Information Warfare: Good News and Bad News

by Major Keith D. Anthony, USAR

The views expressed in this article are those of the author and do not reflect the official policy or position of the National Air Intelligence Agency, Department of Defense, or the U.S. Government.

The chief objective of information warfare is to achieve information superiority over an adversary. It might mean more information; it definitely does mean better information. IW means making sure our information is reliable and accurate. At the same time, IW means denying information superiority to an adversary. This could mean denying information or manipulating the information available to an adversary. The playing field is "info-space" the collection of all things involved in generation, gathering, processing, storage, and transmission of information. IW holds that the information a nation's military has available to make a decision will, to a large extent, determine its activities. If that information can be controlled, so can the resulting military actions.

IW reflects the changing nature of warfare.1 It has evolved to the extent that for most nations, and especially the United States, information technology is inherent in their war-fighting capabilities. For some nations, information technology is used very little within their military. For these nations, the weapons of IW provide an offensive force multiplier against information technology-dependent opponents.

However, IW is broader than foreign nations. The same tools and techniques are available to organized crime, terrorists, and other groups. IW applies to all phases of a conflict. It affects far more targets than military equipment and personnel. Critical infrastructure components, such as the power grid, telecommunications networks, and transportation systems all rely on computer networks for their operation.

The Fragile Infrastructure

A recent government report estimates that as many as 250,000 DoD computer systems were attacked last year.2 The report also concludes that 65 percent of these attacks were successful, and that the number of attacks doubles each year.3 Computer attacks are not a new phenomenon. They have been occurring since the beginnings of the Internet. However, in the context of IW, they are becoming increasingly significant.

Why should the military care about these attacks? Are they anything more than just some misguided computer geeks with too much time on their hands? Military history has many examples of how information has been used in conflicts. It has always been sought; sometimes it has even been used effectively, and sometimes it has been vital. The common thread, though, has been that physical engagements were still necessary to impose one's will upon the enemy. IW changes the rules. With the appropriate information, it may now be possible to accomplish objectives without the use of military force.4 On the other hand, denied the use of required information and information technology, we may be prevented from using military force to accomplish our objectives. Always a tool of war, information has now become a target of war as well. Information and the technology used to generate, transmit, process, store, and manipulate it, may very well have become the primary means of obtaining an offensive or defensive advantage.5

The U.S. military is probably the world's best-postured fighting force in terms of its use of information technology. It has a vast and complex information infrastructure with more than 2.1 million computers, 10,000 local computer networks, and 100 long-distance networks. The DoD uses information technology for

Designing weapons.
Identifying and tracking enemy targets.
Paying soldiers.
Mobilizing reservists.
Managing supplies.
A myriad of other essential activities.

Information systems and computer-based telecommunications networks provide the very basis of our war-fighting capability. However, this is a double-edged sword because the DoD must also protect this information infrastructure. Our dependence on information technologies also makes us susceptible to its vulnerabilities. Computer attacks like those mentioned above illustrate the degree to which DoD computer systems are being targeted. The success rate illustrates the potential damage that could be done by organized foreign nationals, terrorists, or "hackers". As a minimum, we must expend resources on repairing the damage done by the attacks; at worst, parts of our information infrastructure could be disrupted or rendered inoperative by attacks.

What is this "information infrastructure" and why should we care about it? The information infrastructure is all of the systems and equipment used to transmit, store, and process information that DoD needs to accomplish its mission. Much of this infrastructure is the same as that used by the civilian world. To operate more efficiently, DoD has been rapidly moving away from isolated and stand-alone information systems to a globally integrated information structure. In doing so, it has linked together thousands of computers with the Internet as well as other networks, and increased its dependence on computer and network technology to do its basic functions. This raises a number of concerns. What if

These systems or large parts of them were destroyed?
They were merely made unavailable for a time period?
The information they contained was compromised?
Random parts of that information were corrupted or made unreliable?
Malicious software was introduced into these systems?
An enemy decided to exploit design flaws in the infrastructure on which we depend?
An enemy was in control of a computer system on which we used to help make critical battlefield computations?
A hostile foreign nation built all of the microelectronic components we used in an important military system?

Recently there has been a vivid example of just such exploitation. By exploiting a design flaw in the Internet protocol (IP), attackers recently "flooded" an eastern United States Internet service provider's host computer with bogus requests for service. Since the computer had to respond to these requests, it was unable to service legitimate ones. This is known as a denial-of-service (DOS) attack, since it denied service to those dependent on that computer. The attack was based on information widely available in some of the "computer-underground" publications.6 It painfully illustrated a vulnerability of any computer that uses the IP protocol, that is any computer connected to the Internet.7 Government agencies have acknowledged that potential adversaries have been developing bodies of knowledge about DoD's and other U.S. systems and about methods to attack these systems. Many methods and tools to accomplish attacks are widely available.8 These methods include sophisticated computer viruses and automated attack routines, and typically allow adversaries to launch untraceable attacks from anywhere in the world. Official estimates show that more than 120 countries are developing such computer attack capabilities.9

