Information Warfare: What and How?
Copyright Megan Burns, 1999
Many people today are talking about the impact of information technology
on the world. They are discussing how business, the economy, education,
and even personal relationships are being affected by the onset of the
information age. It should come as no surprise, then, that people
are also talking about how technology is impacting the way we engage in
one of our oldest traditions - war. The term "information warfare"
has been in use for a number of years now, intended to represent whatever
warfare is becoming in the information-centric 21st century. Unfortunately,
though, many people use this term without really knowing what it means.
In an effort to make progress toward a common definition, this paper presents
one possibility and expands on it by discussing the weapons, strategies,
and countermeasures involved in "information warfare", as defined.
Defining Information Warfare: Easier Said than Done
If there were a single, obvious definition of information warfare, someone
would have already written it down. The fact that no one has done
so indicates that perhaps no simple definition exists. Those in the IW
community have come to agree that information warfare is not a single,
simple thing, that it has many complex dimensions. Noted information warfare
author Martin Libicki articulates this position in his book What
is Information Warfare?. He states that "Coming to grips
with information warfare...is like the effort of the blind men to discover
the nature of the elephant: the one who touched its leg called it a tree,
another who touched its tail called it a rope, and so on. Manifestations
of information warfare are similarly perceived...[T]aken together all the
respectably held definitions of the elephant suggest that there is little
that is not information warfare."
Unfortunately, agreeing on the fact that IW has many dimensions does
little to further our understanding of it. "Where interpretations
diverge is on what it encompasses and if it replaces of modifies known
methods of conducting war," [Singh].
Luckily, opinions are diverging on some things but converging on others.
There appears to be a subset of topics that are generally agreed upon by
the IW community as falling inside the realm of information warfare.
For the purpose of this discussion, we define "information warfare" as
the topics in that set. Specifically, we talk about information warfare
as a class of techniques, including collection, transport, protection,
denial, disturbance, and degradation of information, by which one maintains
an advantage over one's adversaries [Cramer96],
[Cramer97],
[Singh]. Although
this discussion focuses on the more traditional military notions of information
warfare, the above definition can certainly be applied in any competitive
situation, public or private, civilian or military.
Weapons of Information Warfare
Having established a definition of information warfare, the next logical
question is - what do we need to be involved in it? Specifically,
what are the weapons of information warfare? To answer this question,
we look at each of the techniques mentioned above and give a brief overview
of the most common weapons used to achieve them.
Information Collection
Information collection is included as part of information warfare because
"[t]he information revolution implies the rise of a mode of warfare in
which...the side that knows more...will enjoy decisive advantages," [AR].
The idea is that the more information one has, the higher his/her situational
awareness, which leads to better battle plans and, hopefully, better outcomes.
According to Singh,
"[t]ill recently, knowing your position and that of the friendly forces
was itself a huge task. Precision position locating technologies
such as navigation based on the Global Positioning System (GPS) has eased
those problems to a large extent. Knowing the position of the enemy
has also been made possible to a degree through employment of reconnaissance
and surveillance technologies." He goes on to point out that "reconnaissance
and surveillance functions are ...moving towards use of sensors from spectra
such as infrared, ultraviolet, olfactory, auditory, visual, seismic, etc.
and fusion of data from these to formulate a comprehensive picture."
In information warfare, information collection is much less dangerous and
much more complete because these technologies can be used to infiltrate
situations and gather accurate information with minimal loss of fidelity.
Information Transport
Collecting a large amount of comprehensive information is certainly good
practice, but collection is of little value if the information sits in
a storage facility, unused. As such, the ability to transport information
into the hands of those who need it, in a timely manner, is another essential
aspect of information warfare. The tools used in this domain are
not exactly weapons, but rather civilian technologies put to use in military
situations. The most important of these tools is communication infrastructure,
composed of networks of computers, routers, telephone lines, fiber optic
cable, telephones, televisions, radios, and other data transport technologies
and protocols. Without these technologies, the ability to transport
information in the real-time fashion required by today's standards would
be impossible.
Although somewhat out of the scope of this discussion, it is interesting
to note at this point the introduction of the term "network" to the military
vocabulary. For hundreds of years, militaries have relied on hierarchies,
not networks, to disseminate information. Civilian advances in communication
technology have followed a networked paradigm, though, which has the potential
to seriously alter the way command and control are thought of in
military circles. "Moving to networked structures may require some
decentralization of command and control. But decentralization is
only part of the picture. The new technology may also provide greater
"topsight", a central understanding of the big picture that enhances the
management of complexity," [AR].
From this we can see that even a seemingly basic change in technology for
transporting information has the potential to make information age warfare
a very different thing that its industrial age counterpart.
Information Protection
One of the most broadly agreed upon aspects of information warfare is the
need to minimize the amount of information to which your opponent has access.
