INFOWAR part 2 -- Theory

INFORMATION
WARFARE
Part 2: Theory
Advanced Course in Engineering
2005 Cyber Security Boot Camp
Air Force Research Laboratory Information Directorate, Rome, NY
M. E. Kabay, PhD, CISSP-ISSMP
Assoc. Prof. Information Assurance
Program Direction, MSIA & BSIA
Division of Business & Management, Norwich University
Northfield, Vermont
mailto:mkabay@norwich.edu
V: 802.479.7937
2-1/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Topics
 08:00-08:15 Introductions & Overview
 08:15-09:00 Fundamental Concepts
 09:05-10:25 INFOWAR Theory
 10:35-11:55 Case Histories & Scenarios
2-2/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Topics
 What is INFOWAR?
 Schwartau’s Levels of INFOWAR
 Examples of IW levels
 Military Approaches to IW
2-3/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
What is INFOWAR?
 Use of or attacks on information and
information infrastructure to achieve strategic
objectives
 Tools in hostilities among
Nations
Trans-national groups (companies, NGOs,
associations, interest groups, terrorists)
Corporate entities (corporations,
companies, government agencies)
Individuals
2-4/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Dorothy Denning’s Nutshell
 Information Warfare and Security (1999). ACM
Press (ISBN 0-201-43303-6).
 Offensive information warfare operations alter
availability and integrity of information
resources
Benefit of offense & detriment to defense
Offense acquires greater access to info
Defense loses all or partial access to info
Integrity of information diminished
2-5/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Denning’s Theory of
INFOWAR
 Information resources include people & tools
Containers
Transporters
Sensors
Recorders
Processors
 Value of resource differs
Over time
To different people
2-6/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Schwartau’s Levels of
INFOWAR
 I: Against individuals
Theft, impersonation
Extortion, blackmail
Defamation, racism
 II: Against organizations
Industrial espionage
Sabotage
Competitive & stock manipulation
 III: Against nations
Disinformation, destabilization
Infrastructure destabilization
Economic collapse
2-7/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Military Approaches to IW
 HUMINT
 INTEL
 COINTEL
 SIGINT
 COMINT
 ELINT
 FISINT
 MASINT
 IMINT
 TECHNINT
 OSINT
2-8/41
 Human intelligence
 Intelligence
 Counterintelligence
 Signals intelligence
 Communications
 Electronic
 Foreign Instrumentation
 Measurement & signals
 Imagery
 Technical information
 Open source intelligence
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Information Warfare:
Chaos on the Electronic
Superhighway (1996.05)
Winn Schwartau, The Security Awareness Co.
 Overview
 Military Model Must Reflect Changes in Warfare
 What Is War?
2-9/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Schwartau’s View (1996.05)
Overview
 National economies increasingly virtual
Most money no longer tangible
 Espionage increasing for economic benefits
14% increase in espionage according to FBI
 Must resolve problem of defending against
powerful technology not limited to military use
 Should define defensive posture against
potential enemies’ capabilities, not perceived
motivations
2-10/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Schwartau’s View (1996.05)
Military Model & Changes in Warfare
 Military systems are not necessarily the prime
targets of attack
 Psyops increasingly important: manipulation
of perceived reality using the gullibility of the
mass media
 Attacks on software: increasing the failure
rates of systems even when people are trying
to reduce errors
 Denial of service increasing: airports, phone
systems, banks
2-11/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Schwartau’s View (1996.05)
What Is War?
 Physical attacks are no longer the only basis
for defining acts of war
 What will military and civil response be to
concerted attack on civilian / industrial
infrastructure?
taking down the banks
interfering with air-traffic control
damaging productivity of major industries
 …and if this is war, what is the response?
2-12/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Schwartau’s View (1996.05)
Destruction vs Reducing Competitiveness
 Question: in a free-market world, not
necessary to destroy enemy; need merely
render less competitive
 Response from Schwartau:
US govt must defend country, yet military
limited to physical warfare
Classifying EW threats is foolish; should
educate civilian sector
Should define conditions for termination of
hostilities
2-13/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Schwartau’s View (1996.05)
How do we know who is attacking?
