Key Elements for A Successful IT Physical Security Program (view)
Information Warfare (view)
Smart Card Technology Threats (view)
Security Tip (view)
Counter Technical Intrusion Section (view)
by Christina Hastings, B.Sc., M.Sc.
What is it?
Information warfare (IW) is generally described as the art or science of using information to gain an advantage over an adversary, while protecting one's own information, processes and information systems from attack. This advantage could be accomplished through the theft of secrets, through promulgation of misinformation (leading to invalid decision-making), or through denying an adversary the use of its own information. IW encompasses deliberate threats to confidentiality, integrity and availability of information. Information warfare is not a new concept; however, it is evolving into a new, focussed strategy. Using information obtained through intelligence to gain advantage over an adversary has always been within the realm of military tacticians. The information technology (IT) age in which we find ourselves provides a new catalyst for information warfare through the manipulation of information technologies. Electromagnetic pulse (EMP) weapons (designed to wreak havoc on necessary solid state electronic machinery and equipment), electronic surveillance and interception, and malicious software are examples of information warfare strategies in IT environments.
From Nuisance to Terrorism
Within the IT realm, the malicious software example of virus promulgation could be considered to span the continuum between nuisance and terrorism. Current technologies allow users to prevent such contamination through filters that identify, and cleaners that eradicate, many forms of viruses. The costs associated with undetected contamination of systems and networks can be astronomical. Section 430(1.1) of the Criminal Code reads:
"Every one commits mischief who wilfully
- destroys or alters data;
- renders data meaningless, useless or ineffective;
- obstructs, interrupts or interferes with the lawful use of
- obstructs, interrupts or interferes with any person in the
lawful use of data or denies access to data to any person who is
entitled to access thereto."
Section 430(2) reads:
"Everyone who commits mischief that causes actual danger to life is guilty of an indictable offence and liable to imprisonment for life."
We could therefore conclude that deliberate virus contamination of hospital control systems, leading to loss of life or life-threatening overdoses in radiation therapy, could fall under both quoted sections. Indeed this example could possibly fall under the heading of terrorism, which is defined as criminal acts of violence causing great fear.
In general, could information warfare be considered terrorism? No formal distinction has been made as to which act of IW might be construed to be terrorism in the strictest sense. Could IW be considered violent? Certainly it could, where acts of IW deny the availability of information or provide misinformation to critical decision processes that impact public safety, with a violent or hazardous outcome.
Military, Government and Civilian Implications
IW does not have only military underpinnings; IW can also be of significant concern in peacetime situations. Economic intelligence gathering and interpretation are peacetime activities that provide competitive advantages to corporations or countries engaged in such activity. Manipulating information, stealing secrets or denying the use of information are common threats facing governments and corporations. Responses to the IW threat vary, depending upon which sector is involved. Typically, the private or civilian sector will respond to an identified threat through immediate evasive and subsequent damage control measures. Governments, including military sectors, often invest considerable time and money in the prevention, detection and surveillance of activities that could represent future IW threats.
The restructuring of IW security initiatives within the military and police communities is currently underway. Such initiatives recognize the impact of IT in compounding the complexity of issues related to IW in terms of both tactical and strategic responses. In military initiatives, consideration must be given not only to ensuring the defensive aspects of IW but also to identifying acceptable offensive strategies in wartime scenarios, effectively defining the rules of engagement. In police initiatives, consideration must be given to the rapid evolution of computer crime and rapid deployment of technology into the hands of criminals. Preserving, validating and obtaining useable intelligence and evidence that will lead to arrests and prosecution requires continual research and development. The objective is to keep pace with criminal elements who have access to virtually unlimited resources to acquire state-of-the-art equipment.
Additional difficulty is encountered because it is no longer possible to clearly delineate between domestic and foreign events. Identifying the place of origin of an IW attack or information crime event is increasingly difficult, and can bring about jurisdictional conflicts. National boundaries have no meaning in cyberspace.
Could a foreign military power target civilian information systems to effect a military advantage; for example, targeting telecommunications or power infrastructures for destruction? How would we respond to this type of event? Would the military - supposing they (or someone else) had detected such a plan - be responsible for preventing, or recovering from, the attack? The IW battle lines are smudged, definitely not straight or even dotted. What role would governments play? What role would local or national police forces play? These issues represent a unique challenge. This example presupposes that we would be able to realize that such a plan was afoot.
Direct prevention, detection, surveillance and response measures related to information (technology) warfare are needed. Some benefits can be derived from existing IT security technical standards. What is lacking is an assessment and evaluation of specific IW threat scenarios, with subsequent recommendations for measures specifically designed to address those scenarios. The ability to identify IW events needs further refinement. Triggers that signal possible IW occurrences before they become destructive are necessary. Research and development should not only centre on detection and surveillance methods, but also include prevention and response methods, to ensure that all phases of the IW life cycle are realistically addressed. Concurrence should be reached among the government, military, police and industry in clearly defining each sector's area of responsibility.
We must be able to realistically assess our adversaries' technical advantages - assuming we have correctly identified our adversaries! This advantage is established through traditional intelligence, both military and civilian. We must be able to determine to what extent information warriors (both friend and foe) are dependent on IT, as well as how precise the selection of IT targets might be. The assumption is that both sides are equally dependent and that target boundaries may not be clearly defined. Many networks are internationally shared. This means that an adversary might cripple part of its own IT infrastructure in an attack on an opponent. We must identify the intent of IW, including weakness and supremacy issues. We must be able to identify, isolate and safeguard strategic assets that are most likely to be subjected to attack. Finally, we should consider the circumstances and the processes by which an international cease- fire could be negotiated.