A large part of this is protecting the information you have from capture
by the other side. The weapons used to protect the security of our
information fall into two classes. First are those technologies that
physically protect our vital data storage facilities, computers, and transport
mechanisms, including bomb and bullet proof casings and intrusion prevention
mechanisms such as locks and fingerprint scans. Second, and perhaps
more important, are technologies that prevent bits from being seen and
intercepted by the the enemy. This certainly includes basic computer
security technologies such as passwords, as well as more sophisticated
technologies like encryption. According to
Libicki,
"By scrambling its own messages and unscrambling those of the other side,
each side performs the quintessential act of information warfare, protecting
its own view of reality while degrading that of the other side."
Information Manipulation
Information manipulation in the context of information warfare is the alteration
of information with intent to distort the opponent's picture of reality.
This can be done using a number of technologies, including computer software
for editing text, graphics, video, audio, and other information transport
forms. Design of the manipulated data is usually done manually so those
in command have control over what picture is being presented to the enemy,
but the aforementioned technologies are commonly used to make the physical
manipulation process faster once content has been decided [MSNBC].
Information Disturbance, Degradation, and Denial
The final aspects of information warfare, according to our earlier definition,
are disturbance, degradation, and denial. All three techniques are
means to the same general end - preventing the enemy from getting complete,
correct information. Because of their similarity, many of the same
weapons are used to achieve one or more of the goals. As such, it
makes sense to discuss them together. Some of the more popular weapons
used to wage these types of information warfare are spoofing, noise introduction,
jamming, and overloading [Libicki].
Spoofing is a technique used to degrade the quality of the information
being sent to the enemy. The enemy's flow of information is disturbed
by the introduction of a "spoof", or fake message, into that flow.
The technique works because it allows you to provide "false information
to the targeted competitor's collection systems to induce this organization
to make bad decisions based upon this faulty information," [Cramer96].
Another way to disturb the information being received by one's opponent
is to introduce noise into the frequency they are using. Background
noise makes it difficult for the enemy to separate the actual message from
the noise. This is a particularly useful technique if the enemy is
using forms of wireless communication, since those frequencies can be tapped
without having to actually link into a physical network of cables.
Jamming is a technique used to achieve denial that involves intercepting
signals sent between two communications links or between a sensor and a
link. The signal is intercepted, then "jammed" or stopped from further
progress toward its intended destination. In most cases, that same
signal is stored by the captor as intelligence information and used to
determine the enemy's view of its own position in the contest.
Finally, overloading is technique used to deny information to the enemy
in both military and civilian settings. By sending a volume of data
to the enemy's communication system that is too large for it to handle,
one causes a crash or severe degradation of the system's ability to deliver
information. The system is so busy dealing with the overload, it
is unable to deliver the essential information to those who need
it. This tactic is referred to as a "denial of service" attack, and
has been proven both easy and effective. At one point, a college
student was even able to bring down the Whitehouse email server
simply by sending 8000 copies of an email message at one time!
Defending Against Information Warfare
The techniques and weapons listed above certainly have the potential to
cause severe damage to an information dependent military operation.
Unfortunately for us, though, America is arguably the most information
dependent society, so we are at a greater risk than any of our enemies.
How do we defend ourselves, then? There are several ways, many of
which employ the same techniques we use to attack others. The remainder
of this discussion examines available countermeasures for each of the dimensions
of information warfare.
Information Collection
To defend against information collection attacks is to prevent our enemies
from assembling information about us and about the conflict situation.
Doing this involves protecting our own information from interception and
preventing information from getting to the enemy's collection facilities.
The available countermeasures for defending against information collection,
then, are the same weapons defined earlier for use in protection, disturbance,
degradation, and denial attacks. Specifically, the use of encryption,
spoofing, noise introduction, jamming, and overloading are particularly
useful for keeping the enemy's information collection to a minimum.
Information Transport
Because information transportation is heavily dependent upon infrastructure,
the most effective countermeasure for preventing transport is the destruction
of the enemy's infrastructure. Referred to by Libicki as antineck
command-and-control warfare, this particular countermeasure "requires knowing
how the other side communicates," [Libicki].
With that knowledge, though, this defense can be relatively easy.
"If its architecture is written in wire, the nodes...are easily identified
and disabled. Like command centers, communication systems can be
crippled by attacks on generators, substations, and fuel supply pipelines...If
the architecture is electromagnetic, often the key nodes are visible...If
satellites are used for transmission and signaling, then communication
lines can be jammed, deafened, or killed."
