Information Age Vulnerabilities and Risks:Information Age Vulnerabilities and Risks:The Emergence of a NationalThe Emergence of a NationalInformation StrategyInformation Strategy

11th 11th InternationalInternational CommandCommand andand ControlControl ResearchResearch andand TechnologyTechnology SymposiumSymposium (11(11ºº ICCRTS)ICCRTS)““COALITION COMMAND AND CONTROL IN THE NETWORKED ERACOALITION COMMAND AND CONTROL IN THE NETWORKED ERA””

Cambridge, UK, 26Cambridge, UK, 26--28 28 SeptemberSeptember 20062006

Prof. António GriloINESC/INOV

Portugalantonio.grilo@inov.pt

LTCol Paulo NunesCINAMIL, Academia Militar

Portugalpfvnunes@net.sapo.pt

Prof. Henrique SantosUniversidade do Minho

Portugalhsantos@dsi.uminho.pt

CENTRO DE INVESTIGAÇÃODA ACADEMIA MILITAR

(CINAMIL)

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

SummarySummary

Introduction The National Information Infrastructure Risk Analysis and Risk Management Model The Emergence of an Information StrategyImplementing the National Information Strategy NII ProtectionConclusions

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

IntroductionIntroduction

IInternetIInternet & Global & Global Networked SocietyNetworked Society

oNewoNew Competition Competition ParametersParameters

IInformationIInformationInfrastructures & Infrastructures &

States SovereigntyStates Sovereignty•

Information Information Competition Competition and Conflictand Conflict

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

Technological Evolution ImpactTechnological Evolution Impact

Competencies

Time

t T

C

c

Líder

Challenger

dCLeader

d t>>> dCChallenger

d t

Before:Before:Available technologies increased Available technologies increased leader advantage positionleader advantage position

Competencies

Time

T t

c

C

Líder

Challenger

dCLeader

d t

is possible

<<< dCChallenger

d t

Now:Now:ICT reduces leader advantageICT reduces leader advantage

Source: “A Nova Economia Digital” ( 4ª Conferência NETIE 1999).

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

Networked Society: A System of SystemsNetworked Society: A System of Systems

Economic

Social and Cultural

Military

Physical

Scientific& Technical

Politics

Legal, Ethical& Moral

Vulnerabilities

Weakness Opportunities

Dependencies

System of SystemsApproach

Intelligence Community

Law Enforcement

Enterprises

Defense

University

IOs, NGOs

NODES Threats

Source: Grossman-Vermaas (2004)

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

ConceptsConcepts

Achieve an Information AdvantageInformation Advantage over CompetitorsCompetitors in a Ethic and Legal WayEthic and Legal Way

Objective:Objective:

The The ethicethic and systematic process of and systematic process of retrieving, analyzing and managing retrieving, analyzing and managing information that could affect information that could affect planningplanningactivities, activities, decision makingdecision making and the and the operationsoperations of an organization.of an organization.

Source: Taborda, João e Ferreira, Miguel (2002), Competitive Intelligence: Conceitos, Práticas e Benefícios, Editora Pergaminho, Cascais, p. 61.

Competitive Intelligence

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

““ encompasses all kinds of actions that we can encompasses all kinds of actions that we can conduct to conduct to preservepreserve our information systems and our information systems and resources from the resources from the exploitationexploitation, , corruptioncorruption or or destructiondestruction and to explore, corrupt and destroy the and to explore, corrupt and destroy the information systems and resources of an adversaryinformation systems and resources of an adversary””

Achieve a Information Advantage/SuperiorityInformation Advantage/Superiority

Objective:Objective:

Information WarfareSource:Source: FM 100FM 100--6 6

(1996, p.GL(1996, p.GL--8)8)

Information Superiority;Information Superiority;

Defensive Information Warfare;Defensive Information Warfare;

Offensive Information WarfareOffensive Information Warfare..

ConceptsConcepts

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

National Information InfrastructureNational Information Infrastructure

Undefined States’ traditional Sovereignty Borders (Transnational Communications Networks);

Difficulties to establish territorial jurisdictional principles;

Emergent need to rethink and redefine NII’s Security and Protection.

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

National Critical Infrastructures: National Critical Infrastructures: Interdependencies ModelInterdependencies Model

STRUTURALSTRUTURALDependency

FUNCTIONALFUNCTIONALDependency

NationalPower Grid

TelecommunicationsNetworks

Transports(ex: Air, Rail, Metro Traffic Control etc.)

Financial System(ex: Banking, Stock Market, ATM, etc.)

Defence(ex: C3I Systems Radars,

Missiles, etc.)

Emergency Services(ex: Fire Department, 911, Law Enforcement., etc.)

Other CriticalInfrastructures

(Government, Health Services, Water supply network, etc.)

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

Risk Acceptance Risk Transference

Risk Management

Countermeasures Adoption

RISCOS

Risk Analysis and Risk Management ModelRisk Analysis and Risk Management Model

Risk Analysis

Resources(Potential Targets) Threats

Vulnerabilities

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

Terrorismo

Extremismo

Chantagem

Manipulaç.

Desinfor.

Destabiliz.

Acidentes

Virus & Co

Ciberataq.

Insiders

Espionagem

Echelon

Energia + TransportesEconomiaFinançasDefesa

Justiça + Forças Polic.

