Computer Security Information Warfare (Iw)

Computer Security

Information Warfare (IW) is one of the latest forms of threats that poses great security risk to the national peace and order in the U.S. In this paper we present an analysis of all the emerging trends of information warfare. Our goal is to formulate appropriate recommendations and strategies for mitigating the risks associated with this new form of threat. In our study we present various literatures that are dedicated to the context of Information Warfare. An identification of all the vulnerable points in the institutional and governmental infrastructure is also presented. The overall goal is to ensure that our nation and the world as a whole is protected from the dangers associated with cyber terrorism.

Introduction

The modern world heavily relies on the use of computers in ensuring several demands are met and tasks completed. Computers are useful in a number of industries such as in the telecommunications, financial, manufacturing, transport, sales and marketing industries among many others. In addition, computers are used a lot for social purposes such as networking across the world. The application of Information Technology concepts has made it possible for the above industries and many others are run both effectively and efficiently. The nature of interconnections available among various facilities and the backbone on which they are based on provides an open opportunity and subjection to many attacks through the network. These facilities and backbone should therefore be protected and shielded against any forms of Information warfare that occur via cyber terrorist network attacks (Lawson, 2010).

As a matter of fact, cyber terrorism is defined by Dorothy E. Dennig as 'unauthorized and illegal attacks on networks, computers and the information stored therein when done out of malicious or damaging intentions. To a large extent, to be classified as cyber terrorism, attacks results should indicate damage of someone's reputation and property or to a large extent it should result in fear. Examples would be attacks such as death, explosives, contamination of water, airspace crashes.' (Browning, 2001).

We intend to clearly show the emerging ways of information warfare and as a result come up with the best possible ways of mitigating the effects of information warfare over our nation.

Information warfare is composed of two sections which include: Defensive and Offensive information warfare. Defensive protects information from attacks from outside and changes that can be made to the information. On the other hand, offensive information warfare protects information from the defence. There are various forms of information warfare as which include the following forms: command-and-control warfare (C2W), electronic warfare (EW), psychological operations, (PSYOPS), intelligent-based (IBW), information economic warfare (IEW) and Hacker-war which is software based as demonstrated by Libicki (1995)

Each of the above forms needs different rules of engagements, objectives and methodologies.

US national infrastructure is very important to the nation and thus the call for the need to protect it from network attacks. Without proper protection from network attacks, the whole nation's business activities and the running of the government could be in jeopardy. This would expose the nation's security in danger (Lawson, 2010).

The following are the main forms of information warfare as pointed out by Libicki (1995).

1. command-and-control warfare

2. electronic warfare

3. intelligence-based

4. psychological operations

5. . information economic warfare

6. Hacker-war- this type if IW is a software based and is waged against various information systems

All forms of IW are unique in their forms of attack and therefore require that unique and elaborate techniques be employed in the process of mitigating their effects or entirely avoiding them.

The information technology infrastructure is an integral part of various states. This is because of the varied nature of activities that are heavily reliant upon it. The various forms of network attacks must therefore be effectively mitigated in order to ensure that there is no any kind of disruption to the various important activities necessary to run a country.

Emerging trends

The field of information warfare has been evolving with time. The current trends include the use of sophisticated devices and software that are aimed at disrupting or stealing of confidential information of various computer systems. Below are a just afew of the emerging trends in information warfare.

Steganography

This is the art of hiding written messages. The emergence of computer technology has seen steganography taken to a brand new level. Terrorist are able to effectively use images to hide messages as portrayed in the recent case of Russian spies arrested in the U.S. By the FBI (wired.com, 2010)

Literature review

Moore (2004) focuses on the various means that battlefield military officers can be prepared for war by means of strategic modeling of threats. This is through the identification of the various possible threats using a computer generated virtual battlefield, which could be integral in predicting the real events on the battlefield. There are various major steps that are used as part of this system to involve the following: definition and modeling of the virtual battlefield scenario, identification of possible threats, consulting of various departments as well as with superior officers in order report the various threats, characterization of the threat risks as well as the determination of level and type of the adversary. Moore uses qualitative as well as constructive approach in order to achieve the research objectives. The information obtained can effectively be used in order to come up with a standard system that can be used by the military personnel in the identification of various possible risks as well as the methods of to isolating the risks that are involved while executing various forms of attacks and counter-attacks These elements will help to effectively create countermeasure. The overall goal however, is to come up with ways of mitigating the various the possible undesirable of informational warfare.