Attacking an enemy's infrastructure as a countermeasure to information
transport can not only be particularly easy, but can also have far-reaching
effects on their entire information system. In his book Defensive
Information Warfare, Dr. David S. Alberts remarks on this phenomenon:
| Two distinct scenarios serve to illustrate the chaotic nature of
infrastructure attacks. In the first case, a particular infrastructure
attack may trigger a series of proximate consequences that are difficult
to predict and that greatly magnify the effects of the attack. In
the second case, a series of attacks will exhibit chaotic behavior when
the sum of their cumulative effect far exceeds the sum of the individual
affects of a series of independent events. These are not uncommon
patterns. |
Information Protection
To counteract enemy attempts to protect their own information supply, we
must be able to get around their protection mechanisms. As was mentioned
earlier, the primary technological weapon for protecting ones own information
is encryption. Unfortunately, recent increases in the sophistication of
cryptography have made countermeasures very difficult to execute.
"Decoding computer-generated messages is fast becoming impossible.
The combination of technologies such as triple-digital encryption standard
(DES) for message communication using private keys, and public key encryption
(PKE) for passing private keys using public keys (so setup communications
remain in the clear) will probably overwhelm the best code-breaking computers,"
[Libicki].
What this means for those wishing to counter information protection is
that their efforts will eventually become futile. Until then, though,
attempts to break codes using powerful computers will most likely yield
the best results.
Although it is the most effective, cryptography is not the only tool
for information protection. In fact, passwords are a much more widely
used technique for protecting information systems from unauthorized access.
Unfortunately, however, password systems are dependent on humans to keep
track of and enter codes, which opens them up to significant vulnerability.
If it is possible to get a physical presence near the system or those who
use it, obtaining or guessing passwords can be amazingly easy, and is a
very effective means for getting access to protected information.
Information Manipulation
Once an enemy has information, there is little anyone can do to prevent
them from manipulating it. In light of that, there are really only
two countermeasures available to defend against this kind of attack.
First, one can work to prevent the enemy from intercepting information
in the first place. Techniques for information protection are most
effective here, since they keep the enemy from either getting access to
or being able to understand the information as originally transmitted.
The second, and perhaps more crucial, key in defending against data
manipulation is to prevent the altered data from be re-introduced into
the flow of real information. Luckily, there are several techniques
for doing this, the most common of which is redundancy. Martin Libicki
refers to information manipulation as a "semantic attack", and notes that
"A system under semantic attack operates and will be perceived as operating
correctly...but it will generate answers at variance with reality...,"
This occurs, he says, because those systems are dependent on some information
source, which he calls a sensor, for information about the real world.
"If the sensors can be fooled, the systems can be tricked." To counteract
a semantic attack, "Safeguards against failure might lie in, say, sensors
redundant by types and distributions, aided by a wise distribution of decisionmaking
power among humans and machines," [Libicki].
By gathering the same information from multiple, redundant sources, you
increase the likelihood that the correct information will get through.
Even if the enemy is successful at corrupting that data on one communication
line, you will easily detect the bad data because it differs from the picture
painted by the rest of your sources.
Information Disturbance, Degradation, and Denial
Defending against information disturbance, degradation, and denial requires
the use of many of the countermeasures already mentioned. Any of
the weapons for mounting these types of attack require access to enemy
communication channels, so information protection mechanisms and redundant
channels can be effective in maintaining some lines of communication that
are not affected by would-be attackers. "[O]ur collection of legacy
systems provides a certain amount of inherent robustness and resiliency.
They point to overlaps and duplications in these systems and argue that
it would be very hard for anyone to completely disrupt a given set of services,"
[Alberts].
There are also several techniques available that are specifically designed
to counteract the weapons described for performing disturbance, degradation,
and denial attacks. "Communicators move toward frequency-hopping,
spread-spectrum, and code-division multiple access (CDMA) technologies,
which are difficult to jam and intercept. Communications to and from
known locations...can use digital technologies to focus on frontal signals
and discard jamming that comes from the sides. Digital compression
techniques coupled with signal redundancy mean that bit streams can be
recovered intact, even if large parts are destroyed," [Libicki].
These techniques, and the thousands of others currently under development
at research sites all over the world, make it easier every day to recover
from attempts to mangle and block information as it travels to its intended
destination.
Conclusions
From this discussion, it is easy to see that information warfare is no
less complex than traditional warfare. It involves many different
strategies, techniques, weapons, and defenses. Many would argue that
the subset of topics presented here as information warfare leave out important
threats to national security, and I might be inclined to agree. I
would also argue, however, that what is here is enough to keep our military
busy for a very long time. I propose that we take this set of more
well understood aspects of information warfare and work on getting real
plans in place for how to deal with the threats they pose. As those
at the top of the ladder in information warfare come to understand more
about the newer information related threats, we can add them to the list
of "information warfare" techniques and begin to define weapons and countermeasures
for them. Until then, we must use the information we have to prepare
ourselves to be combatants in the information war that is already raging.