Information Warfare Theory of Information Warfare

InformationInformationWarfare Warfare

Theory of Information WarfareTheory of Information Warfare

Reading listReading list

This lecture– Denning Chapters 2– Denning, D. E. Stuxnet: What Has Changed? Future Internet

2012, 4, 672-687. (.pdf)

CSCE 727 - Farkas 2

CSCE 727 - Farkas 3

Information Security: “The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional.” (U.S. federal standards)

Information assurance: Information security + defensive information warfare

Information Warfare: Only intentional attacks + offensive operations

Information DominanceInformation Dominance

Information Dominance - a condition that results from the use of offensive and defensive information operations to build a comprehensive knowledge advantage at a time, place, and on decision issues critical to mission success – from the IW Site, http://www.iwar.org.uk/iwar/resources/info-dominance/issue-paper.htm

CSCE 727 - Farkas 4

CSCE 727 - Farkas 5

Information WarfareInformation Warfare

Information resourcesPlayersOffensive operationsDefensive operations

WIN-LOSE NATURE OF OPERATIONS

Way of ThinkingWay of Thinking S. R. Covey: 7 Habits of Highly Effective People Habit 4: Think Win-Win

– Character-based code for human interaction and competition

– Win-lose zero-sum game, competing for limited resources

– Win-win the ultimate winner? How are these direction affecting our (cyber)

future?

CSCE 727 - Farkas 6

CSCE 727 - Farkas 7

Value of ResourcesValue of Resources Exchange value

– Determined by market value– Quantifiable

Operational value– Determined by the benefits that can be derived from using the

resource– May no be quantifiable

May not be the same value for each player (offensive and defensive players)

Actual (before) and potential (after) value Give examples!

CSCE 727 - Farkas 8

PlayersPlayersOffense: motives, means, opportunity

– Insiders, hackers, criminals, corporations, government, terrorists

Defense: protection– Federal Bureau of Investigation– U.S., Secret Service– Department of Treasury– Department of Defense– National Institute of Standards and technology

ROLE OF GOVERNMENT

CSCE 727 - Farkas 9

Offensive Information WarfareOffensive Information Warfare

Target: particular information resources – resources does not need to be owned or managed by the defense

Objective: increase the value of the resource for the offense and decrease it for the defense

Gain: financial, strategic, thrill, etc. Loss (defense): financial, tactical, strategic,

reputation, human loss, etc.

CSCE 727 - Farkas 10

Cost of Information WarfareCost of Information Warfare

Monetary expensePersonal timeRisk of getting caughtPunishmentResources used Measuring cost of cyber attacks


OffenseOffense

Increase availability of resourceDecrease integrity of resourceDecrease availability of resource for

defense


DefenseDefense

Prevent availability of resource for offenseEnsure integrityEnsure availability


Offense: Increased availabilityOffense: Increased availabilityCollection of secret:

– Espionage (illegal) and intelligence (may be legal)

PiracyPenetration (hacking)Superimposition fraudIdentity theft Perception management


Offense: Decrease Availability Offense: Decrease Availability for Defensefor Defense

Physical theftSabotageCensorship


Offense: Decreased IntegrityOffense: Decreased Integrity

TamperingPenetration

– Cover up– Virus, worm, malicious code

Perception management– Fabrication, forgeries, fraud, identity theft,

social engineering


DefenseDefensePrevention: keeps attacks from occurringDeterrence: makes attack unattractiveIndications and warning: recognize attacks

before it occursDetection: recognize attacksEmergency preparedness: capability to

recover from and response to attacksResponse: actions taken after the attack

Playgrounds to BattlegroundsPlaygrounds to Battlegrounds


IW ActivitiesIW Activities

Context of human actions and conflictDomains:

– Play: hackers vs. owners– Crime: perpetrators vs. victims– Individual rights: individuals vs.

individuals/organizations/government– National security: national level activities


PlayPlay

Playing pranksActors: hackers/crackers/phreakersMotivation: challenge, knowledge, thrillCulture: social/educational

– “global networks”– publications– forums

Law


Crime Crime

Intellectual Property Crimes– IT targets: research and development, manufacturing and

marketing plan, customer list, etc.– Attacker: insiders, formal insiders– 1996: Economic Espionage Act (U.S. Congress)

Fraud– Telemarketing scam, identity theft, bank fraud,

telecommunication fraud, computer fraud and abuse

Fighting crime


CrimeCrime

Actors:– Employees– Temp. staff– Vendors– Suppliers– Consultants

Trade secrets Identity theft Law


Individual RightsIndividual Rights

Privacy– Secondary use of information

Free speech– Harmful/disturbing speech– Theft and distribution of intellectual property– Censorship


National SecurityNational Security Foreign Intelligence

– Peace time: protecting national interests Open channels, human spies, electronic surveillance, electronic

hacking (?)

– War time: support military operations– U.S. Intelligence Priorities:

Intelligence supporting military needs during operation Intelligence about hostile countries Intelligence about specific transnational threats

– Central Intelligence Agency (CIA)– Primary targets in U.S.A.: high technology and defense-

related industry


War and Military ConflictWar and Military Conflict

IT support, e.g., sensors, weapons, surveillance, etc.

Psyops and perception managementPhysical weapons (?)Cyber space battle (?) Unmanned devices (?)


Terrorism Terrorism

Traditional:– Intelligence collection– Psyops and perception management

New forms:– Exploitation of computer technologies

Internet propaganda Cyber attacks (electronic mail flooding, DOS, etc.)

Protection of national infrastructure


ProjectProject


Sample ProjectsSample Projects Title: Mobile application security Title: Military Open Source Intelligence Title: Signal Security Title: Social Networking and Cyber Security Title: Peer-to-Peer File Sharing and Fair Use Title: Security for Unmanned Systems Title: (Semantic) Web Security Title: Electronic Distribution of Copyrighted Materials via Peer-to-

Peer Anonymous Networks Title: Echelon Title: Deception Detection Data Origin Authentication Title: Surveillance System and Legal Evidence

Documents

Information Warfare Theory of Information Warfare