Long the toys of computer hackers, these tools and methods are becoming the weapons of IW. A more important point is that these tools are available cheaply and to the same degree to terrorists, organized-crime, and potential military enemies. In fact, for a number of years now, the technology has existed for a person of moderate intelligence to bring down large portions of the Internet.10

Information Warfare Russian and Chinese Style

It is probable that foreign nations are developing doctrine and tactics for IW and assembling IW "weapons." Russia is one such nation. While no official statement on IW by the Russian Ministry of Defense or General Staff has been found, statements by a number of senior military officers give us some insight into Russian thinking on the topic. Senior Russian officers speak of "computer virus warfare," where they see several different virus types with which they must contend:

The "Trojan Horse" virus remains idle for a certain period of time and then causes catastrophic destruction of the system.
The "force quarantine" virus knocks out the program of the unit into which it was planted.
The "overload virus" quickly spreads through a system and gradually slows its operation.
The "sensor virus" penetrates a preplanned sector of a computer's data-storage area and destroys the data bank and its information at a critical moment.

Another key Russian concept is that of disinformation, which follows closely the Soviet concept of maskirovka of the Cold-War days.11 Chinese writers also recognize that this significant change has occurred in the nature of warfare, even calling it a military revolution. In the words on one Chinese scholar Information technology is the nucleus and foundation of this revolution, for it is information and knowledge that bring change to the old practice that the military strength of an army was measured simply by the number of its armored divisions, air force wings, and aircraft carrier groups. Today, a number of invisible forces need to be taken into consideration, which include the calculation capacity, the telecommunications volume, and the reliability and real-time reconnaissance ability of relevant systems.12

While China's preparation for warfare in this new era is just getting underway, they recognize many of the important questions which all nations must consider. For example

Precisely how will this military technological revolution take place?
Will military forces maintain their old structures and merely adapt information technologies to those structures? Or will information technologies become the structure and framework upon which entire military forces are built?
Also, what about the underdeveloped countries of the world? Will the armies of these countries complete the transformation to mechanized warfare before considering a shift toward IW? Or will they skip a generation in military thought and practice?
What primary force will drive the evolution and deployment of a nation's military forces, technological development, or tried and tested military doctrine?13

The Chinese recognize two ironies which surround IW. First, it seems that the further technology develops, the easier it becomes to catch up. Underdeveloped countries can very often find shortcuts for information technology development and attain similar standards within a far shorter period of time. It may be far cheaper for an underdeveloped nation to exploit a technological weakness than for a more advanced nation to develop and deploy the system that has the weakness. Second, the further information technology develops, the more fragile and vulnerable it becomes. Note that modern software is now typically so complex that it is impossible to thoroughly test it.14

Often cited as the "first information war," Operation DESERT STORM created an appetite and fueled expectations for military forces intent on dominance of the information spectrum (as is the objective of IW). U.S. forces did just that in DESERT STORM, creating an information differential that seemed to paralyze the enemy. However, it did so only after five months of gathering together a kludge of Free World sensing, telecommunications, and intelligence systems not designed for joint operations, and then tinkering with it while the enemy was content with inactivity. Coalition ingenuity, enemy inactivity, and modern information technology changed an unfamiliar battlefield into one of military confidence, precision, and efficiency. Instead, imagine a conflict where missile batteries receive no firing solutions, where Tomahawk launch platforms receive no targeting instructions, where an aircraft's situational awareness screens go blank, or where a computer virus makes a unit's mission planning computers useless.15

The Weapons of IW

The above viruses are but a few of the potential IW weapons. Others include traditional weapons which might be used to destroy information systems. Still others include other types of

Malicious software.
"Chipping" (manipulating the functions on microelectronic circuitry).
Software "back doors" (which allow unauthorized access to programs).
Electromagnetic weapons.
Destructive microbes and chemical agents.
Van Eck radiation (which allows monitoring of radio emissions from electronic devices).
Cryptography.
Spoofing (faking the identity of a legitimate user).
Video "morphing."
Psychological operations (for example, by controlled release of information).
Attacks on financial institutions, disruption of air traffic control, and others.

Many of these "weapons" have been popularized in science fiction, and are often incorrectly portrayed. They exist nonetheless and can potentially be used for IW.

More than 12,000 computer viruses already exist.16 Although mostly affecting MS/DOS-operated personal computers, viruses also exist for UNIX machines, "Macs," Windows '95, and other operating systems. There are virus-creation tool kits. There are collections of viruses available for downloading from the Internet, both in executable and source code form. There are computer virus writing tutorials. The future promises even more excitement, as newer generations of Macro viruses come into existence. The future promises local area network-aware viruses, multiplatform viruses, virus mutator, and even viruses in high-level computer languages.17 As more and more viruses come into existence and gather sophistication, anti-virus tools become less and less capable of dealing with them. As other Internet tools become available, such as Java and ActiveX, viruses certainly will emerge that exploit the new vulnerabilities.18

A Reality Check

It is likely that the wholesale adoption of information technologies has only been inevitable. The United States is still the world leader in information technologies and the lure to use those technologies to our benefit is compelling. Science fiction and Hollywood productions glamorize the technology,19 but other factors have influenced the changes. (The media, for example, probably has contributed to expectations that wars will be like DESERT STORM executed without excessive cost, fought with a minimum of casualties and collateral damage (at least for our side), accomplished with quickness and efficiency, supported by a number of allies, and undertaken with relatively clear objectives and a well-defined opponent.)