 Anonymity pervasive throughout cyberspace
 Stealth attacks natural consequence of
Internet architecture
 Agents can be hired without knowing their
handlers
 Conventional intelligence services must wake
up to electronic threats
 See Information Warfare 1st Edition online
http://www.thesecurityawarenesscompany.com/chez/IW1-1.pdf
2-14/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
RAND on INFOWAR
(1999.01)
Strategic Information Warfare Rising
— The RAND Corporation
mid-1998 (reported in press 1999.01)
 Debate within the Pentagon
wisdom of offensive information warfare
cyberattacks on critical infrastructure worse
for US
 4 basic scenarios
U.S. supremacy in offense and defensive
strategic IW
strategic IW elites — no first use
global defensive dominance — arms control
market-based diversity — defend well,
recover fast
2-15/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWAR @ AAAS (1999.02)
American Association for Advancement Science
(AAAS) panelists
government
private industry
 INFOWAR real threat
 Need better cooperation among law enforcement
officials around world
catch culprits responsible for attacks
 Changes international law
extradiction suspects
 Sceptics (e.g., Kevin Poulson) scoffed
no electricity by now if IW threat so bad
2-16/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Kosovo Cyberwar (1999.03)
Attacks on US government & military agencies
began 1999.03
 Serbian hackers
 Retaliation for war against Serbs
 As NATO bombing began in Serbia
 "Black Hand" hacker group
 "Serbian Angel" hackers
 White house Web site defaced
Red letters"Hackerz wuz Here“
2-17/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
European Basketball Contest
(1999)
2-18/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Asymmetric INFOWAR
(1999.04)
Countering New Terrorism
by I.O. Lesser B. Hoffman J. Arquilla D.F.
Ronfeldt M. Zanini & B.M. Jenkins
 New terrorism more diverse
sources
motivations
tactics
 More lethal global reach
 Asymmetric strategy
less-capable adversaries
political violence
2-19/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWAR? Nonsense, says
Christy (1999.09)
 US has never been target of information
warfare
James Christy
Defense-wide Information Assurance
Program (DIAP)
 Cybercriminals not cyberwarriors
 Fundamental difficulties responding
military has expertise computer crime but
cannot help law enforcement agencies
without presidential directive
2-20/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWAR? Nonsense.
(cont’d)
 Civilian sector ignorant of computer crime
countermeasures
 Can’t tell cyberattacks under way
most victims keep information secret
don’t help law enforcement investigators
 Precise attribution & blame extremely difficult
in cyberspace — anonymity
 Public favors privacy over cybercrime
prevention & law enforcement — ignorance
 Jurisdiction over cyberspace crimes
confused — competing geographical claims
2-21/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWAR in Oz? (1999.10)
 Foreign (US?) military site attacked Stock
Exchange late 1998?
 Richard Humphrey
Managing Director Australian Stock Exchange
implied attacking site was in USA
 “Foreign government” denied any possibility
such attack from military site
 Urged changes to Australian laws
make it easier to try hackers
present laws require criminal hackers be
apprehended in act of hacking
2-22/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWAR / China (1999.11)
 Importance of INFOWAR grows in PRC
Chinese military newspaper Jiefangjun
Bao
authors Leng Binglin, Wang Ylin, Zhao
Wenxiang
 For maximum war role, must integrate
INFOWAR with other combat actions
 Cybersuperiority necessary but not sufficient
for military victory today
2-23/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWAR / China (2000.02)
Taiwan Research Institute
 Gird itself against information warfare
People's Republic China
 Elements IW:
disruption critical infrastructure
disruption military C3I ops
misinformation campaigns
damage economic activity
lower morale on island before initiating
conventional warfare
2-24/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWARGAMES (1999.11)
Institute for Security Intelligence's Center for
Technology Terrorism & Jane's Publications
 War-game simulation (did not really hack)
 IRS primary target
 False information, denial of service
 Hack into IRS audit system
 Send out millions audit & tax-due notices
 Tap into immigration control (Dept State) to
issue visas to known terrorists
 Create fake documents — IRS investigating
personal lives members Congress
 Leak fakes to media + send fake compromising
photographs
2-25/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Critical Infrastructure
Protection (1999.11)
Information Technology Association of America
(ITAA) Statement of Principles
 Importance protecting national information
infrastructure
