decision will, to a large extent, determine its activities.
If that information can be controlled, so can the resulting
military actions.
IW reflects the changing nature of warfare.1 It has evolved to the
extent that for most nations, and especially the United States,
information technology is inherent in their war-fighting
capabilities. For some nations, information technology is used very
little within their military. For these nations, the weapons of IW
provide an offensive force multiplier against information
technology-dependent opponents.
However, IW is broader than foreign nations. The same tools and
techniques are available to organized crime, terrorists, and other
groups. IW applies to all phases of a conflict. It affects far more
targets than military equipment and personnel. Critical
infrastructure components, such as the power grid,
telecommunications networks, and transportation systems all rely on
computer networks for their operation.
The Fragile Infrastructure
A recent government report estimates that as many as 250,000 DoD
computer systems were attacked last year.2 The report also
concludes that 65 percent of these attacks were successful, and
that the number of attacks doubles each year.3 Computer attacks are
not a new phenomenon. They have been occurring since the beginnings
of the Internet. However, in the context of IW, they are becoming
increasingly significant.
Why should the military care about these attacks? Are they anything
more than just some misguided computer geeks with too much time on
their hands? Military history has many examples of how information
has been used in conflicts. It has always been sought; sometimes it
has even been used effectively, and sometimes it has been vital.
The common thread, though, has been that physical engagements were
still necessary to impose one's will upon the enemy. IW changes the
rules. With the appropriate information, it may now be possible to
accomplish objectives without the use of military force.4 On the
other hand, denied the use of required information and information
technology, we may be prevented from using military force to
accomplish our objectives. Always a tool of war, information has
now become a target of war as well. Information and the technology
used to generate, transmit, process, store, and manipulate it, may
very well have become the primary means of obtaining an offensive
or defensive advantage.5
The U.S. military is probably the world's best-postured fighting
force in terms of its use of information technology. It has a vast
and complex information infrastructure with more than 2.1 million
computers, 10,000 local computer networks, and 100 long-distance
networks. The DoD uses information technology for
- Designing weapons.
- Identifying and tracking enemy targets.
- Paying soldiers.
- Mobilizing reservists.
- Managing supplies.
- A myriad of other essential activities.
Information systems and computer-based telecommunications networks
provide the very basis of our war-fighting capability. However,
this is a double-edged sword because the DoD must also protect this
information infrastructure. Our dependence on information
technologies also makes us susceptible to its vulnerabilities.
Computer attacks like those mentioned above illustrate the degree
to which DoD computer systems are being targeted. The success rate
illustrates the potential damage that could be done by organized
foreign nationals, terrorists, or "hackers". As a minimum, we must
expend resources on repairing the damage done by the attacks; at
worst, parts of our information infrastructure could be disrupted
or rendered inoperative by attacks.
What is this "information infrastructure" and why should we care
about it? The information infrastructure is all of the systems and
equipment used to transmit, store, and process information that DoD
needs to accomplish its mission. Much of this infrastructure is the
same as that used by the civilian world. To operate more
efficiently, DoD has been rapidly moving away from isolated and
stand-alone information systems to a globally integrated
information structure. In doing so, it has linked together
thousands of computers with the Internet as well as other networks,
and increased its dependence on computer and network technology to
do its basic functions. This raises a number of concerns. What if
- These systems or large parts of them were destroyed?
- They were merely made unavailable for a time period?
- The information they contained was compromised?
- Random parts of that information were corrupted or made
unreliable?
- Malicious software was introduced into these systems?
- An enemy decided to exploit design flaws in the
infrastructure on which we depend?
- An enemy was in control of a computer system on which we
used to help make critical battlefield computations?
- A hostile foreign nation built all of the microelectronic
components we used in an important military system?
Recently there has been a vivid example of just such exploitation.
By exploiting a design flaw in the Internet protocol (IP),
attackers recently "flooded" an eastern United States Internet
service provider's host computer with bogus requests for service.