Administ.Interna

NegóciosEstrangeirosPM / Governo

IW IW ThreatsThreats to to StatesStates’’ GovernmentGovernment ……

Adaptado: LTC Gérald Vernez (2004)

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

Threat LevelThreat Level

Fontes: Martin Libicki (1996); Morris (1995)

Information Attack

Disruptive PowerDisruptive PowerProbability X Threat LevelThreat Level

Capabilities Capabilities vsvs

IntentionsIntentions

Important Important vsvs

Strategic Strategic LevelLevel

Information Warfare Information Warfare WeaponsWeapons

can be consideredcan be considered

Weapons of Weapons of ““Mass DisruptionMass Disruption””

Terrorists

Groups of PressureIn

tent

ions

Capabilities

Crackers

Organized Crime

States

HackersAmateurs

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

NationalNational InformationInformation StrategyStrategy

INFORMATION

InformationPolicy

POLITICS

InformationStrategy

STRATEGY

CompetitionArena

ConflictualArena

The The artart and and science science of the of the information information (resource/weapon)(resource/weapon) developmentdevelopment and its and its use with the aim to fulfil the objectives use with the aim to fulfil the objectives defined by National Policy.defined by National Policy.

NATIONAL INFORMATION STRATEGYNATIONAL INFORMATION STRATEGY

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

NationalNational InformationInformation StrategyStrategy:: ScopeScope

Exploration

Protection

Acquisition

Infosphere

Information-BasedConflict

Outras OTHER ACTORSCYBERSPACE

Exploration

Protection

Acquisition

Infosphere

OWN

Source:Canadian Forces Information Manual Operations (1998)

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

NationalNational InformationInformation InfrastructureInfrastructureProtectionProtection:: ConceptualConceptual ModelModel

Defensive Information Warfare / Defensive Information OperationsDefensive Information Warfare / Defensive Information Operations

Critical Information Infrastructure Protection

INFORMATION ASSURANCE

MAJOR CONCERNS:MAJOR CONCERNS:

Availability and Integrity of Information of National interest;

Country’s efficiency in its information processing and exploitation.

Source: Lars Nicander (2001)

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

National Information Strategy:National Information Strategy:Related ActivitiesRelated Activities

National Information Strategy(Information Assurance)

Information Operations National Information Security

Public Diplomacy

Economic Diplomacy

Perception Management

Criminal Activities

Others

Planning, Security and Intelligence

C2W

MilitaryCivilian

Operational Security

Military Deception

Psychological Operations

Electronic Warfare

Physical Destruction

PublicInformation

CIMIC

National Information Infrastructure Protection

Military INFO OPS (Offensive and Defensive)

Civilian INFO OPS (Defensive)

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

NII Protection: Important IssuesNII Protection: Important Issues

ProtectionProtection:: InformationInformation OperationsOperations ((MilitaryMilitary//CivilianCivilian););

DetectionDetection andand ReactionReaction:: NationalNational InformationInformation SecuritySecurity

New Organization/Structure? New Function?New Organization/Structure? New Function?

Critical Information Infrastructures Critical Information Infrastructures Security Standards Security Standards Definition Definition ((Governmental & PrivateGovernmental & Private););

National CERT National CERT (Alert & Report System)(Alert & Report System)

Education &Training ProgramsEducation &Training Programs;;

Security mechanisms andSecurity mechanisms and Critical Information Infrastructures Critical Information Infrastructures redundancy redundancy FinancingFinancing;;

International Cooperation Programs International Cooperation Programs (e.g. ONU, UE, OTAN).(e.g. ONU, UE, OTAN).

Risk Management PhilosophyRisk Management Philosophy: : ProtectionProtection, , DetectionDetection & & ReactionReaction..

11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes

Paradigmatic relationship between Social Paradigmatic relationship between Social development and security (development and security (Information Age Information Age vulnerabilities dynamicsvulnerabilities dynamics))

IW is a IW is a global conceptglobal concept that deeply influences that deeply influences NationNation--StatesStates’’ Policy as well as its Security and Policy as well as its Security and Defense;Defense;

Modern conflicts epicenterModern conflicts epicenter moved to the geomoved to the geo--economics and transnational arenas (economics and transnational arenas (ex:Echelonex:Echelone Carnivore);e Carnivore);

National interests fulfillment requires a clear National interests fulfillment requires a clear definitiondefinition of a of a National Information Strategy.National Information Strategy.

ConclusionsConclusions

Information Age Vulnerabilities and Risks:Information Age Vulnerabilities and Risks:The Emergence of a NationalThe Emergence of a NationalInformation StrategyInformation Strategy

11th 11th InternationalInternational CommandCommand andand ControlControl ResearchResearch andand TechnologyTechnology SymposiumSymposium (11(11ºº ICCRTS)ICCRTS)““COALITION COMMAND AND CONTROL IN THE NETWORKED ERACOALITION COMMAND AND CONTROL IN THE NETWORKED ERA””

Cambridge, UK, 26Cambridge, UK, 26--28 28 SeptemberSeptember 20062006

Prof. António GriloINESC/INOV

Portugalantonio.grilo@inov.pt

LTCol Paulo NunesCINAMIL, Academia Militar

Portugalpfvnunes@net.sapo.pt

Prof. Henrique SantosUniversidade do Minho

Portugalhsantos@dsi.uminho.pt

CENTRO DE INVESTIGAÇÃODA ACADEMIA MILITAR

(CINAMIL)