(Cobb, 1999) carried out an analysis that was aimed at showing the various domains of civilian infrastructure that are most at risk of being attacked by cyber terrorists. The areas discussed .In this study Cobb focuses on the energy sector as a main target by cyber terrorists. His reason behind his choice of the energy industry is the fact that the energy sector infrastructure has over time been computerized in an effort to improve its efficiency. Cobbs provides an elaborate analysis which points out the various choke points that can be used by the various cyber terrorist in coming up with an attack on the energy distribution infrastructure. His analysis is however concentrated in Australian energy sector. His aim was to come up with a quantitative approach of the effects of a Information Warfare on the civilians caused by a disruption the Information technology infrastructure used in the distribution of energy in Australian. His study shown that there are various vulnerability points (choke points ) that cyber terrorists can use in coming up with a successful cyber terrorist actions against the society.

Diebert (2010) came up with study that was aimed at identifying the various physical risks that are caused by the use of technology in perpetrating information warfare.His study also identified the factors that could escalate the possibility of technology being utilized in the perpetration of information warfare. He points out that this happens are a result and the following will manifest:

Various nations would make claim that they are working together and in harmony to come up with a solution to the problem at hand (IW).

He pointed out that the moment these issues interfere with issues such as politics and national sovereignty then several states start to withdraw their support.

Diebert uses a qualitative approach in order to complete his evaluation. The significance of this is that it exposes the otherwise invisible lack of corporation between the states in the various issues related to information warfare.

Knapp (2006) comes up with an analysis of the role of information warfare in various areas of the society and the nation. His study ranges from the study of the effects of Information warfare on the military to various corporations. In order to come up with a clear illustration of the transformation, Knapp takes into account several factors. These include;

Incidents related to computer security that he noted to be on the rise

The ease with which various forms of information warfare/cyber attacks can be perpetrated

A sharp rise in the number of countries with the capability to launch information warfare as well as defend themselves from the same

The rise in percentage of reliance on information technology

The increase in the cases of technology espionage by various organized crime rings

Knapp (2006) uses a qualitative approach in order to evaluate his study. Empirical methods are also used. The significance of this is that it helps in showing how a major paradigm shift has occurred in the way information warfare is conducted. His study also shows how major corporations are increasingly becoming targets of information warfare. The finding of this research helps in proving how much of problem information warfare is to the corporate world.

Molander (1996) studies the various methods of preparing the United States of America for various forms of Information warfare. His study includes the following;

The U.S. government through the executive to provide appropriate leadership to steer the country in the domain of cyber security.

The state to conduct immediate risk assessment aimed at neutralizing all the vulnerabilities.

The creation of an effective national security strategy as well as the creation of an elaborate national military strategy.

Molander (1996) uses a qualitative research approach and methodology .The method used is constructive. The constructive method used is used whenever there is a need to come up with ways of solving various problems. The significance of this technique is due to the fact that there is a need of coming up with general steps that are aimed at the identification and creation of an elaborate strategy that is aimed at reducing all the negative effects of information warfare. The objective is to come up with appropriate methods of. As a result, this is useful in helping, to provide an initial first step for identifying and controlling the problem.

Freedman (1998) comes up with a discussion of the rapidly changing facets of military warfare. The amount of conflict is noted to be dependent on the ability of the various nations trying to prevent the super powers from intervening in their various areas of interests. In such a situation, the smaller nations that are rogue may decide to use information warfare in order to achieve their ulterior motives. It is the nature of the smaller nations to engage in various tactics in order to perpetrate their evil causes. What the do is to launch attacks on the information technology infrastructure of the larger nations in order to cause confusion. The disruption caused can result in a lot of disruption that can result in military conflict. The information acquired can also be used by the smaller nations in enticing the major nations into coming into conflict with each other. This is usually through the provision of false information. The techniques used by Freedman are qualitative as well as empirical. The significance of this is that the information acquired can be used to confirm and corroborate other highlighted sources regarding the possible causes as well as effects of information warfare. The information acquired can be beneficial to the smaller nations since it might prevent them from going into war with major nations. The phenomenon of information according to this study has several beneficial effects to the smaller nations.