 Private industry: primary authority
 Lowest possible government regulation in critical
infrastructure protection
 Call for distinctions among cyber-mischief,
cybercrime, cyberwar
 Appropriate law enforcement agencies take
charge specific cases
minimal jurisdictional confusion
assurance clear legal basis for prosecution
2-26/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
German Government Plans
Net Defenses
 German plans for early-warning of hacker
attacks (2001.05)
 Build Computer Emergency Response Teams
throughout country
 Increased cooperation should permit rapid
response to hacker attacks
2-27/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Republic of Korea Warns of
Cyber Attacks
 ROK Ministry of Information and
Communication issues warnings (2001.05)
 Concern about US & (PRC) Chinese hackers
using Korea as staging ground for INFOWAR
 KISA launched special task force against US
and Chinese attacks
 Instructed Korean Internet-site operators to
report unusual traffic at any time
2-28/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
US Warns of Military
Response to Cyberattacks
 Richard Clarke tells Senate Judiciary
Committee of plans for retaliation (2002.02)
 White House Technology Advisor says that
cyberattack would be met “in any appropriate
way: through covert action, through military
action, any one of the tools available to the
president.”*
 In 2003.02, President Bush signed an order
authorizing development of guidelines on
unilateral or retaliatory cyberattacks against
foreign computers and networks
*Question: HOW DO YOU KNOW FOR SURE
WHO IS ATTACKING YOU?
2-29/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
STRATCOM focuses on
Cyberwar (2003.02)
 U.S. Strategic Command (Stratcom) will focus
on computer network attack
 Stratcom now in charge of global command,
control, communications, computer, intelligence,
surveillance and reconnaissance (C4ISR)
capabilities
 “All pieces of the enemy's system of systems
that are valid military targets [are] on the table as
we go about war planning.”
 “…Unimportant whether we take out a computer
center with a bomb or a denial-of-service
program. If it's critical to the enemy and we go
to war, it will be in our sights.”
2-30/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cyberattack Implications
Studied
Cyberterror impact, defense under
scrutiny (2004.08)
Coordinated cyberattack against U.S.
could
topple parts of Internet,
silence communications and
commerce,
paralyze federal agencies and
businesses
disrupt $M in financial transactions,
Cont’d
2-31/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cyberattack Implications
(cont’d)
hang up air traffic control systems,
deny access to emergency 911
services,
shut down water supplies and
interrupt power supplies to millions
of homes
More than 2 dozen countries have
“asymmetrical warfare” strategies
2-32/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
North Korea Ready for
Cyberwar?
North Korea ready to launch cyber war
North Korea has trained more than 500
computer hackers capable of launching cyber
warfare against the United States, South Korea's
defense ministry says. In a report to the
National Assembly's National Defense
Committee, the ministry said that hackers from
North Korea were among the best in the world.
--Agence France Presse, 2004.10
2-33/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cyberterrorism by 2006?
Cyberterrorism a possibility in two years
Cyberterrorism could become a reality in 2006, a
leading UK information security expert has said.
Speaking at the SC Magazine Conference in London
on Thursday, October 21, director of information
security for Royal Mail David Lacey said that that the
world would witness cyberterrorism within two
years. Lacey said, “there is a lot of consistency in
research that shows many of the real risks won't
come to a crescendo until then. We know a lot about
some of the trends coming. Real terrorists have not
had the capability to carry out threats. But that will
change as the stakes get higher.“
--ZDNet (UK), 2004.10
2-34/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
New Cyberwar Command
Center
Cyber warriors anticipate center
Personnel in the military's new cyberdefense organization
hope to operate a new command center by late spring. The
facility will include new hardware and software to help
workers of the Joint Task Force-Global Network
Operations (JTF-GNO) operate, manage and defend the
military's 10 computer networks. "It will be a state-of-theart facility," said Army Brig. Gen. Dennis Via, deputy
commander of the JTF-GNO. He spoke Wednesday,
February 23 at the Department of Defense Global
Information Grid Enterprise Services conference held by
the Association for Enterprise Integration, an industry
trade group. The opening of the new command center
coincides with JTF-GNO becoming fully operational.
