7Pillars Partners

Battle for the Soul of Information Warfare: Pearl Harbor vs. the Hashishim

Michael Wilson [5514706@mcimail.com]
Copyright 1996 by author. All rights reserved.


Information warfare is still only in its infancy, and already there is a difference of approach to modeling the threat. Are the assumptions between the two philosophies so different that the nature of infowar is in question?

These differences of assumptions are worth considering, since the implications--particularly in design, implementation, and operation of defensive systems and subsystems, which depend on clarity of definition--are significant.

The views of infowar can be split roughly into two 'camps,' and the philosophies can be attached and shorthanded with two historical scenarios with which they share similarities--Pearl Harbor and the Hashishim.

Pearl Harbor--the Historical Scenario

December 7, 1941. The Japanese, in an attempt to establish their dominance in the Pacific theatre of operations, launched an all-out attack on U.S. Naval forces stationed at Pearl Harbor, Hawaii. Historians differ whether the Japanese intended it as a 'surprise attack' (notification of the declaration of war was in fact in progress), but 'sneak' attack or not, the military operation was intended to cripple the fleet and keep the U.S. out of the war. As a misjudgment of national character it has few historical parallels, and "Remember Pearl Harbor!" became a rallying cry to victory for the U.S. in World War II.

The Hashishim--the Historical Scenario

~11th Century - ~14th Century. An Islamic sect led by Hasan ibn al-Sabbah, the Hashishim (mispronounced as 'assassins,' the origin of the term) were unusual, by the standards of their time or ours. Fanatical followers were given a 'taste' of the promised Heaven through the use of recreational drugs (thus the term 'hashish') and a harem (note the 'motto' of the Hashishim was "Nothing is True, Everything is Permissible") to show them their eventual reward for loyal service. Members were then dispatched, disguised any way necessary (including various violations of religious doctrine and dogma), to infiltrate the political, economic, and military structures of the opposition, Christendom. Years could pass with agents rising in trust and influence, unsuspected spies who also engaged in sabotage and subtle perversion (giving deliberately misleading advice to royal, religious, civil, and military leaders and councils), not to mention the use of the flame dagger left beside the head of a sleeping power figure (the threat--next time, you're dead) or for immediate assassination. The Hashishim are credited for collapsing at least one Crusade, and considerable other damage to the West.

Infowar Scenarios

The 'Pearl Harbor' infowar scenario is a massive attack on the military and governmental (command and control) information infrastructures, with perhaps collateral attacks against important civilian networks that aid and support military, governmental, and social stability.

'Hashishim' infowar scenarios trend along the line of the opposition force altering, damaging, or destroying data and services in a protracted campaign; attacks are unannounced, leaving the question of trust completely unsettled.

These two potential scenarios and their underlying assumptions are important to an understanding of infowar and the infowar threat model; the differences between the models, if not balanced, could lead to considerable difficulty in the future. An explicit expression of the assumptions and the differences is therefore crucial, and what I hope to provide.

'Pearl Harbor' infowar approach == PH
'Hashishim' infowar approach == H

OpFor Approach, Intent, Focus, Targets

PH: Preemptive ('sneak'); first shot to 'settle the matter,' only marks the beginning of the conflict; surprise lost once engagement initiated
H: Covert; continual moral and material surprise
PH: 'Clean' attack; direct force; not 'subtle'
H: Perversion; espionage; sabotage; coercion
PH: Damage/destroy force projection capability
H: Damage/destroy decision capacity, command structure
PH: Government targets, or target has direct connection to logistic support
H: Opportunistic targets; willing to accept greater degrees of separation; attacks on dependencies in civil and military infrastructures
At a fundamental level, even such basic views on the infowar strategy are split. A 'Pearl Harbor' infowar attack is viewed as being a preemptive attempt to take the target (presumed to be the United States or other technology dependent political economy) and force it to failure, or damage its functionality as the preliminary operation in a larger military strategy. This sort of attack is still seen as a 'clean' form of warfare, adhering to the code of conduct that dictates attacks must orient around military objectives. 'Hashishim' infowar attacks are far more nebulous and indirect, harder to pin down, and greatly annoy most military (not to mention law enforcement and intelligence) professionals by not 'playing by the rules.'


PH: Massive; concentrated
H: Long term; cumulative
'Pearl Harbor' attacks depend on the impact and effect in the target from the initial damage and destruction; as such, they concentrate massive force into a small period of time. 'Hashishim' attacks make up for mass by seeking effect over a long term, with the cumulative effect of operations grinding the target down over the period.