Since the computer had to respond to these requests, it was unable
to service legitimate ones. This is known as a denial-of-service
(DOS) attack, since it denied service to those dependent on that
computer. The attack was based on information widely available in
some of the "computer-underground" publications.6 It painfully
illustrated a vulnerability of any computer that uses the IP
protocol, that is any computer connected to the Internet.7
Government agencies have acknowledged that potential adversaries
have been developing bodies of knowledge about DoD's and other U.S.
systems and about methods to attack these systems. Many methods and
tools to accomplish attacks are widely available.8 These methods
include sophisticated computer viruses and automated attack
routines, and typically allow adversaries to launch untraceable
attacks from anywhere in the world. Official estimates show that
more than 120 countries are developing such computer attack
capabilities.9
Long the toys of computer hackers, these tools and methods are
becoming the weapons of IW. A more important point is that these
tools are available cheaply and to the same degree to terrorists,
organized-crime, and potential military enemies. In fact, for a
number of years now, the technology has existed for a person of
moderate intelligence to bring down large portions of the
Internet.10
Information Warfare Russian and Chinese Style
It is probable that foreign nations are developing doctrine and
tactics for IW and assembling IW "weapons." Russia is one such
nation. While no official statement on IW by the Russian Ministry
of Defense or General Staff has been found, statements by a number
of senior military officers give us some insight into Russian
thinking on the topic. Senior Russian officers speak of "computer
virus warfare," where they see several different virus types with
which they must contend:
- The "Trojan Horse" virus remains idle for a certain
period of time and then causes catastrophic destruction of the
system.
- The "force quarantine" virus knocks out the program of
the unit into which it was planted.
- The "overload virus" quickly spreads through a system and
gradually slows its operation.
- The "sensor virus" penetrates a preplanned sector of a
computer's data-storage area and destroys the data bank and its
information at a critical moment.
Another key Russian concept is that of
disinformation, which follows closely the Soviet concept of
maskirovka of the Cold-War days.11
Chinese writers also recognize that this significant change has
occurred in the nature of warfare, even calling it a military
revolution. In the words on one Chinese scholar
Information technology is the nucleus and foundation of
this revolution, for it is information and knowledge that bring
change to the old practice that the military strength of an army
was measured simply by the number of its armored divisions, air
force wings, and aircraft carrier groups. Today, a number of
invisible forces need to be taken into consideration, which include
the calculation capacity, the telecommunications volume, and the
reliability and real-time reconnaissance ability of relevant
systems.12
While China's preparation for warfare in this new era is just
getting underway, they recognize many of the important questions
which all nations must consider. For example
- Precisely how will this military technological revolution
take place?
- Will military forces maintain their old structures and
merely adapt information technologies to those structures? Or will
information technologies become the structure and framework upon
which entire military forces are built?
- Also, what about the underdeveloped countries of the
world? Will the armies of these countries complete the
transformation to mechanized warfare before considering a shift
toward IW? Or will they skip a generation in military thought and
practice?
- What primary force will drive the evolution and
deployment of a nation's military forces, technological
development, or tried and tested military doctrine?13
The Chinese recognize two ironies which surround IW. First, it
seems that the further technology develops, the easier it becomes
to catch up. Underdeveloped countries can very often find shortcuts
for information technology development and attain similar standards
within a far shorter period of time. It may be far cheaper for an
underdeveloped nation to exploit a technological weakness than for
a more advanced nation to develop and deploy the system that has
the weakness. Second, the further information technology develops,
the more fragile and vulnerable it becomes. Note that modern
software is now typically so complex that it is impossible to
thoroughly test it.14
Often cited as the "first information war," Operation DESERT STORM
created an appetite and fueled expectations for military forces
intent on dominance of the information spectrum (as is the
objective of IW). U.S. forces did just that in DESERT STORM,
creating an information differential that seemed to paralyze the
enemy. However, it did so only after five months of gathering
together a kludge of Free World sensing, telecommunications, and
intelligence systems not designed for joint operations, and then
tinkering with it while the enemy was content with inactivity.