Arquilla (2001) discusses the various methods that terrorists organizations can use the power of information technology in order to improve both their recruiting process as well as enhance the way they control, their various cells . This is mainly due to the fact that technology has improved the away groups such as Hezbollah and Al Qaeda operates. Through technology, the terrorist groups are able to effectively reach out to various new followers and members in various countries. The terrorist networks are able to effectively encrypt their messages and also deliver various instructions to be used to effectively transport and use various encrypted disks. This in turn has resulted in various terrorist organizations being able to easily breach the counter terrorist measure put in place by various governments and institutions. This is through the use of technology in coming up with an effective technique of communicating with each other as well, as to reach out to several sympathizers and new members. The method used here is qualitative. The methodology used in this study is historical. The study involved an analysis of how the various terrorist organizations are using technology in order to commit acts of information warfare. The significance of this is to show how various terrorist organizations are turning to technology in order to perpetrate acts of cyber terrorism as part of their overall terrorist strategies. The information acquired from the study can therefore be used to effectively establish a pattern/recognize a plan necessary to combat future cases of information warfare in the terrorist domains.

Devost (2005) focuses on the potential impact of information warfare on the United States of America. This according to him is due to the fact that the country relies on the use of technology in carrying out several of its activities. This fact alone explains the rise in the number of points of vulnerability. The article focuses on the way the U.S. is exposed to various forms of cyber attacks emanating from various other nations. In such situations, the possibilities of cyber attacks are usually reduced. This is because of the fact that both retaliation and interdependence of these nations are kind of low as a result only serves to their disadvantage. Devost does believe that the various terrorist organizations can instead attempt to carry out cyber attacks since they believe that they can cause both psychological and economic damages on their targeted countries. The approach discussed here is very popular due to the following facts.

The terrorist are able to plan and execute their plans undetected.

There is a large number of young persons who are joining the terrorist networks and coupled with the rise in the number of youth who are involved in the use of technology makes the threats widespread.

The carrying out of information warfare involves the use of very little financial resources.

The planning and execution of cyber terrorism requires very little physical resources.

The method used by the author is quantitative and involved the use of empirical techniques in the examination of the various subjects. The significance of the study was to come up with an identification of the most likely use of information warfare by cyber terrorist in order advance their aims. This paper point out the fact that the larger nations are most likely not going tom participate in information warfare in order to advance their options. This is due to the fact that they may be fearful of the potential damage this could bring to them as a result of negative implications. This therefore makes the chances of such attacks low. The use of information warfare in order to advance ulterior motives against other nations therefore remains with smaller terrorist organizations who end up using it in order to result to negative economic implications as well as to create fear in these countries.

Yoshihara ( 2001) discusses the various effects that Chinese information warfare can pose to the United States of America. He identified the various threat levels and sources that the threats can pose to the country in the future. This according to him is due to the fact that United States has it attention focused somewhere else. The author points out that the Chinese government can most likely use the information they acquire in order to cause harm to Taiwan. In such a situation, China would utilize the information they have acquired through information warfare to launch hack attacks and disable various integral systems during conflicts. This would result in attack of Taiwan with the usually military resources in an effort to create a crisis in the country. Another reality is that the United States military is continuously dependent / reliant on technology. The possibility or scenario is that should China launch an attack through the disabling of the early moments of the attack/conflict, then they can effectively delay the arrival of the other reinforcing military aids such as that of the United States and NATO forces. Should this occur, there is a high chance that China would easily succeed in attacking their enemy Taiwan. This would mean that the response from other nations would arrive late and China would have succeeded in capturing Taiwan. The method employed by Yoshihara is quantitative and used an empirical technique. The significance of this study is to highlight the possibility of trouble that can be caused by China by means of information warfare. The study can be used in I the formulation of the future military policies by various governments.

Lewis (2002) studies the various forms of cyber attacks and their effects on both the national security and public policy making. The paper studies looks at a certain set of issues that are related to the way information technology can be used in carrying out cyber attacks as well as cyber terrorism on various critical public and private infrastructure as well as the possible implications of such attacks on the national security. The paper clearly describes how a hostile group of individuals or nations can come together to exploit the various vulnerabilities in the information technology infrastructure as well as the way such attacks and breaches can affect the national security. The author point out that the fact that the rapid rate of adoption of and its use in the various aspects of the economy points out the reason why it is wise to assume the assumptions of risks to be real. The paper does not however provide a full assessment .The paper does however provide four integral elements that must be reassessed in order to avoid cases of cyber terrorism. The first element involves the putting of the cyber warfare and cyber terrorism in a historical context. This involves an evaluation of the infrastructure that is mostly at risk. Then there is the coining of the strategies to be used in effectively simulates the attack scenarios of the various infrastructures. The second element involves the examination of the various cyber attack cases against a backdrop of various frequent and routine failures of the integral infrastructure. The data use d at this stage is collected from the various power outages, communication disruptions, flight delays amongst others. The consequences of these outages and disruptions are then evaluated and used to gage the extent of damage that can result as a result of cyber warfare and cyber terrorism. The third step includes the measure of the dependencies of the various infrastructures on the entire computer networks as well as their redundancies.