PH: Necessitates large resources; intense effort
H: Small; selective effort
The scale drives the effort, so 'Pearl Harbor' attacks need significant resources to make them a reality; launching and maintaining this sort of effort will not escape notice without considerable counterintelligence operations. 'Hashishim' attacks seem almost casual by comparison, allowing minimal resources, choosing the time and target, and tailoring the effort to the objective; this effort is hard to spot.

Management, Command & Control, Organization

PH: Centralized; coordinated; hierarchical
H: Decentralized; uncoordinated; heterarchical
The scale and resources of the 'Pearl Harbor' effort parallel those of their target, and thus the tendency (probably correct) to assume that such operations will be centrally managed and coordinated, with a singular or small command group setting strategy and tactics. A strong point of the 'Hashishim' is the lack of a need for such a command structure, not to mention the benefits of a heterarchy; this OpFor has no particular investment in the success or failure of a specific operation (unlike the 'Pearl Harbor' model), seeking effect from the cumulative nature of their effort. Interestingly, 'Pearl Harbor' attacks are likely to require a considerable decision loop (Boyd cycle of Orient-Observe-Decide-Act), with the attack being automated for synchronization and progressing the attack in the 'correct' order; 'Hashishim' attacks are iterative OODA loops, but under live, active control.


PH: Sponsored
H: Independent
The scale and resources to manage a 'Pearl Harbor' style attack dictates that funding be congruent in magnitude; this is not warfare on the cheap, because while certain basics are inexpensive (computers, access), others are not (personnel, intelligence). Operations by the 'Hashishim' can be launched dependent upon the availability of funds or other necessary resources; such are the benefits of waiting for opportunity to knock.


PH: Hard targets
H: Soft targets; open source intelligence resource (including net-based)
Gathering and analyzing intelligence for attacks on military or dependencies inside the military structure are actions against hardened targets; not impossible by any means, but 'Pearl Harbor' intelligence requires skilled professional efforts, with continual risk of exposure of the effort and the purpose of such. Almost by definition, the 'Hashishim' style of operations can map dependency trees and seek attack points that are soft, and accessible to normal but thorough investigation.

Defensive Focus, Political View

PH: Crisis management; top down approach
H: Vigilant, active, paranoid, defense in depth; bottom up approach; aggregate
PH: Manageable by law enforcement, intelligence, military
H: Free market solutions; solve the problem where it originates
Preparations for and addressing the infowar attacks are very different; supporters of the 'Pearl Harbor' threat model tend to believe in massive government-oriented efforts, including legislation, intelligence operations, and pursuit of the issue as if it were a problem to be solved by government. The 'Hashishim' threat model points out many of the flaws in the defensive strategy of the 'Pearl Harbor' model; this model demands robust, overlapping, defense in depth approaches that come from the composite of building solutions into the design, implementation, and operations of potentially targetable systems. The issue of strong cryptography is a case in point; 'Pearl Harbor' defense strategies require intelligence efforts that are only made harder by free market use of strong cryptosystems, while 'Hashishim' defense strategies require strong cryptosystems for data and operational privacy, security, and integrity through authentication.


Infowar operations are hardly going to be so clearly divided into such two distinct varieties. The underlying assumptions, however, are clearly at odds. Infowar threat modeling needs to take into account the variables involved in the strategies and tactics, starting with the assumptions of the 'Hashishim' approach through viewing the 'Pearl Harbor' scenario as an extreme but limited case of 'denial of service' attacks.

Focusing on the 'Pearl Harbor' scenario, as many in the political arena, as well as law enforcement, intelligence, and military community appear to be doing, leaves deadly holes in the defense. Tailoring defensive responses for the 'Pearl Harbor' scenario eliminates the use of strong cryptography widely, leaves much of the civilian infrastructure exposed, and makes other dangerous assumptions as I mention throughout this paper. Using the 'Hashishim' scenario as the starting place for defensive strategies and tactics puts strong barriers of privacy, security, and authentication into the many layers of the civilian and military infrastructures (thus a robust defense in depth), only requiring a few more refinements to protect against the 'Pearl Harbor' scenario.

Scaling out the attack scenarios helps to explain why professionals are gravitating to one scenario or the other--is it more damaging to have 'lost' your system (pending reboot, reload of software, patching the flaws, etc.--note that this is an attack that can/will be recovered from, just as Pearl Harbor was), or to have continual attacks over time where you suffer numerous smaller losses, damaged or perverted data, and the live with ever-present possibility that you will experience future losses and can't trust the data you now possess?

Both are horrible scenarios, both are difficult and necessary problems to address--but not one ('Hashishim') at the expense of the other ('Pearl Harbor'). That way lies madness.


[Home][Back to Index][Email Us]