Coalition ingenuity, enemy inactivity, and modern information
technology changed an unfamiliar battlefield into one of military
confidence, precision, and efficiency. Instead, imagine a conflict
where missile batteries receive no firing solutions, where Tomahawk
launch platforms receive no targeting instructions, where an
aircraft's situational awareness screens go blank, or where a
computer virus makes a unit's mission planning computers useless.15
The Weapons of IW
The above viruses are but a few of the potential IW weapons. Others
include traditional weapons which might be used to destroy
information systems. Still others include other types of
- Malicious software.
- "Chipping" (manipulating the functions on microelectronic
circuitry).
- Software "back doors" (which allow unauthorized access to
programs).
- Electromagnetic weapons.
- Destructive microbes and chemical agents.
- Van Eck radiation (which allows monitoring of radio
emissions from electronic devices).
- Cryptography.
- Spoofing (faking the identity of a legitimate user).
- Video "morphing."
- Psychological operations (for example, by controlled
release of information).
- Attacks on financial institutions, disruption of air
traffic control, and others.
Many of these "weapons" have been popularized in
science fiction, and are often incorrectly portrayed. They exist
nonetheless and can potentially be used for IW.
More than 12,000 computer viruses already exist.16 Although mostly
affecting MS/DOS-operated personal computers, viruses also exist
for UNIX machines, "Macs," Windows '95, and other operating
systems. There are virus-creation tool kits. There are collections
of viruses available for downloading from the Internet, both in
executable and source code form. There are computer virus writing
tutorials. The future promises even more excitement, as newer
generations of Macro viruses come into existence. The future
promises local area network-aware viruses, multiplatform viruses,
virus mutator, and even viruses in high-level computer languages.17
As more and more viruses come into existence and gather
sophistication, anti-virus tools become less and less capable of
dealing with them. As other Internet tools become available, such
as Java and ActiveX, viruses certainly will emerge that exploit the
new vulnerabilities.18
A Reality Check
It is likely that the wholesale adoption of information
technologies has only been inevitable. The United States is still
the world leader in information technologies and the lure to use
those technologies to our benefit is compelling. Science fiction
and Hollywood productions glamorize the technology,19 but other
factors have influenced the changes. (The media, for example,
probably has contributed to expectations that wars will be like
DESERT STORM executed without excessive cost, fought with a minimum
of casualties and collateral damage (at least for our side),
accomplished with quickness and efficiency, supported by a number
of allies, and undertaken with relatively clear objectives and a
well-defined opponent.)
In any conflict likely to confront us in the future, the technology
to enable this must be assembled ahead of time, and it must provide
sufficiently robust and detailed situational awareness to deal with
an enemy that is actually shooting back. Such technology is
somewhat expensive, it is fairly complex, it has numerous
vulnerabilities, and it has a number of important consequences:20
- There is a relatively low entry cost for those wishing to
participate in IW.
- The spectrum of potential adversaries increases
significantly. It is no longer just a few nations with large
militaries. The list of adversaries now includes organized crime,
terrorists, etc.
- Public opinion and perception management become far more
important.
- Information dominance requires large quantities of
highly-accurate and high-precision information, as well as the
ability to make sense of it all.
- There are no longer any geographic sanctuaries, as
connectivity has rendered distance meaningless.
- IW mandates careful consideration of the roles of and
relationships between law enforcement, the military and
intelligence organizations.
Welcome to the exciting new world of IW!
Endnotes
1. Many factors have contributed to that changing
nature of warfare. For the United States in 1996, there are several
factors which have primarily influenced it. These are that (1) war
must not be seen as an excessive drain on resources, (2) it must be
clinical (without seemingly needless destruction and loss of life),
and (3) it must be lead to a quick U.S. victory. In addition, the
U.S. military is increasingly being called upon to accomplish
non-traditional missions, such as peace-keeping.