Lawler, Li and Leon (2005) also focus their attention on the issues of cyber terrorism. Their attention is however on the post September 11th terrorist attack. They look at the various academic offerings as well as strategies that should be put in place by the government. They acknowledge the fact that despite the National Security Agency has coming up with Centers of Academic Excellence in Information Assurance Education as an educational program; very few schools across the country have jumped on board in the implementation of the program in their curriculum. The focus of the study is to formulate a survey of the various critical failure factors that have an impact of the implementations of Centers of Academic Excellence in various academic institutions. The schools that are targeted by the initial survey are located in the Northern Corridor of the United States. The significance of this study is to shed light on the importance of discussing the various considerations on cyber terrorisms for the purpose of both the academic and the educational authorities so as to come up with better security strategies in tackling of cyber terrorism.

Mitigation of Cyber Terrorism

The various pieces of literature explored in our study clearly point out the various risks as well as steps that can be taken in order to mitigate cyber terrorism. One underlying facts or rather observation is that almost all the studies were carried out quantitatively so as to come up with an understanding of the various social implications of information warfare and cyber terrorism in particular.

The other fact to note is that the methodology used is either:

Empirical

Historical

Constructive

What this shows is the extent of problems caused by information warfare to our contemporary society. Various states have tried to use technology in order to come up with a bargaining chip or rather leverage against each other. Some terrorist organizations have also adopted the use of information warfare in achieving their ulterior motives. The main use of information of warfare by nations is the reduce the ability of other major states in order to gain military advantage in times of conflict.

It is worth pointing out the fact that the scenarios of direct information warfare are usually very low. The various military strategists must however be ready for any form of eventualities that may arise. The largest threat base is from terrorists groups who can use the tool to create panic and chaos with devastating effects on a country's economy. The process of mitigating these risks is to;

Come up with immediate risk assessment of all the possible vulnerabilities

Determine the various roles that the government can play in the creation of an efficient national security policies

Formulate and effective and updatable military policy.

The various military strategists must also come up with computer systems that are able to both model the various battlefield situations while aiding in the identification of the possible threats. The system must be able to effectively consult between the various departments as well as superiors before presenting a unified and holistic report of the threats, their characteristics as well as the determination of the adversary. The information acquired must be able to provide a dependable background on the problem at hand. It is worth noting that the research carried out in our paper has some questions that are not solved. These include the determination of the exact tools that can be employed in order to counter the various effects of cyber terrorisms. This paper also does not outline certain specific policies that are to be implemented in an effort to protect the government and the public from various aspects of information warfare. The paper also does not gage the extent to which the threats can spread through the use of information warfare. The first point to note is that in order to effectively neutralize the various forms of cyber terrorism the main choke points must be isolated them appropriate strategies be put in place to mitigate the threats. Previous risk assessment have lead to the listing of various infrastructure that are more exposed to cyber attacks than others. The list generated by Schwartau (2000) include the following as the most at-risk infrastructure to cyber terrorism;

1. Telecommunication infrastructure such as the internet, satellites, telephones

2. Electrical Power Grid

3. Energy distribution systems which deliver gas and oil to various ststes.These are used in as the transportation platforms ranging from various Alaskan-based oil refineries and well the distribution systems for natural gas.

4. Transportation infrastructure which includes ground, air as well as water transportation systems. .

5. Water supply systems

6. Emergency system activation and response systems

7. Financial institution systems

8. Governmental functions: The information technology infrastructure is necessary in the smooth execution of activities and functions in the various arms of the government.

The infrastructures listed above are the most vulnerable to various forms of attacks. It is therefore crucial to come up with the best methods of securing them or minimizing extent of damage that can be waged against them by acts of cyber terrorism. Lack of proper protection and risk assessment plans coupled with updated disaster management plans can mean a lot of damage to the national security organs. The sad part of that whole cyber terrorism scenario is that there an interconnection between the computers does exist in various aspects of our daily lives and therefore the damage can be far reaching and almost impossible to curb completely.