--Federal Computer Week, 2005.02
2-35/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Chinese Cyberwar From
South America?
U.S. officials warn of Chinese intelligence and cyberwarfare
roles in Latin America
U.S. officials … warned about Chinese intentions to
establish an intelligence and cyberwarfare beachhead in
the [S. America]. Roger Noriega, assistant secretary of
state for Latin America, and Rogelio Pardo−Maurer, the top
Defense Department official for the Western Hemisphere,
testified before a House panel [and] said China's interests
in Latin America were mostly on the economic side, but
warned that Beijing could also have an intelligence agenda
as it increased trade with Latin America. Pardo−Maurer said
that “we need to be alert to rapidly advancing Chinese
capabilities, particularly in the fields of intelligence,
communications and cyberwarfare, and their possible
application in the region.”
--Miami Herald, 2005.04
2-36/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
US Army on Lookout for
Sensitive Info Online
Army officials have said they will take a closer look at
blogs and Web sites maintained by soldiers. Many such
blogs and Web sites include photographs or other
information that inadvertently exposes classified or
sensitive information to anyone with access to the
Internet. Gen. Peter Schoomaker, the Army’s chief of
staff, noted that soldiers routinely post pictures online
that include "tactics, techniques, and procedures" for
weapons systems. According to Richard Cody, Army
vice chief of staff, "The enemy is actively searching the
unclassified networks for information, especially
sensitive photos." Schoomaker issued a memo saying
that the Army will work to closely monitor Web sites and
blogs to avoid operational security violations, which
"needlessly place lives at risk and degrade the
effectiveness of our operations."
--Federal Computer Week, 2005.08
2-37/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Hacker Attacks In U.S.
Linked To Chinese Military
A systematic effort by hackers to penetrate U.S. government and
industry computer networks stems most likely from the Chinese
military, the head of a leading security institute said. The attacks
have been traced to the Chinese province of Guangdong, and the
techniques used make it appear unlikely to come from any other
source than the military, said Alan Paller, the director of the SANS
Institute, an education and research organization focusing on
cybersecurity. In the attacks, Paller said, the perpetrators "were in
and out with no keystroke errors and left no fingerprints, and
created a backdoor in less than 30 minutes. How can this be done
by anyone other than a military organization?" Paller said that
despite what appears to be a systematic effort to target government
agencies and defense contractors, defenses have remained weak in
many areas. Security among private-sector Pentagon contractors
may not be as robust, said Paller, because "they are less willing to
make it hard for mobile people to get their work done." The U.S.
military has code-named the recent hacker effort "Titan Rain" and
has made some strides in counter-hacking to identify the attackers,
Paller said.
-- DSH IAIP Daily 2005.12.13
2-38/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Insidious Attacks
DIGITAL DOOMSDAY CAN BE AVOIDED WITH
PREPARATION
A common nightmare scenario in the business world is that
a hacker will crack a company's digital defenses, steal
sensitive data or disable the network. Scott Borg, director
and chief economist at the U.S. Cyber Consequences Unit
(US-CCU), an independent organization that churns out
information security data on behalf of the government, says
enterprises face a darker possibility. Online outlaws could
quietly penetrate the network and, over six to eight months,
alter critical data so that it's no longer accurate. For
instance, an attacker could access a health insurance
company's patient records and modify information on a
person's prescriptions or surgical history. Or an attacker
could access an automotive company's database and
tamper with specifications on various car parts.
--Bill Brenner, SearchSecurity 2006.05.03
2-39/41
09:05-10:25
Copyright © 2006 M. E. Kabay. All rights reserved.
Psyops in Cyberspace – and
Society
 Digital “photographs” may not be photographs
 Audio “recordings” may not be recordings
 Log files may be fiction
 Opinion polls may be nonsense
 Election results may be fixed
 Conspiracy theories may be true
 References may be nonexistent
 Facts may be illusory
 History may be fiction
 Enemies may be invented
 Threats may be propaganda
2-40/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Class
Resumes at
10:35:07
2-41/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25