2. It should be noted that the precise number of
attacks is not known. The figure 250,000 is based on another
estimate that only 1 in 150 attacks is detected and reported.
3. GAO/AIMD-96-84, Information Security: Computer
Attacks at Department of Defense Pose Increasing Risks, May 1996.
4. As U.S. Army General Sheehan commented in his
opening remarks for the information warfare conference 5
(Electronic Civil Defense for the 21st Century Convergence of the
Commercial and the Military Sectors: The Vulnerabilities,
Capabilities, and Solutions), the best approach may often be to
accomplish objectives while avoiding the "kinetic solution" (the
use of military force).
5. The paragraph is based on comments by "experts"
on the definition and nature of IW contained in "Information
Warfare: Implications for Forging the Tools", a master of science
thesis for the Naval Postgraduate School, by USAF Captain Roger D.
Thrasher.
6. The specific publications are the electronic
magazine ("zine") Phrack and the quarterly 2600. The concept of an
organized "computer-underground" is a nebulous one, at best. There
are, of course, "hacker" groups and "virus-writing" groups, and
they are organized on a local level.
7. Technical solutions to this attack, known as
"SYN-flooding" for the part of the IP handshaking it exploits, have
been implemented as an add-on. However, the vulnerability still
exists.
8. GAO/T-AIMD-96-108, Information Security:
Computer Hacker Information Available on the Internet, June 5,
1996.
9. GAO/AIMD-96-84, Information Security: Computer
Attacks at Department of Defense Pose Increasing Risks, May 1996.
10. A conversation with Tom Longstaff, of the
Carnegie Mellon University Software Engineering Institute, Computer
Emergency Response Team, in September 1996.
11. Timothy L. Thomas, "Russian Views on
Information-Based Warfare," Airpower Journal, Special Edition 1996,
26-35. See also Mary C. Fitzgerald, The New Revolution in Russian
Military Affairs, the Royal United Services Institute for Defence
Studies Whitehall Paper Series, 1994.
12. From translation of "Military Forum" column by
Zhang Feng and Li Bingyan, "Historical Mission of Soldiers
Straddling 21st Century Roundup of 'Forum for Experts on Meeting
Challenge of the World Military Revolution'," in Beijing
Jiefangjunm, 2 January 1996, 2.
13. Ibid.
14. Su Enze's "Military Forum" column, "Logical
Concept of Information Warfare," in Beijing Jiefangjun, 11 June
1996, 6.
15. Thoughts extracted from Colonel Alan D.
Campen, USAF (Retired), "Information Warfare is Rife with Promise,
Peril", by in Signal, November 1993, 19-20.
16. This is only an estimate. There are probably
more. The good news is that most of these are variants and that
there are only about 720 or so different families." Still fewer of
these viruses are typically found "in the wild."
17. "Is the Virus Threat Under Control? An
Interview with Vesselin Bontchev, Fred Cohen and Sara Gordon,"
Computer Security Journal, Volume XII, Number 1, 1996, 57-66.
18. A collection of Increasingly Hostile Applets,
a paper obtained from a Web site on the topic of the hostile Java
code, in Fall 1996. [Applets are very short Java applications that
run on the Internet.]
19. Though it is typically portrayed with
significant technical inaccuracies.
20. David Alberts, The Unintended Consequences of
Information Age Technologies, National Defense University's
Institute for National Strategic Studies.
Mr. Anthony is a civilian engineer working at the
National Air Intelligence Center at Wright-Patterson Air Force
Base, Ohio. He also serves as a major in the USAF Reserve. Mr.
Anthony has bachelor and master of science degrees in Computer
Engineering from Syracuse University and Wright State University.
Readers can reach him at (937) 257-6327, DSN 787-6327, and via
E-mail at kda36@naic. wpafb.af.mil.