In any conflict likely to confront us in the future, the technology to enable this must be assembled ahead of time, and it must provide sufficiently robust and detailed situational awareness to deal with an enemy that is actually shooting back. Such technology is somewhat expensive, it is fairly complex, it has numerous vulnerabilities, and it has a number of important consequences:20

There is a relatively low entry cost for those wishing to participate in IW.
The spectrum of potential adversaries increases significantly. It is no longer just a few nations with large militaries. The list of adversaries now includes organized crime, terrorists, etc.
Public opinion and perception management become far more important.
Information dominance requires large quantities of highly-accurate and high-precision information, as well as the ability to make sense of it all.
There are no longer any geographic sanctuaries, as connectivity has rendered distance meaningless.
IW mandates careful consideration of the roles of and relationships between law enforcement, the military and intelligence organizations.

Welcome to the exciting new world of IW!
Endnotes
1. Many factors have contributed to that changing nature of warfare. For the United States in 1996, there are several factors which have primarily influenced it. These are that (1) war must not be seen as an excessive drain on resources, (2) it must be clinical (without seemingly needless destruction and loss of life), and (3) it must be lead to a quick U.S. victory. In addition, the U.S. military is increasingly being called upon to accomplish non-traditional missions, such as peace-keeping.
2. It should be noted that the precise number of attacks is not known. The figure 250,000 is based on another estimate that only 1 in 150 attacks is detected and reported.
3. GAO/AIMD-96-84, Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, May 1996.
4. As U.S. Army General Sheehan commented in his opening remarks for the information warfare conference 5 (Electronic Civil Defense for the 21st Century Convergence of the Commercial and the Military Sectors: The Vulnerabilities, Capabilities, and Solutions), the best approach may often be to accomplish objectives while avoiding the "kinetic solution" (the use of military force).
5. The paragraph is based on comments by "experts" on the definition and nature of IW contained in "Information Warfare: Implications for Forging the Tools", a master of science thesis for the Naval Postgraduate School, by USAF Captain Roger D. Thrasher.
6. The specific publications are the electronic magazine ("zine") Phrack and the quarterly 2600. The concept of an organized "computer-underground" is a nebulous one, at best. There are, of course, "hacker" groups and "virus-writing" groups, and they are organized on a local level.
7. Technical solutions to this attack, known as "SYN-flooding" for the part of the IP handshaking it exploits, have been implemented as an add-on. However, the vulnerability still exists.
8. GAO/T-AIMD-96-108, Information Security: Computer Hacker Information Available on the Internet, June 5, 1996.
9. GAO/AIMD-96-84, Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, May 1996.
10. A conversation with Tom Longstaff, of the Carnegie Mellon University Software Engineering Institute, Computer Emergency Response Team, in September 1996.
11. Timothy L. Thomas, "Russian Views on Information-Based Warfare," Airpower Journal, Special Edition 1996, 26-35. See also Mary C. Fitzgerald, The New Revolution in Russian Military Affairs, the Royal United Services Institute for Defence Studies Whitehall Paper Series, 1994.
12. From translation of "Military Forum" column by Zhang Feng and Li Bingyan, "Historical Mission of Soldiers Straddling 21st Century Roundup of 'Forum for Experts on Meeting Challenge of the World Military Revolution'," in Beijing Jiefangjunm, 2 January 1996, 2.
13. Ibid.
14. Su Enze's "Military Forum" column, "Logical Concept of Information Warfare," in Beijing Jiefangjun, 11 June 1996, 6.
15. Thoughts extracted from Colonel Alan D. Campen, USAF (Retired), "Information Warfare is Rife with Promise, Peril", by in Signal, November 1993, 19-20.
16. This is only an estimate. There are probably more. The good news is that most of these are variants and that there are only about 720 or so different families." Still fewer of these viruses are typically found "in the wild."
17. "Is the Virus Threat Under Control? An Interview with Vesselin Bontchev, Fred Cohen and Sara Gordon," Computer Security Journal, Volume XII, Number 1, 1996, 57-66.
18. A collection of Increasingly Hostile Applets, a paper obtained from a Web site on the topic of the hostile Java code, in Fall 1996. [Applets are very short Java applications that run on the Internet.]
19. Though it is typically portrayed with significant technical inaccuracies.
20. David Alberts, The Unintended Consequences of Information Age Technologies, National Defense University's Institute for National Strategic Studies.

Mr. Anthony is a civilian engineer working at the National Air Intelligence Center at Wright-Patterson Air Force Base, Ohio. He also serves as a major in the USAF Reserve. Mr. Anthony has bachelor and master of science degrees in Computer Engineering from Syracuse University and Wright State University. Readers can reach him at (937) 257-6327, DSN 787-6327, and via E-mail at kda36@naic. wpafb.af.mil.